Add better reference to IANA list of all extensions.
Add newer "channel_id" extension (0x7550) as used by current Chrome versions.
Change-Id: Ia5b2515c557fbaf42d320ede918120f83b2e02dd
Reviewed-on: https://code.wireshark.org/review/1924
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I959729a8834054cf333ec2c47f9d93756eb94066
Reviewed-on: https://code.wireshark.org/review/1922
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I16e6fd4f2d9fb37539cfcb17c0ade1033aea2d6f
Reviewed-on: https://code.wireshark.org/review/1921
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
at first, read only the info required to fetch the conversation struct
Change-Id: I3becbb59bf6a55f07805ca9f3c24f015484fcd13
Reviewed-on: https://code.wireshark.org/review/1920
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
In the EIGRP packet dissector, the dissector routine for the Sequence TLV
dissected the TLV only up to the first address in the list. However, the
Sequence TLV contains a variably sized list of addresses. This patch
modifies the routine so that it processes the entire TLV, not just the
first address in the contained list.
Also, in the dissect_eigrp(), replaced calls to tvb_new_subset() with
the reported length set to -1 with the call to tvb_new_subset_length().
TLVs always carry information about their length. And this time,
correct truly ALL calls in the switch{} section.
Sample packet capture is available in BugZilla.
Bug: 10156
Change-Id: Idaaf182c05bcf799f770f23a2ce2b1e05a3d569a
Reviewed-on: https://code.wireshark.org/review/1911
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I8de7b63ca90803f8fc6333bbe43aeb94459e6363
Reviewed-on: https://code.wireshark.org/review/1918
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I796138bab6d4b75ade047f0706e68f301e4559df
Reviewed-on: https://code.wireshark.org/review/1919
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
While we're at it, get rid of duplicate #defines for some OUIs, sort the
OUI #defines, and fix some routine names.
Change-Id: I8f4e5408b44896c3629a0014299b060ebc15bab6
Reviewed-on: https://code.wireshark.org/review/1906
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Decode the HTTP/2 header block using nghttp2 HPACK decoder
In this patch, We use nghttp2 HPACK decoder to decompress HTTP/2 header
block. To make HPACK decompressor work, we need to track down HTTP/2
connection from the beginning. If we see the HTTP/2 magic (connection
preface), we initialize HPACK decompressor objects. We actually use 2
HPACK decompressor for both client and server. HPACK decompressor
objects are stored in hash tables using TCP stream index as a key.
Most code by: Tatsuhiro Tsujikawa
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Signed-off-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Idb4dd4b0a200924820cb0b34db664cc37518168d
Reviewed-on: https://code.wireshark.org/review/1527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
in the linkage descriptor
Change-Id: I7ebca539076b2b881e82fd6baec5bb223e778a52
Reviewed-on: https://code.wireshark.org/review/1896
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I3381e1c35795ac33331cdddb8cefa8b0a16907cc
Reviewed-on: https://code.wireshark.org/review/1894
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Add a dissector table for the 802.3 "slow protocols" subtype, split the
dissectors for those protocols into separate files, and have them
register in that dissector table.
Remove some unnecessary #includes while we're at it.
Change-Id: Ic36c9c255efdd348055fa4f21fd6cc094f74e378
Reviewed-on: https://code.wireshark.org/review/1891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I27656eacb698f8db7bfbe4f5502658c78b03fc13
Reviewed-on: https://code.wireshark.org/review/1890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ief46b7b53ddecd649e54d3c23a3504c4165c812f
Reviewed-on: https://code.wireshark.org/review/1855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I007ff5215f52f80f25622cab6980128eabd39c5f
Reviewed-on: https://code.wireshark.org/review/1888
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I18c2b7992b237eaaacbec04d504fc293b03558a3
Reviewed-on: https://code.wireshark.org/review/1887
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Icccc07706287df4b6a7481108f9921b939aae2d5
Reviewed-on: https://code.wireshark.org/review/1886
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I19b163913f8f6521a34d94d130e2ae74546a615a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1821
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I95ad8cb5857794608f0f8db5c2dfd4b16e6578d5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1820
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The MN interprets the CMD layer data only if the CN increments
the Send-Sequence-Counter => new data. The MN interprets the
data only once, if the same frame is sent again the MN ignores
the data.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.3.2.3 Error: Duplication of Frame
Frames which duplicate previous sent data are now marked as
duplicated frames.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ef24b52712bfd3c735856b0cd5747c47aeef72a
Reviewed-on: https://code.wireshark.org/review/992
Reviewed-by: Evan Huus <eapache@gmail.com>
Puts a tag in the info column when multiple MAUSB packets are in a
single TCP packet.
