Third batch (packet-icmpv6.c -> packet-mac-lte.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Ib91e36ad200db01c3000605f6a7a21125b96a640
Reviewed-on: https://code.wireshark.org/review/6018
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I5a14875b4b61ae7635095bdf9f2ab18dd9dbfc09
Reviewed-on: https://code.wireshark.org/review/6012
Reviewed-by: Michael Mann <mmann78@netscape.net>
Second batch (packet-eth.c -> packet-icmpv6.d).
Will look at cleaning up and committing script afterwards.
Change-Id: I14295758b81a59115d8c88899f166cc3d5d17594
Reviewed-on: https://code.wireshark.org/review/6013
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The Flags field within RSVP RECORD_ROUTE IPv4_Subobject is decoded incorrectly.
Wireshark thinks that 0x10 bit represents Node-ID, but actually the Node-ID is encoded by bit 0x20 (per RFC 4561)
Issue reported by Alexander Okonnikov
Bug:10799
Change-Id: I48f6aa35c08945aacf8f2bb871a72b5927511948
Reviewed-on: https://code.wireshark.org/review/5944
Reviewed-by: Anders Broman <a.broman58@gmail.com>
provide their own popcount().
Change-Id: Ic26f3b50cf0bd2b4af0d42e9c27488ebbac1ab33
Reviewed-on: https://code.wireshark.org/review/5998
Petri-Dish: Stephen Fisher <sfisher@sdf.org>
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
Various floating-point math functions require <math.h>, and abs()
requires <stdlib.h>.
Change-Id: I6831cfdb17eac3ce129b6800f0fe82fbcfef2d28
Reviewed-on: https://code.wireshark.org/review/6002
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Various floating-point math functions require <math.h>, and abs()
requires <stdlib.h>.
Change-Id: Iadba9e0d7168bba6e67d9221e757a85960507742
Reviewed-on: https://code.wireshark.org/review/5999
Reviewed-by: Guy Harris <guy@alum.mit.edu>
warnings on NetBSD.
Change-Id: Id1ab5020fa53656065b0b2438071342eae4f7adb
Reviewed-on: https://code.wireshark.org/review/5987
Petri-Dish: Stephen Fisher <sfisher@sdf.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
... and don't call THROW() from a dissector
If we have a guint32 a and interpret 2*a as gint, we'll always end up
with a negative value if 2*a overflows. Both tvb_get_string_enc() and
proto_tree_add_item() handle this case and throw an exception.
Change-Id: Ibb142328837b6a583057531c76d08631fc731848
Reviewed-on: https://code.wireshark.org/review/5948
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
AppleTalk addresses are 3 bytes long and stored in AARP packets as 4 bytes.
The high byte should be 0, followed by 2-byte network number, followed by
1-byte node number.
The previous code was assuming that the high two bytes were the network number,
followed by the 1-byte node number, followed by 0.
Change-Id: I467ec6edac353796db0b96fbac65658d5c5491d3
Reviewed-on: https://code.wireshark.org/review/5968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
("Can't happen", but that requires more dataflow analysis than some
compilers do.)
Change-Id: I5c6acbff64ea88f9b43d5580522bc144465dc9ac
Reviewed-on: https://code.wireshark.org/review/5972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check it for sanity (and report errors), and use it to set the length of
the PTP packet tvbuff and the PTP top-level protocol item.
Bug: 10611
Change-Id: I9af6aad5f07d405ebb14885dc986a73e430d7bdb
Reviewed-on: https://code.wireshark.org/review/5967
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 10611
Change-Id: I735085edf5c0d2a66c30c940c4b780a2ce8db6d4
Reviewed-on: https://code.wireshark.org/review/5964
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Along the lines of provious changes.)
