This will also avoid invoking ssl_finalize_decryption which will not be
used for TLS 1.3.
Change-Id: I958508276488764ad1a82e6412504bcd72f3b995
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19823
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do length checks in case not all fields are present to prevent
malformed packets.
Bug: 13237
Change-Id: Ie7cc3006fa33f1dedeffb09a4f35adb8dee8e9f6
Ping-Bug: 13238
Reviewed-on: https://code.wireshark.org/review/19390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In change 9bcac48403, "t30.hdlc" was
inadvertently changed to "t30.hdlc""rtp"; this meant that we didn't
actually find the T.30 dissector, as we were looking for it under the
name "t30.hdlcrtp".
Change-Id: Ic1c1daf558926afdb43ac9220940f3ac0159d247
Reviewed-on: https://code.wireshark.org/review/19835
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This got lost as part of change 9132706b2d
- that removed the explicit registering, with a port number, in the
tcp.port and udp.port dissector tables, *without* replacing it with a
dissector_add_for_decode_as() registering it *without* a port number.
Change-Id: I9ae22418553c143d51f9a78f5c0901f2f6490351
Reviewed-on: https://code.wireshark.org/review/19832
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A few dissectors can benefit from the conversion.
Change-Id: I3b7d54926b79314009e271960aff61870a115390
Reviewed-on: https://code.wireshark.org/review/19826
Reviewed-by: Michael Mann <mmann78@netscape.net>
wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), ...)
doesn't have "file" scope ready at startup to create hash table
and will assert.
Change-Id: I3437f45ef42bf8635e4d504cf073fc3fb0c9a8cd
Reviewed-on: https://code.wireshark.org/review/19825
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.
Also remove duplicate DTLS data sources for decrypted records.
Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Reviewed-on: https://code.wireshark.org/review/19822
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The information from qsig_opcode2oid_hashtable could be derived directly from
qsig_op_tab, and get_op() can serve as a lookup instead of qsig_oid2op_hashtable.
Change-Id: Ibc5b20ff9ff46b1644c6a6c2c90ee1c4ac131e45
Reviewed-on: https://code.wireshark.org/review/19743
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can be used similarly to wmem_tree_new_autoreset for hash tables that need
reset after capture file change.
Change-Id: I3a2f0b0a0cad3eca46266523c594d3d7aac17489
Reviewed-on: https://code.wireshark.org/review/19794
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Initialize decode_as_list = NULL after free to avoid random crashes
in g_list functions after changing profile.
This bug was introduced in g5c7b0b96
Change-Id: Ibc752f245115c5a426989e20e0ab9d0f0faac43d
Reviewed-on: https://code.wireshark.org/review/19821
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
relax pw_eth_heuristic and, at the same time, improve
the 1st nibble logic in dissect_mpls in order to disambiguate
between Ethernet pseudo-wire without a control word, with the MAC
address's first nibble being 4/6 and IPv4/6 packet.
Bug: 13301
Change-Id: If4697c2e40271d84e2db11a9f64ee60a8657e164
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19599
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Zero-length octet sequences don't need to show <MISSING> for their contents.
Change-Id: I89662ff8cd29563981ba9e1b34dc82023b6a070e
Reviewed-on: https://code.wireshark.org/review/19755
Reviewed-by: Juan Jose Martin Carrascosa <juanjo@rti.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously there was a distinction between decrypted handshake
Application Data records ("Decrypted SSL data") and some others (like
Alerts, Handshake and Heartbeat, "Decrypted SSL record"). Remove this
distinction and always decrypt the payload before passing it on and
always display a data sources for decrypted contents ("Decrypted SSL").
This is prepatory work for TLS 1.3 support where the content type is
located in the encrypted record, having the record decryption in one
place makes it easier to adapt.
Change-Id: I92c51c7f9e87e5c93231d28c39a8e896f5afd1ef
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When saving preferences the strings in string lists must not be
escaped with g_strescape() because this will destroy UTF-8 characters.
Because this strings only should use printable characters we manually
escape quote and backslash, and skip non-printable.