Change-Id: Ib20e5e30474d93270dd24e203ab96f64f5cc77ad
Reviewed-on: https://code.wireshark.org/review/1658
Reviewed-by: Sean Onufer Stalley <sean.stalley@intel.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
packet-btavdtp.c: In function 'dissect_bta2dp':
packet-btavdtp.c:2796:36: error: 'sep_data.vendor_codec' may be used uninitialized in this function [-Werror=maybe-uninitialized]
packet-btavdtp.c:2799:12: error: 'sep_data.vendor_id' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Change-Id: I5b9e22e7ec787430ee25d2cd7dbe13f854f9eaa2
Reviewed-on: https://code.wireshark.org/review/1884
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Session should be finished too on HCI Disconnect and Adapter disappear.
Change-Id: I0823872e60ec932fc0831975e54dc33d49fb5dbc
Reviewed-on: https://code.wireshark.org/review/1882
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also add Service informations to Info column and service item.
Change-Id: I0a565df94d7980432c524bd675b291f0e80704e5
Reviewed-on: https://code.wireshark.org/review/1881
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fix warnings and try to inform user about unknown values in
"Decode As".
Also use define instead of magic number for Unknown L2CAP CIDs.
Change-Id: Ie6f26a9e3330b84cef14bbf8861ffbdbdb789225
Reviewed-on: https://code.wireshark.org/review/1880
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Example: if there is Connection Request than field with CID always
is called SCID. If we Sent this packet, it is okay, but if we Receive
it, then it is not SCID for us, but DCID. If we receive
Connection Request (DCID) and than we want to make disconnection,
so we send Disconnection Request with DCID that is SCID in
Connection Request... etc.
I try to clarify this, so rename stored SCID to Local CID
and DCID to Remote CID.
Change-Id: Idde0939a03955d8f4a10d8c9f7c43fd364254460
Reviewed-on: https://code.wireshark.org/review/1879
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
To correctly resolve connections single "ID" value
like L2CAP PSM, is not enough, because next connection may use
the same PSM value. Solution is save frame number of frame that
make disconnection.
Conclusion:
Any session key values should be updated to pair:
{ID_1, disconnect_in_frame}, {ID_2, disconnect_in_frame}...
then we should check if "disconnect_in_frame" is greater then
current frame number, otherwise it is not valid session.
Change-Id: I3d760112b6e53358a93c994f4aae455ac1bf5de6
Reviewed-on: https://code.wireshark.org/review/1878
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The Stream is defined here as media stream that beginning on
AVDTP Start (ResponseAccept).
Also fix recognizing Channel streams by AVDTP according to the
specification that says:
1. First channel is always Signaling.
2. Second may be Media.
3. Third may be Reporting.
4. Fourth may be Recovery.
First and second will be supported right now.
Change-Id: Id6d4dae6be1b9df68382288c2d520b7ed3661237
Reviewed-on: https://code.wireshark.org/review/1053
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Music duration info can be used to detect underflow, what can
decrease music quality.
Change-Id: I8ea06655395d3e66473a09ee72b6833b894aa6e1
Reviewed-on: https://code.wireshark.org/review/1052
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
description
Change-Id: Ice06e257a72f3b4ce1229ff90129628f0e3bbcfb
Reviewed-on: https://code.wireshark.org/review/1873
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
For a number of protocols that encapsulate 802.11 frames inside packets,
whether the frame includes an FCS or not is specified by the protocol,
not by whether the link-layer frame carrying the packets *itself*
includes an FCS. As we've done with Ethernet, add "_withfcs" and
"_withoutfcs" dissectors, which *don't* check the pseudo-header FCS
length indication, and call those, rather than dissectors that check the
pseudo-header length indication, from the dissectors for those protocols.