Change-Id: I22d76f22400d4a93242392ff4688acc753eb0039
Reviewed-on: https://code.wireshark.org/review/5961
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We're adding it with proto_tree_add_ipv4(), so that it's displayed as,
and can be tested as, an IPv4 address. That means that the field for it
must be of type FT_IPv4, *even though it's calculated from an 8-bit
prefix value* - you can't make it an FT_UINT8.
Change-Id: I7d668fb2a707cdda4ad228afcbdcaf47ee6cba1b
Reviewed-on: https://code.wireshark.org/review/5960
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give the field name in the message.
Change-Id: I046c74b451b473c9c87c2980122b025390f82cc8
Reviewed-on: https://code.wireshark.org/review/5959
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code works if they're defined afterwards, but defining them earlier
makes it a bit clearer that they're helper macros used as components of
the macros we're exporting.
Change-Id: I326894eea67d2db43fedf4567699cd9eaaa0e004
Reviewed-on: https://code.wireshark.org/review/5956
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use find_heur_dissector_list() to find the "netbios" heuristic dissector
list, rather than using code from packet-netbios.c.
Change-Id: Ieeab58d7c6eb32491b026b242c687bd18c4d5cdb
Reviewed-on: https://code.wireshark.org/review/5955
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise it will trigger an assert
Fixes a regression introduced in gf002332
Change-Id: I0cffa2c952b7eff085a1834ebabfec03342095bd
Reviewed-on: https://code.wireshark.org/review/5950
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ie06738d99851b35e53effb50b2c109ce50e9c6df
Reviewed-on: https://code.wireshark.org/review/5949
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8cce9fddbfe950e27e96ea8a5a6d2e0921ff4260
Reviewed-on: https://code.wireshark.org/review/5933
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I74ddb6fc629ef32b217dede7a3ba652cbbf5ab12
Reviewed-on: https://code.wireshark.org/review/5932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"GSList *" implies a list; call the pointer in a struct
heur_dissector_list "dissectors", to indicate what it's a list *of*.
Change-Id: Idf5011e08d35d28934cd52f818b945db1cc7f37b
Reviewed-on: https://code.wireshark.org/review/5941
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Correct one message, change another one from a g_assert() to a g_error()
with descriptive text.
Change-Id: I667beb08ac1677205a9323ab623ed0a9766bac79
Reviewed-on: https://code.wireshark.org/review/5940
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This allows dissector lists to be looked up by name, so they can be
shared by multiple dissectors.
(This means that there's no "udplite" heuristic dissector list, but
there shouldn't be one - protocols can run atop UDP or UDPLite equally
well, and they share a port namespace and uint dissector table, so they
should share a heuristic dissector table as well.)
Change-Id: Ifb2d2c294938c06d348a159adea7a57db8d770a7
Reviewed-on: https://code.wireshark.org/review/5936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Profinet I/O and DCOM CBA had completely separate uses for the profinet_type member, so it's okay to separate them with different proto ids tracking the proto_data.
Change-Id: I7b9c01b8d4f74d51fe9f9ef2f957479dff0a7157
Reviewed-on: https://code.wireshark.org/review/5852
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Simplify the conversion of degrees from 24 bit fixed point to a float.
Avoids strict-aliasing warning by gcc 4.4.
* Add reference to RFC 6757.
* Correct spelling of 'convert' in degrees_convert_fixed_to_float().
Change-Id: Icb680d009fdd960e8668fa3020060799d6a74c2f
Reviewed-on: https://code.wireshark.org/review/5913
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This adds support for "field||field" without spaces.
Change-Id: Ia738d6642d12a188d1629bbdd9701cc8f8bb7a68
Reviewed-on: https://code.wireshark.org/review/5922
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
The FCS at the end of the frame is decoded as additional STA info fields which does not seem correct.