Bug: 13342
Change-Id: I57e492dff746a5ecc0aee809f946a615ad110b4d
Reviewed-on: https://code.wireshark.org/review/19738
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2855c83c6b5e9add3f34d72a2f2ed3394bf79b78
Reviewed-on: https://code.wireshark.org/review/19761
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That field parsed as Big Endian, while all data in ZigBee is Little Endian.
Not change to LE.
Change-Id: I782ba5d17ca9f2208dc4e2f08ca2c731f4d683e4
Reviewed-on: https://code.wireshark.org/review/19800
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13346
Change-Id: I83175fefeef5035039e378dd68ffdcd0787970b8
Reviewed-on: https://code.wireshark.org/review/19775
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do the NLRI length checks in the switch cases for each route type, and
do them for *all* route types, rather than throwing a random check in
for one particular route type.
There is no need to fail up front for unknown route types; at least
dissect the type and length, and fail in the switch statement.
Dissect the route descriptor in each of the switch cases, after the
length check, rather than doing it up front.
Add a comment noting where the prefix route type comes from.
Change-Id: Iae26ecd467d4b36dbcf52e7998bd2881405281aa
Reviewed-on: https://code.wireshark.org/review/19774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adds support for IndigoCare nursecall protocols
Bug: 13241
Change-Id: I83098c15d467ea42da8301c6b6a5568d9892fc60
Reviewed-on: https://code.wireshark.org/review/19224
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ida9d2e6d632104ec3c6594f5ec500fec49a971a4
Reviewed-on: https://code.wireshark.org/review/19754
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I17a8b51dbcb502624a83177135b31fdbe72fa118
Reviewed-on: https://code.wireshark.org/review/19753
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Point to the FreeRADIUS man page for the dictionary file format, and
mention features we don't support - including features *not* documented
in the man page.
Change-Id: I08085062a6abcafb9dd0abe5b1edee53187ea23f
Reviewed-on: https://code.wireshark.org/review/19762
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support all four mode adaptation input and output interfaces defined in
SatLabs reference document sl_561, "Mode Adaptation Input and Output
Interfaces for DVB-S2 equipment", instead of only the two modes that use
a sync byte.
There is nothing in the packet format that specifies which format is in
use, so we have to guess based on the possible occurrence of a sync byte
and the CRC-protected BBHEADER that follows the mode adaptation header,
which is a different length for each format. This is a heuristic dissector,
so if none of the four formats match, we just return.
Unfortunately, the BBHEADER CRC is only 8 bits, so there can be false
matches rather often. We detect when the packet matches more than one format,
and issue an expert info diagnostic. It is also possible for a UDP packet
that isn't DVB-S2 at all to match spuriously, with probability around 1%
(assuming random data). This is acceptable for a heuristic dissector,
especially one that is initially disabled.
Standardize spelling per sl_561: adaption -> adaptation
Change-Id: Iffc73ed01c72d1247e2378d648ffe0d7c1f21612
Reviewed-on: https://code.wireshark.org/review/19708
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Display also release (and build)
Change-Id: Ib97f47a0b0179712a82f0aee0ca079a05b8b590c
Reviewed-on: https://code.wireshark.org/review/19730
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This portion of the code was never completed.
Complete it.
Change-Id: Iaa139b8c6d50a5ce3a7039000e9af38fab3d6124
Signed-off-by: Benoît Canet <benoit@scylladb.com>
Reviewed-on: https://code.wireshark.org/review/19725
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixed FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT dissector
to show fields of response properly - see
https://msdn.microsoft.com/en-us/library/dn409282.aspx
Mapped few SMB2 IOCTL codes related to RSVD to names
(like FSCTL_STORAGE_QOS_CONTROL that is defined by MS-SQOS
as a helper for RSVD protocol)
Added RSVD-specific SMB2 status codes
(used in SMB2 transport when RSVD is in use or inited)
See https://msdn.microsoft.com/en-us/library/dn392518.aspx
Change-Id: I04d80df234505e8b32773ac95cf0b73f07cc5581
Reviewed-on: https://code.wireshark.org/review/19693
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move "struct preference" into prefs.c, essentially creating a "private"
structure to handle preferences. The 2 motivating factors were:
1. Better memory management so that clients/users of API don't have to worry
about it.