Change-Id: Ib8c8ecdd872e1782fdfc66e7573415d91911a62e
Reviewed-on: https://code.wireshark.org/review/1866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8e20917ac08e2349caf330ee967d24d7c738bb71
Reviewed-on: https://code.wireshark.org/review/1815
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaddd3c4847e803af855c847212ae822b2529ff06
Reviewed-on: https://code.wireshark.org/review/1860
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
filtering work, fix typos
Change-Id: I7ed989807826d1322dab00d13d998488caaf73ff
Reviewed-on: https://code.wireshark.org/review/1859
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If8d35122ce096f52837bdff1c6599b47456697d5
Reviewed-on: https://code.wireshark.org/review/1858
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8e442dff85ef856672f42e787feb88453eba6f0e
Reviewed-on: https://code.wireshark.org/review/1857
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch will solve the issue in LOOKUP procedure if filename itself will become <EMPTY>.
Change-Id: Ib983ac4f9325db040a6b4eb3fc63179b36103bf4
Reported-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Signed-off-by: Vikhyat Umrao <vumrao@redhat.com>
Reviewed-on: https://code.wireshark.org/review/1854
Reviewed-by: Michael Mann <mmann78@netscape.net>
as remove redundant stuff from the spnego.cnf file.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: I90a962a39dc4da0f13055c9b3893c26044f1fc97
Reviewed-on: https://code.wireshark.org/review/1809
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifbfca88469a6bc479072c921deba280e667c7087
Reviewed-on: https://code.wireshark.org/review/1804
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also remove the reference to the original ID.
Change-Id: I51357fc04699a40af2d34ec2bd36518d09d3b180
Reviewed-on: https://code.wireshark.org/review/1848
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
Change-Id: Ia69cbe9fea364c735bde956d84a82404b46ec236
Reviewed-on: https://code.wireshark.org/review/1810
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9e37c911865a0e3b13331ec03df05d79749904c5
Reviewed-on: https://code.wireshark.org/review/1811
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie111c4db4afd0702f5a016da1547486631f571d8
Reviewed-on: https://code.wireshark.org/review/1818
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I927a2f32aa0016b5b0c476fa4c16fc1dbe0aebb0
Reviewed-on: https://code.wireshark.org/review/1825
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I034b351d4bc12f6c00a0224a5c5b9f85496657b6
Reviewed-on: https://code.wireshark.org/review/1824
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8464fb8e98e485523127dd95948a717554b6aee4
Reviewed-on: https://code.wireshark.org/review/1823
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I301d0804e097c62cd8bf7b27003918eedab9616a
Reviewed-on: https://code.wireshark.org/review/1816
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: Id3c3082fe91a79e44abbfd4e2b2f1fc7d5c183d4
Reviewed-on: https://code.wireshark.org/review/1814
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ibd4edd30eca969699fea1971e1885299e4d3e552
Reviewed-on: https://code.wireshark.org/review/1813
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Strndup adds +1 for the null-terminator itself, no need to do it in the caller.
This was causing us to go past the end of the buffer when the HTTP header line
didn't have any spaces in it. Caught by Alexis using ASAN.
Bug:10135
Change-Id: Iee1b26da4740b774581ca6ec784ee40f7b920832
Reviewed-on: https://code.wireshark.org/review/1806
Reviewed-by: Evan Huus <eapache@gmail.com>
In Anders profile output[1] is looks like that get_ether_name() is called
four times, twice for src and dst. get_ether_name() takes ~2% of Ir, so
caching result should reduce Ir count by 1%.
Similar thing was already done for UDP and TCP - 5235dc6ca0
[1] http://www.wireshark.org/lists/wireshark-dev/201405/msg00063.html
Change-Id: I9ca582b0522387dbfaad866a48a0934693a2849f
Reviewed-on: https://code.wireshark.org/review/1808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
<rant>
This file is riddled with lots of magical flags causing the code to do
one thing or another, and then in several cases with non-telling variable
names (e.g. is_centrino). My absolute favourite is
dissect_ieee80211_common (tvb, pinfo, tree, FALSE,
pinfo->pseudo_header->ieee_802_11.fcs_len, FALSE, FALSE, FALSE, FALSE);
Is there anyone who is able to understand what the line above does without
looking up the function definition?