Issue reported by Sudheer
Bug:10786
Change-Id: Idffaa41cd7c79ad4c9937e7f32aa2444c1b9033f
Reviewed-on: https://code.wireshark.org/review/5849
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0749f8e10d6f8d97b85da6bb52b0ab336ba06c38
Reviewed-on: https://code.wireshark.org/review/5919
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If92c9bc281f44de8f3b1de71005240755748403a
Reviewed-on: https://code.wireshark.org/review/5918
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check for "or" or "||" (also ignore whitespaces)
and check both arguments of this operator to be
fieldname (character check), then check whole filter is valid
for dfilter compiler.
Change-Id: I412b5dc1fca16fcd2b640aa74af81167300fd11e
Reviewed-on: https://code.wireshark.org/review/5848
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
That appears to be a name supplied both by MIT and Heimdal Kerberos.
Using it makes it a bit clearer what the code is doing, and might avoid
type clash warnings if it's the right type (e.g., if it's a member of an
enum, as it is in Heimdal, and the corresponding argument to
krb5_crypto_init() is of the same type, the types will match).
Change-Id: I81b79223f789b8d1ec47180b7636ac1d83e03681
Reviewed-on: https://code.wireshark.org/review/5898
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's only in GLib 2.28 or later, but we don't require 2.28.
Instead, have col_custom_field_ids_free() do what g_slist_free_full() does -
and more.
Change-Id: I15768cfd2d26c847470b02ea6c51830dabcaa7ee
Reviewed-on: https://code.wireshark.org/review/5894
Reviewed-by: Guy Harris <guy@alum.mit.edu>
warnings (at least on NetBSD), presumably due to our use of
-Wc++-compat:
../../asn1/kerberos/packet-kerberos-template.c: In function
'read_keytab_file':
../../asn1/kerberos/packet-kerberos-template.c:497:10: warning: request
for implicit conversion from 'gpointer' to 'struct enc_key_t *' not
permitted in C++
../../asn1/kerberos/packet-kerberos-template.c:518:21: warning: request
for implicit conversion from 'gpointer' to 'char *' not permitted in C++
../../asn1/kerberos/packet-kerberos-template.c: In function
'decrypt_krb5_data':
../../asn1/kerberos/packet-kerberos-template.c:570:3: warning: enum
conversion when passing argument 3 of 'krb5_crypto_init' is invalid in
C++/usr/include/krb5/krb5-protos.h:1208:1: note: expected 'krb5_enctype'
but argument is of type 'int'
../../asn1/kerberos/packet-kerberos-template.c:581:13: warning: request
for implicit conversion from 'gpointer' to 'guint8 *' not permitted in
C++
../../asn1/kerberos/packet-kerberos-template.c:596:13: warning: request
for implicit conversion from 'gpointer' to 'char *' not permitted in C++
Change-Id: I17c10fc1df2685ec2e2c1b00cd3b81f62e09c829
Reviewed-on: https://code.wireshark.org/review/5886
Reviewed-by: Stephen Fisher <sfisher@sdf.org>
Also use proto_get_frame_protocols in main_menubar.c instead of doing it "manually".
Change-Id: Ie7a365c538700f2cebdd1e3d253f2fd9b189f5cf
Reviewed-on: https://code.wireshark.org/review/5851
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5868a40b71a989a3a1522cb091064bb0aaec6daf
Reviewed-on: https://code.wireshark.org/review/5828
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
You can now add column with Custom type with more than one field
by using OR "||" splitter.
Bug: 9695
Change-Id: Ia82a91e7a35b867647d36cb9626e3870f46c0d85
Reviewed-on: https://code.wireshark.org/review/5804
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Bluetooth dissector is used to add ability to filter all bluetooth
payload from capture files (there are many transport like:
hci_h4, hci_h1, hci_usb, hci_mon, btle). Also it is used to placeholder for
all data tree used to store additional informations like bd_addrs, names, etc.
Finally it is used to be one point for Bluetooth
Endpoints/Conversation filtering what is enabled now.
Also add Master/Slave Role and Connection Mode tracking.