</rant>
Change-Id: Id49cc0a2992005c28f66a8558e4b2970b677a360
Reviewed-on: https://code.wireshark.org/review/1805
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Much simpler and should probably fix bug 10121.
Also add modelines.
Bug:10121
Change-Id: Ib92977e734ebe1b8529c7b6b41fbd81eac13b186
Reviewed-on: https://code.wireshark.org/review/1758
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
All caught by cppcheck. The two (semi)-interesting bugs are:
- in asn1/atn-cpdlc/packet-atn-cpdlc-template.c where the break statement should
have been inside the brace, causing potential control-flow weirdness with
exceptions
- in epan/dissectors/packet-ieee80211.c where the bounds check for tag_len did
not match the expert info given
Change-Id: Ie173fb8d917aabb9b4571435d671d6f16e1c7569
Reviewed-on: https://code.wireshark.org/review/1793
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
While we are at it, replace an undefined hf_timeslot_allocation_usf_tn by its hf_usf equivalent
Bug: 10120
Change-Id: I3fe113279c779a9d8143d07489747a67d7351664
Reviewed-on: https://code.wireshark.org/review/1794
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add a dissector for pcap-ng file-type-specific blocks; it creates a
dissector table using the block type as the key, attempts to call the
appropriate dissector using that table, and does a minimal dissection if
that fails.
Change-Id: I67e139f06ba88d40faa5b4ab169e8df08f5bfe7b
Reviewed-on: https://code.wireshark.org/review/1784
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a dissector table indexed by the file type, and, for the
file-type-specific records, have the frame dissector skip the usual
pseudo-header processing, as the pseudo-header has a file-type-specific
record subtype in it, and call the dissector for that file type's
records.
Change-Id: Ibe97cf6340ffb0dabc08f355891bc346391b91f9
Reviewed-on: https://code.wireshark.org/review/1782
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixed valid bit check for MAUSB EPHandleResp packet. the valid bit
is active low (ie: valid = 0, invalid = 1).
I noticed Some other dissectors also defined an tfs_invalid_valid,
so got rid of their local definitions & added it to epan/tfs.c.
Change-Id: Ifd78325f9c7c046224073fc9b29e0cc60dc5c286
Reviewed-on: https://code.wireshark.org/review/1766
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is a "good-enough" fix for now until a more comprehensive fix
is committed to handle the case of the (variable size) PDU
length field being split across TCPO segments.
Change-Id: I57e8f5e9d7a9855fac320e8843b82a273ffb7cc5
Reviewed-on: https://code.wireshark.org/review/1748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
If an mp2t packet contains one full subpacket and the fragment of
another one, it happens that the first subpacket will set src or dst to
an ethernet or IP address. Adding the fragment of the second subpacket
will then use this information for calculating the hash in the fragment
table. However, later fragments in other mp2t packets will not have
these info and reassembly will fail.
Change-Id: Ic52763017cb854851b6686654c2d8a1624305d65
Reviewed-on: https://code.wireshark.org/review/1692
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If085a9fc69bbbf28a7c801930a664c412a4a5b7a
Reviewed-on: https://code.wireshark.org/review/1734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Either
1) sizeof(guintN) = N/8, in which case it's redundant
or
2) sizeof(guintN) != N/8, in which case it's wrong.
This also keeps us from having to throw casts at complaints about
shortening 64-bit values.
Change-Id: I33911acfc54c0f3f21b73026a100a82b1ee2c35e
Reviewed-on: https://code.wireshark.org/review/1731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I411b16cdb3bc128cb49218080179c43e13f96e99
Reviewed-on: https://code.wireshark.org/review/1723
Reviewed-by: Michael Mann <mmann78@netscape.net>
According EN300468 in Satellite Delivery Descriptor 'Modulation System' field has 1 bit length. 'Modulation Type' has 2 bits length.
But in my Wireshark 'Modulation System' is 2 bit long and 'Modulation Type' is 1 bit long.
bug: 10119
Change-Id: I762145418bbfc9c0621ee7ca1a07d35afb6d7d92
Reviewed-on: https://code.wireshark.org/review/1718
Reviewed-by: Michael Mann <mmann78@netscape.net>
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0e8595ab5cf5385a7fda636a1804b0788f9eb869
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/1707
Reviewed-by: Michael Mann <mmann78@netscape.net>
There was a change in the ELP LCAF packet format between
draft-ietf-lisp-lcaf revisions -03 and -04 reversing the flags and AFI
fields, to be more consistent with other LCAF types.
http://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-lisp-lcaf-04.txt
Change-Id: I2c572050f413696f2d388969e7db24238783bd56
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/1704
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Display reserved using FT_BYTES
* Set option code in option subtree
Change-Id: Ie6cf32ed260ddccceaa9f617f0a74982c95f08f5
Reviewed-on: https://code.wireshark.org/review/1698
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removes _U_ flag for data field in dissect_mausb(),
since tcp_dissect_pdus(), uses the data field.
Change-Id: Iccb5aae1aa203f98484666763410c4a555413ac0
Reviewed-on: https://code.wireshark.org/review/1696
Reviewed-by: Anders Broman <a.broman58@gmail.com>
set, don't do the same conversion for each apdu
Change-Id: I6b19a0b4e138cd9d333b7ab95d6a8ee3eb516293
Reviewed-on: https://code.wireshark.org/review/1694
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
and make it filterable
Change-Id: I0644e5c69ff58301c00ea3d37e80f25b856168e4
Reviewed-on: https://code.wireshark.org/review/1689
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
There are lot of text dissectors which want just to add escaped (not filtrable) text,
add new function proto_tree_add_format_text() which just do this in optimized way.
Change-Id: Ia0e189b620cc0a5b74cfdaef1ad4571d766bb2ab
Reviewed-on: https://code.wireshark.org/review/1678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch adds a new "ip.checksum_calculated" field that can be used
for display in a column.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Ide5eb6640d51ded88b1df309092a0a3aaf482b03
Reviewed-on: https://code.wireshark.org/review/1676
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This patch adds a new "udp.checksum_calculated" field that can be used
for display in a column or tshark.
Based on d7c4bde279 ("tcp: display
calculated checksum").
Change-Id: Iefcfd8395adeff7a3ac58a1bfff1a3c97976aa56
Reviewed-on: https://code.wireshark.org/review/1675
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9bf53014d90857b7d71efbb09b5ceb708b3df6ca
Reviewed-on: https://code.wireshark.org/review/1683
Reviewed-by: Michael Mann <mmann78@netscape.net>
destination ports.
Change-Id: I490a716b7991d0d7dfcaecd722a267c77af2e776
Reviewed-on: https://code.wireshark.org/review/1682
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We have callgrind benchmarks which shows that col_add_fstr() takes
5% of Ir count cause of formatting done in g_vsnprintf().
New col_add_lstr() can be used in few dissectors without much ugliness,
and it should be a little faster.
Change-Id: Ifddd951063dfd3a27c2a7da4dafce9b242c0472c
Reviewed-on: https://code.wireshark.org/review/1629
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed the additional "parseFields" layer as it was unnecessary and IMO ends up creating more work for a developer if they want to add additional filterable fields. That layer also hid the (large) number of unfilterable fields that were in the dissector that would normally be caught by counting the number of proto_tree_add_text function calls.
Change-Id: I6f9607938c2386de40bdd3dae652614f07dda31e
Reviewed-on: https://code.wireshark.org/review/1653
Reviewed-by: Peter Ross <peter.ross@rmit.edu.au>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use wmem_array_append rather than wmem_array_append_one to make sure the pointer
types match up. _append_one automatically takes the address of its argument,
which causes problems if that argument is already a pointer.
Thanks to Alexis for catching this.
Change-Id: Ie702bb2c776f9fcf31bd64073c756edd75d888e8
Reviewed-on: https://code.wireshark.org/review/1657
Reviewed-by: Michael Mann <mmann78@netscape.net>
With this patch, wireshark dissects the Feature-List flags field in Gx message
and displays the name and value of each of Feature bit.