Change-Id: I67048080fb8ee16fa0f4ec429c1257de81ddd737
Reviewed-on: https://code.wireshark.org/review/5771
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: Id67703edc08df73d4c7a2f66ee8f4d6810a867c9
Reviewed-on: https://code.wireshark.org/review/5776
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This adds possibility to have two fields with the same abbrev name
but different type, for example FT_ETHER and FT_STRING.
That allows to compare each one to find a valid field.
Change-Id: I8b2a1708ac9648b7a4289777c72a0f3b18f3d8f8
Reviewed-on: https://code.wireshark.org/review/5702
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
For cases where record (meta)data is something that can't be written out
in a particular file format, return WTAP_ERR_UNWRITABLE_REC_DATA along
with an err_info string.
Report (and free) that err_info string in cases where
WTAP_ERR_UNWRITABLE_REC_DATA is returned.
Clean up some other error reporting cases, and flag with an XXX some
cases where we aren't reporting errors at all, while we're at it.
Change-Id: I91d02093af0d42c24ec4634c2c773b30f3d39ab3
Reviewed-on: https://code.wireshark.org/review/5823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reworked zbee_mfr_code_names to be in monotonic order.
Fixed implicit shortening of time value with a cast.
Change-Id: I629948fbe32543fd2672bbc40af790333b970b10
Reviewed-on: https://code.wireshark.org/review/5808
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
- Improved handling of status bits
- Using bitfields where applicable
- Unified capitalization of hex values
- Using TFS instead of bits for status flags
- Added universe ID calculation from Address/Net/Port
- Added RDM PID decoding (values in packet-rdm.c)
- Added Poll/PollReply/Toc/Rdm support for Artnet3 (15bit universe)
- Updated manufacturer list from ESTA website
- Updated OEM codes from Art-Net SDK
Change-Id: I33edbfa754cb37391614f7cf4d6d4a9b11bcd52d
Reviewed-on: https://code.wireshark.org/review/5755
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
they were out of order for the extended value-string, I suspect honeywell1 and
honeywell2 had just been put in backwards
Change-Id: I4aacf27ba8aa20c137731f1ad652380cd5af5562
Reviewed-on: https://code.wireshark.org/review/5809
Reviewed-by: Evan Huus <eapache@gmail.com>
Removed attrID and cmdID ZCL cluster functions.
Bug in ZCL HVAC attribute registration.
Fixed bug in ZCL command ID field registration.
Update Manufacturer Codes and Profile Ids to ZigBee-053874r26 Oct 2014
Fixed broken fragmented ZigBee packet collection and reassembly
Use protocol fields for Thermostat schedule transitions.
Added support for Key Establishment Cluster (CBKE) at SE 1.2a
Updated Message cluster to SE 1.2a spec
Added attribute reporting status which is common to all SE 1.2a clusters
Added SE 1.2a tunnel cluster support
ZigBee Smart Energy (SE) decryption appears to have been broken for some time. For SE you do not know the Link Key until after successful completion of Key Establishment and then manually enter it into preferences. Entry in preferences was broken such that when the new Link Key was entered all existing link keys would be lost. This lead to the loss of the Network Key as well when the Transport Key message was re-processed without the Pre-Configured Link Key. The Link Key 'key ring' has been moved to the UAT post-update callback so that it will always be updated correctly after changes to the link keys in preferences
The attribute reporting status attribute which is common to all SE clusters was accidentally shared, now each cluster has it's own instance
ZigBee security added key display for decrypted packets
ZigBee Security Preferences fixed UAT type for Label so key label is editable again
Added definition for Retail Service profile
Added dissection for profile-wide (General Command Frame) commands when the profile is unknown
Added zbee-zcl-misc.c to precommit check whitelist as it contains ias and hvac clusters avoiding proliferation of too many small files
Change-Id: I53d85ba9d782db6a0e7e78c51b0bc7cdcdbca3ad
Reviewed-on: https://code.wireshark.org/review/5565
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: I22d407efe3ae9fba7aa25f08f050317549866442
Reviewed-on: https://code.wireshark.org/review/5798
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it clearer what the problem is, and that it should only be
returned by the dump code path, not by the read code path.