Change-Id: I18af8a133ae7db4da5a126a81521c474d1553719
Reference: 3GPP TS 29.212 V11.7.0, Section 5.4.1.
Reviewed-on: https://code.wireshark.org/review/1652
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Introduce a new tvb_ipxnet_to_string() routine to help that.
Change-Id: Icb27f7cdd6e6e7de67e765715e450063d7de6072
Reviewed-on: https://code.wireshark.org/review/1647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While debugging a network issue, I found incorrect TCP checksums. These
are shown in the packet details, but are not available as column. This
patch adds the "tcp.checksum_calculated" field which is only available
if a checksum can be calculated (i.e., checksumming is enabled and the
full segment is available).
The fields are added separately for each checksum case to make it appear
before "Checksum Bad/Good" and to avoid calculating the expected field
value for the "good" cases.
Change-Id: I36af7894d526382ef636c5fa51e74871212b2909
Reviewed-on: https://code.wireshark.org/review/1627
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Additional belated followup to gfe195c0c9 per conversation on -dev about the use
of -1 and when we should throw exceptions. See also g867a1827e7.
Should (in theory) permit reverting gfe195c0c9.
Bug:9999
Bug:10030
Change-Id: I56e5f4e5dc12fe82268243d0b113cfc9ff5fdd17
Reviewed-on: https://code.wireshark.org/review/1603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Add bitmask and fix length for exclusive flag
* Add missing bitmask for stream dependency
* Add fielder with calcultated weight value (weight+1, see spec for more information)
Change-Id: I7a6e97be068a80caa7355f593d9497c431c681ed
Reviewed-on: https://code.wireshark.org/review/1625
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for dissecting Media Agnostic USB EPHandleDelete
Req & Resp packets.
Change-Id: I225a38291c3f47065755c01b336ef75c719e5d58
Reviewed-on: https://code.wireshark.org/review/1546
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This doesn't appears to be "autogenerated", and it certainly isn't the biggest dissector even after the merge. This avoid file pollution, makes less non-static variables/functions and makes the check* scripts job easier.
Change-Id: If94857e4a3e602c3d45201b1aebbf466ba3e1dd1
Reviewed-on: https://code.wireshark.org/review/1597
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
When printing the protocol list item (which happens for every packet when using
tshark -T) the resulting string is almost guaranteed to be longer than the
default 16 characters. By allocating a bigger buffer right away we avoid some
potentially-expensive reallocs as the string grows.
Change-Id: Iaa35840f66975f03d8f92bbea26979df48bbc887
Reviewed-on: https://code.wireshark.org/review/1601
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id2ed7b7786705ad5fa345b0d1904cec508d3161e
Reviewed-on: https://code.wireshark.org/review/1552
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Interface-ID SHOULD be considered an opaque value, with policies
based on exact match only; that is, the Interface-ID SHOULD NOT be
internally parsed by the server.
This reverts the "Cable Lab specific" functionality added in SVN rev 32928, git rev a541950ca8.
bug:9877
Change-Id: Id4a8cbd01ab3cd6d5a0a44aa2066ea395190f51a
Reviewed-on: https://code.wireshark.org/review/1579
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Described in:
Robertson, W., and Ross, P., Extending the Wireshark Network Protocol Analyser
to Decode Link 16 Tactical Data Link Messages, Defence Science and Technology
Organisation, January 2014. DSTO-TN-1257.
Change-Id: Ie4b1228ef112e56b3ab975d0c9254fa468b90cc2
Reviewed-on: https://code.wireshark.org/review/1551
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes uninitialized read in fuzzed capture.
While I'm there, reorder the fields to reduce alignment-padding and shrink the
size of the sep_entry_t struct slightly.
Bug:10095
Change-Id: I3ace279e97874dbcfeb36f947c4c3428bd83e490
Reviewed-on: https://code.wireshark.org/review/1574
Reviewed-by: Evan Huus <eapache@gmail.com>
actual dissection still TODO
Change-Id: I58e54ca117a9ccd5d6af34d18f9277afd009aa95
Reviewed-on: https://code.wireshark.org/review/1547
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ife125be2c5043cc6cc1b879714671d9973c8214b
Reviewed-on: https://code.wireshark.org/review/1549
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Error out if someone passes the address of a pointer to a *_string to
VALS() or RVALS()."
Change-Id: I1b5b9bbf512f8fdfaab5febea28db2c51d49c48c
Reviewed-on: https://code.wireshark.org/review/1544
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a followup to Ifc8d6895cc33ad1f00386a3e59926322bd501125; the MQ sample
captures I have don't seg-fault on this but the code was stillw wrong.
Change-Id: Ic689c06836b823a15217281d67b33580fd8e9823
Reviewed-on: https://code.wireshark.org/review/1539
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
There appear to be a couple of bugs in the flow control of this function (which
is very confusing), at least one of which is leading to a buffer overrun. See
the bug comments for more details and guesses of what the correct thing to do
is.
Bug:9579
Change-Id: Ibd3077792c7689a715ea53e8bf8c7a561c67389f
Reviewed-on: https://code.wireshark.org/review/1530
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
MAUSB Packets should always be sent in DWORDs. This means that the
only valid values for the length field are multiples of 4.
This patch adds an expert info check to flag length fields that are
multiples of 4.
Change-Id: Ifb793f82aed4c9fb09a12f6ea97087733b58d14a
Reviewed-on: https://code.wireshark.org/review/1536
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Some new error values, some message types that have been "undocumented" as
internal-only, etc.
Change-Id: Iff15dd67b188c9e2745964d4916b22e0bea4243d
Reviewed-on: https://code.wireshark.org/review/1533
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Based on Icfe1e5477043dd695fd9b02b677ef29ac3fa8866 but rebased and simplified.
Change-Id: I9b7266e2fdcb58f38115250d785637cd585c69e0
Reviewed-on: https://code.wireshark.org/review/1532
Reviewed-by: Evan Huus <eapache@gmail.com>
(1) Display sequence numbers in both decimal and hex
(2) Fix an inconsistency in field naming between LBT-RU and LBT-RM.
bug:9718
Change-Id: I967062d6aa00ea9a3db51db94e56d37e68e642d3
Reviewed-on: https://code.wireshark.org/review/1531
Reviewed-by: Evan Huus <eapache@gmail.com>
packet-mysql.c(1446) : warning C4244: 'function' : conversion from 'guint64' to 'gint', possible loss of data
Change-Id: Ie0b2e916e0d15287f5a3ededc404b678b45600d8
Reviewed-on: https://code.wireshark.org/review/1525
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Just started on this, more changes incoming
Change-Id: Idc88442f382cea1f29f05edb991b920488cfc113
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/1502
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The formatting routine is quite simple so it can be replaced with
g_stpcpy() and still keeping it clean.
Change-Id: Ifbab1dc1140ee271d39bbbfb7586cfda6ded5c54
Reviewed-on: https://code.wireshark.org/review/1517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Masks for padding now have an additional parenthesis to ensure
proper operator precedence.
Per the request of Evan Huus; See comment in Change-Id:
I3ad4e1beb891f9c2835adff320095e7e738241eb, Patch Set 10.
Change-Id: Ic8878f870b58cd272675b4d6c3658a029bb67984
Reviewed-on: https://code.wireshark.org/review/1519
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
for Proxy Mobile IPv6) MIP6 Mobile Option
Change-Id: I650cb33fcf083bd8826a702cb975295518012292
Reviewed-on: https://code.wireshark.org/review/1511
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
so give it a name
Change-Id: Iaf9a6f8cb58a565673f53696f7e5d1698e6eae0f
Reviewed-on: https://code.wireshark.org/review/1509
Reviewed-by: Evan Huus <eapache@gmail.com>
Dissection of OXM_OF_IPV6_ND_SLL triggers "malformed packet" comment in packet list since it makes dissecting of further OXM fields impossible.
It is possible that similar issue will be with OXM_OF_IPV6_ND_TLL since its dissecting is basically the same.
Issue found by Viktor
Closed-bug:10011
Change-Id: I21b85cc0572ffdb8bb8b73cfae0db1d72219fe4b
Reviewed-on: https://code.wireshark.org/review/1505
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissection of OXM_OF_IPV6_ND_SLL triggers "malformed packet" comment in packet list since it makes dissecting of further OXM fields impossible.