Change-Id: Icc5c9cff43be6c073f0467607555fa7138c5d074
Reviewed-on: https://code.wireshark.org/review/5797
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It is too weak (just checking that the 2 first bytes of TCP segment are "HS") to be always activated
Change-Id: Iffda96046cc687004f403dd4d8e735375790b07b
Reviewed-on: https://code.wireshark.org/review/5789
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If you encounter a frame with an all-zeroes ethertype it's very likely
due to buggy hardware or software. Don't try to dissect it as MDS
Header traffic.
Change-Id: Ie08d6aba2dcb82e4e49d6dbe96a2a3639e3cafc4
Bug: 8256
Reviewed-on: https://code.wireshark.org/review/5788
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was previously assumed that the remainder of a packet contains a
chunked-body response. This does not have be the case, and if the
assumption is violated, then the dissector would add multiple parts to a
single "De-chunked entity body".
This patch properly calculates the end of a chunked-body response,
taking the optional trailer-part into account and adjusting the size of
the chunked-body data as needed.
The CRLF in last-chunk that was previously dissected as "Chunk Boundary"
is the last CRLF that closes chunked-body, it is not part of last-chunk
(as it has no chunk-data to terminate).
A new header field is added for this trailer-part (RFC 7230 sec. 4.1).
Bug: 10707
Change-Id: Ifef1cc7dd0443edca4198eb1c27f58719f85fa9f
Reviewed-on: https://code.wireshark.org/review/5526
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-> I don't see why they were uint8; ANSI E1.33 and ANSI E1.20 use uint16
Change-Id: Ia2c024b503d6a4b8c18020699bdc676a8459dcbd
Reviewed-on: https://code.wireshark.org/review/5783
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also update HTTP Header Compression (to draft-10)
No framing change on HTTP2 draft-16
Change-Id: I7f8ffd7ab37bc22fd6fbe156b0bf52543025e3a8
Reviewed-on: https://code.wireshark.org/review/5782
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit implements a part of draft-ietf-isis-segment-routing-extensions:
- 3.2. SR-Algorithm Sub-TLV
Change-Id: Ibb419de234bf5a199f8067989b1321064fa93983
Ping-Bug: 10520
Reviewed-on: https://code.wireshark.org/review/5742
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 10761
Change-Id: I072cd3a68d852cb8dc57b9b9f807f792caba7259
Reviewed-on: https://code.wireshark.org/review/5750
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0befc8846b9af43e1563adb369ba4d332775ef76
Reviewed-on: https://code.wireshark.org/review/5778
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I95f0ab387570c0c56e19990cb9b9063051bb792f
Reviewed-on: https://code.wireshark.org/review/5779
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Permit passing TRUE as the parameter during table registration to achieve that
effect.
Use it in RTP media type table.
Bug: 10708
Change-Id: I892fb1a421d349f0c05197dec90f14fc34ad6b97
Reviewed-on: https://code.wireshark.org/review/5695
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: I28da88381a26826ad4897b56da993909130683d3
Reviewed-on: https://code.wireshark.org/review/5768
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
SN = Sequence Number, so it is not bool.
Change-Id: I0691b17150bbbdd34a0e7cbe3cb90058c9183ff7
Reviewed-on: https://code.wireshark.org/review/5769
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
lot of change but it is majority reindent change (Using clang-format)
Change-Id: Idcd0fa79ca977e25d69eb80a89d3c61d228885e9
Reviewed-on: https://code.wireshark.org/review/5764
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use by MACSec
Change-Id: I27eee40ddc476435aecd57711c1b3597c2049901
Reviewed-on: https://code.wireshark.org/review/5751
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also do not display a 8bits data SMS as an expert error
Those 2 points led me to a wrong analysis yesterday
Change-Id: Ib319e2ef8f0e7297cd2e119b6d0d98638e6a3d61
Reviewed-on: https://code.wireshark.org/review/5763
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(for some dissectors which fetch all other integral fields using
ENC_LITTLE_ENDIAN).