It is possible that similar issue will be with OXM_OF_IPV6_ND_TLL since its dissecting is basically the same.
Issue found by Viktor
Closed-bug:10011
Change-Id: I13893710ad4028669e454c6f8485f719b62bcaab
Reviewed-on: https://code.wireshark.org/review/1504
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The struct literal syntax {0} does not appear to be universally supported - use
memset instead.
Change-Id: If70d475cf3d7a582c43dcc879cefebc9aef0a99e
Reviewed-on: https://code.wireshark.org/review/1508
Reviewed-by: Evan Huus <eapache@gmail.com>
Also, show the packet length part of the encrypted packet. The length may
be encrypted (typical) or not (-etm modes and GCM mode). When not
encrypted, show as a number.
Bug:10066
Change-Id: I8c3a943b1b527b326b662e71f07ac6157684d5d9
Reviewed-on: https://code.wireshark.org/review/1462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
This dissector dissects MA USB Packets. It is capable of dissecting
Media Agnostic packets both in a TCP stream as well as packets sent
over SNAP (referred to in spec as "Raw Ethernet" mode).
Change-Id: I3ad4e1beb891f9c2835adff320095e7e738241eb
Signed-off-by: Sean O. Stalley <sean.stalley@intel.com>
Reviewed-on: https://code.wireshark.org/review/1252
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
error: assignment discards 'const' qualifier from pointer target type [-Werror]
also add the missing definition of hf_mac_lte_bsr_size_median
Change-Id: I31e172a16b4afd59ba8cf5a9b281bbeaf15b6c56
Reviewed-on: https://code.wireshark.org/review/1492
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
bug:9718
Change-Id: I05330d8a2475ad0d238723d444f3d98bdbd7be39
Reviewed-on: https://code.wireshark.org/review/1041
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie1af436b763ec762a41af0bdfc1f3ec6adea2bc1
Reviewed-on: https://code.wireshark.org/review/1486
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Fix indent (use tabs)
* Use VDP function for end VTPDU
Change-Id: I93216ac5b304dc3ba78cbe830e5d12589c138eb5
Reviewed-on: https://code.wireshark.org/review/1472
Reviewed-by: Evan Huus <eapache@gmail.com>
Also add modeline info and use _U_ only when it is needed (for pinfo)
Change-Id: I71349d6451e1d8304fad04781e5ee226a1a4c729
Reviewed-on: https://code.wireshark.org/review/1466
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLV is 1 octet long, and only MSB holds info with 7 unused bits
Change-Id: Ic1f5ce1b774bb7439cd2a23bc9bfb44f7dc25888
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Reviewed-on: https://code.wireshark.org/review/1450
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ie5c536a6977e35acc12222af3c48d29740cd57f2
Closed-bug:9941
Reviewed-on: https://code.wireshark.org/review/1440
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-teamspeak2.c:456:21: warning: Access to field 'fragmented' results in a dereference of a null pointer (loaded from variable 'frag')
Change-Id: Ie253991f8d664c4594254bcd4569883614aafe2f
Reviewed-on: https://code.wireshark.org/review/1455
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The GlusterD Management protocol has been updated to version 3. All procedures are implemented with this change.
This change also takes care of converting values passed in a dictionary
to real and displayable GUIDs.
Change-Id: I93808eda393745aa9ab3b986a6b7997f6f80df50
Reported-by: Vikhyat Umrao <vumrao@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/1411
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
packet-ipsec.c:1905: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: Ic293e6b297f8f52aef7a102ab5ca0e0e98b9d7a7
Reviewed-on: https://code.wireshark.org/review/1436
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissector).
Also, speed up ESP decryption in several ways:
- store gcrypt_cipher_hd in the SA struct, rather than continually
open, setkey and close for each PDU
- don't convert the key string from ascii to hex each time - do it upon
during update callback and keep
- do the decryption in-place, avoiding the need to allocate, memcpy and
free a separate buffer for encrypted data
- when matching addresses, avoid doing a strlen until after we check
whether or not we're matching against "*"
Change-Id: Ibb66663ec21326351abc761be78a0d57f7797fa5
Reviewed-on: https://code.wireshark.org/review/1421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