Change-Id: Ica72a68ac560f2920d61e0769de83130557c46fd
Reviewed-on: https://code.wireshark.org/review/5752
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Specifically: the fields are fetched as 3 bytes, but had a
type, display of FT_UINT8, BASE_HEX so only that the LO byte was
displayed.
Change-Id: I06ea7b9527ae788be7f19278e8ba4dc2d34b2777
Reviewed-on: https://code.wireshark.org/review/5747
Reviewed-by: maisheri <maisheri.hitesh@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
packet-gsm_sms.c: In function 'dis_field_dcs':
packet-gsm_sms.c:694:12: error: 'msg_class' may be used uninitialized in
this function [-Werror=maybe-uninitialized]
cc1: all warnings being treated as errors
make[5]: *** [libdissectors_la-packet-gsm_sms.lo] Error 1
I suppose that 0xff is an invalid message class and therefore a
reasonable default value.
Change-Id: Iab3d3f50144b24bee4972063c2170d7a9f9b7c25
Reviewed-on: https://code.wireshark.org/review/5745
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Specifically: Use ENC_LITTLE_ENDIAN (not ENC_NA) to match all
other integral fetches in the cip dissector.
Change-Id: I5d330084168493f53135dbb97674a2dba9ed7477
Reviewed-on: https://code.wireshark.org/review/5732
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the UDP port value check seems useless when the port is configured in the preferences, and prevents "Decode as" to work as expected
Change-Id: I5a059d05a9e980c2c60d8f84deae1b5bd9d466d3
Reviewed-on: https://code.wireshark.org/review/5727
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
it consists of two bytes xsize + xsize bytes of data
use an unsigned type for xsize
fail gracefully if the field is present but truncated
tvb_length_remaining > tvb_captured_length_remaining
Change-Id: I7f5138743c2d88abdd4f5f18d3c0292612ddb559
Reviewed-on: https://code.wireshark.org/review/5654
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is, for heuristic dissector tables, the equivalent of
dissector_table_foreach() for keyed dissector tables.
Change-Id: I4b2f870e1c1179fda1adddd93930b83aaaaf8763
Reviewed-on: https://code.wireshark.org/review/5715
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it a bit more like dissector_all_tables_foreach_table.
Improve comments and clean up whitespace while we're at it.
Change-Id: I5147427f864add285e3bb6cb35ad9fa83bea516c
Reviewed-on: https://code.wireshark.org/review/5714
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's always pased a heur_dissector_list_t *, so give it that type,
rather than having it be a generic pointer.
Change-Id: Ia6a045bb1b96c2f6ef3e23f27928e0b52f7cfb9f
Reviewed-on: https://code.wireshark.org/review/5713
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dissectors register their desire to be part of "color" conversation filters and have the GUI use that registered list. GUI actually using API will come in a separate commit.
Change-Id: I5ffe922d97894fe7bf3182056b76ab5839a9461a
Reviewed-on: https://code.wireshark.org/review/5658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already have find_dissector_table(); expose
find_heur_dissector_list() as well, so that heuristic dissector lists
can be shared.
Change-Id: I3f50413b8b10fd3129fcdc2344cb1447f0946ce9
Reviewed-on: https://code.wireshark.org/review/5701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I0e06c89cdda3c1f8e98412fd20737ff6afd26666
Reviewed-on: https://code.wireshark.org/review/5694
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f4bcd8c4a6cf534bb5b6b5c5aa7e21075968ee3
Reviewed-on: https://code.wireshark.org/review/5696
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
add support for dCache NFS/pNFS
project page: http://www.dcache.org
Bug: 10765
Change-Id: I24a88419ec070305e609d1b49b44994a464eb098
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/5236
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The exchange_id spo_must_enforce/spo_must_allow bitmaps are exceeding
this arbitrary MAX_BITMAPS constant, causing EXCHANGE_ID parsing to
fail.
Even in the case of attributes we may need more than 4 words soon, even
if we don't I'm not sure if it's actually illegal to zero-pad them out
to something longer, and even if that is illegal I don't think it's
really helpful of wireshark to stop parsing.
Keep the constant just as a sanity check but make it really large.
Ping-Bug: 10649
Change-Id: I3dff3ebde2d7f74f8cbe60a92c853463da66ae6a
Reviewed-on: https://code.wireshark.org/review/5144
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove the preferences for the filter toolbar and mark them GTK+-only.
Change-Id: Ie48b19aee29a1cfcea4c41ca6c08ddbba3102377
Reviewed-on: https://code.wireshark.org/review/5693
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add Telephony menu items for VoIP Calls and SIP Flows. Put VoIP Calls at
the top, since that seems to be the primary item.
Add configure-time checks for QtMultimediaWidgets in anticipation of
adding a VoIP playback dialog.
Add an icon for the playback button. (Yes, I've been avoiding
GNOME-level gratuitous icons so far but this is one of the rare
occiasions where it makes sense.)
Add a help link define for the VoIP calls dialog.
Change-Id: I5d0799685c598ad9af76fe9667f8ea7d14b66050
Reviewed-on: https://code.wireshark.org/review/5674
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some of the conversions to proto_tree_add_xxx calls involved using explicit sizes instead of the "option length", so there is skipping of the "byte highlighting" of the type + length bytes.
Change-Id: Ibfe09a089fb33ba43121de079aca81742d48db4c
Reviewed-on: https://code.wireshark.org/review/5636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Change-Id: I44cc6b70ec4dfc565934da499f46fca60a4ded93
Reviewed-on: https://code.wireshark.org/review/5524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, I don't know why it's making it FT_NONE; it's a bit of a weird data
type, with a string inside a structure.
Change-Id: I27a6d7577ef4a9f4da8ddad2cad97ad097135e90
Reviewed-on: https://code.wireshark.org/review/5685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_tree_add_bitmask() requires that the field under which it's
putting the bitmasks be an FT_INTn or FT_UINTn, so that it can determine
the length of the field.
Arguably, proto_tree_add_bitmask() should, instead, take a length
argument, just as other proto_tree_add_ routines do, and, arguably, we
should perhaps not even have FT_UINTn and FT_INTn, just FT_UINT and
FT_INT, with the display width for hex and octal (leading zeroes)
determined by the actual length of the field or something such as that,
or as part of the field that also contains the base.
But, even with that, we might want to require an FT_UINTn or FT_INTn
anyway, at least in cases where the value of the field as a whole is
interesting.
Change-Id: I4dff8fb1686a30b7d145c089dd1be7f96ecf23e0
Reviewed-on: https://code.wireshark.org/review/5680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have separate MTP2 dissectors for:
MTP2 frames with no pseudo-header and no CRC;
MTP2 frames with a pseudo-header and no CRC;
MTP2 frames with no pseudo-header and a CRC;
and call the appropriate dissector in the appropriate places.
While we're at it, get rid of a global variable - pass the "use extended
sequence numbers" flag down through the dissection code path, rather
than having it as a global.
Change-Id: Id8da1fbe3529e3ffadd5c30646cbc922f506a01f
Reviewed-on: https://code.wireshark.org/review/5679
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and continues trough the next segment(s).
Change-Id: I8efe69361fda0c60ec6544cc6bbe28c91f07207c
Reviewed-on: https://code.wireshark.org/review/5583
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's proto_tree_add_bitmask with the ability to control the data appended to header.
Change-Id: Icce97437ba7cfc9158ec204a837da8db8138424a
Reviewed-on: https://code.wireshark.org/review/5533
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If886809d9eeb900bb94c045413ff1295519b8311
Reviewed-on: https://code.wireshark.org/review/5641
Reviewed-by: Michael Mann <mmann78@netscape.net>
It will be reused by CAPWAP dissector (* Rates Message Element)
Change-Id: I60ce12f382a35cdc2747baf23e2e3c30a305a8bd
Reviewed-on: https://code.wireshark.org/review/5640
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I396e9af7971ee8be6fc9548162ff37fe704f0289
Reviewed-on: https://code.wireshark.org/review/5651
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I68fa9650c234c0f1fb8464b464a781b54f2c728c
Reviewed-on: https://code.wireshark.org/review/5657
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6abc157368a78e1abfde672728b88a36ba6e76cc
Reviewed-on: https://code.wireshark.org/review/5656
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia0a39f7e4670d74325ddc40b34cd56ca018c0bde
Reviewed-on: https://code.wireshark.org/review/5655
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie64573f5a0b6e921a5011e487eea8e55f72b9a0b
Reviewed-on: https://code.wireshark.org/review/5653
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
different value to them
Change-Id: I719db9180b2ba5f21653086f2697ca9bac68d6b1
Reviewed-on: https://code.wireshark.org/review/5652
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Bug: 10757
Change-Id: I30054c4a75ec86ea603cf78b702be5255c35f549
Reviewed-on: https://code.wireshark.org/review/5642
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0e8610f381e650f2c5b3f78ea927b727ec9ac62a
Reviewed-on: https://code.wireshark.org/review/5637
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
rec_type is the type of record (which isn't necessarily a packet; future
work on libwiretap will let it return non-packet data); if it's a packet
(REC_TYPE_PACKET), then pkt_encap contains the "link-layer"
encapsulation for the packet (in quotes because it may contain metadata
not transmitted over the network).
Change-Id: I6f32b02f4466df6d7b07dbdc9d77e881830ac749
Reviewed-on: https://code.wireshark.org/review/5645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I01f01ce51fb1c9deb857ef01696b406b97dca3a9
Reviewed-on: https://code.wireshark.org/review/5616
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id001a6c1e116fdabfd51c354832ca68f50e65e7d
Reviewed-on: https://code.wireshark.org/review/5618
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6b8fc8db006bc3b8f8f4bac019cb7e240931d3b5
Reviewed-on: https://code.wireshark.org/review/5619
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We do multiple va_start() calls using the first string in the list of
strings; do *not* use the first-string argument to iterate over all the
argument strings, as that means that only the first va_start() call will
do the right thing, use a separate variable.
Bug: 10755
Change-Id: Ic4a6c24f911e335d147883a25d30289628836875
Reviewed-on: https://code.wireshark.org/review/5630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The fact that the vtag matches the initiate tag doesn't mean much if both are 0
(uninitialized).
Also leave in some (commented-out) debug to make debugging this stuff easier
in the future.
Change-Id: Id007de8bf9d2d4e0bb18309ed3e2572fedda45f1
Reviewed-on: https://code.wireshark.org/review/5571
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: Ic0abcf8173a690a1dc0cd250f5e8770eb92a5aa9
Reviewed-on: https://code.wireshark.org/review/5626
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I67dd6ae5dc48b297e5c04aba2fe53e3e159d2611
Reviewed-on: https://code.wireshark.org/review/5625
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
use tvb_captured_length() instead of tvb_length()
Change-Id: I7e7efd69515fc3e30c986ac5d9a56b4db1931c10
Reviewed-on: https://code.wireshark.org/review/5624
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
The exception schedule special-event disection already used matched
open-close tags and only needed to check for an unmatched close tag
to exit when used with ReadPropertyMultiple service.
Bug: 10691
Change-Id: I54f2f6f3f470138a6a88f84c62fd15b07ea74c37
Reviewed-on: https://code.wireshark.org/review/5593
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>