2. Hide the ugliness of the union stuff and make it transparent to the API.
A few bugs related to preference <-> Decode As integration were fixed
while in the neighborhood.
Change-Id: I509b9a236235d066b139c98222b701475e0ed365
Reviewed-on: https://code.wireshark.org/review/19578
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When using a data printer for the red/black tree it is fed with the
nodes of the tree. But nodes can be either subtree or data nodes.
Don't feed the subtree nodes to the data printer. The data printer can't
recognize it as such, can't handle it, or worse, could break stuff.
Change-Id: Ibbc1311d901c0d0c52e710f951dd53620f2c3d0f
Reviewed-on: https://code.wireshark.org/review/19652
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1cc180abd7e73e5aea55b1b7eef9dc4b0e66e164
Reviewed-on: https://code.wireshark.org/review/19692
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since the fix for bug 13289, an empty string can be returned by get_dns_name.
Ensure that:
- a malformed encoding with no characters and a length > 1 triggers an exception
- the formatted version is used to add info in tree.
Bug: 13339
Change-Id: I88125a351904eabb5cededfbfe1d5ef14ea61ecc
Reviewed-on: https://code.wireshark.org/review/19714
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9694a8e817e357061a60c425fb5881d525ed8143
Reviewed-on: https://code.wireshark.org/review/19695
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also use g_hash_table_new_full to ease the free procedure.
Change-Id: I0a411cccbd651cca18e94a048722bf5520903deb
Reviewed-on: https://code.wireshark.org/review/19691
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5479ed21116dd8f91f231ebd1ec230892df9a404
See: http://standards-oui.ieee.org/ethertype/eth.txt
Reviewed-on: https://code.wireshark.org/review/19707
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7d585404463691946e2aa67e14e53edb813d9be8
Reviewed-on: https://code.wireshark.org/review/19681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Change-Id: Icfe7de118bc49da57f537601c2f256e4a028b4e2
Reviewed-on: https://code.wireshark.org/review/19680
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It is part of Bluetooth Core 4 specification.
Change-Id: I7a1e542285d65452d99f753b27777fff80ad1c59
Reviewed-on: https://code.wireshark.org/review/19646
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Last parameter is the destination buffer size, not the number of bytes to copy.
Bug: 13332
Change-Id: I9a6f5231d2d7a94fd5e692e8bbf4f5dba30b7c1a
Reviewed-on: https://code.wireshark.org/review/19677
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 12859
Change-Id: Iaf2242b0dcf16f211d5a7565b96099cc44e8bf3d
Reviewed-on: https://code.wireshark.org/review/17899
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissectors can register shutdown functions, that will be called
just before program exit. Those function will free the memory
allocated during the init function.
Change-Id: Id88228af2cc916bfb316fe7b36d46499f6e4f8d4
Reviewed-on: https://code.wireshark.org/review/19282
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interpret packet contents according to the descriptive fields contained
in the BB header. Instead of always assuming a Generic Stream frame format,
use the TS/GS field to detect Generic Stream, Generic Packetized, Transport
Stream, or (reserved) frame formats and decode accordingly.
In the case of Generic Stream frames, check the validity of header fields
ISSYI, NPD, and UPL, and issue expert info if they are invalid for Generic
Stream frames. Then dissect as GSE (as before).
For other frame formats, just dump them as bytes for now.
Change-Id: I6b040207f83369110eb704c543861c887f77baa7
Reviewed-on: https://code.wireshark.org/review/19634
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Detailed decode of Membership status & User Position in GroupID Mamagement frame.
Bug: 13322
Change-Id: I74b1d93757e3e10a2a0d4423fcfdcd2265e1bd62
Reviewed-on: https://code.wireshark.org/review/19564
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Because of the DNS name encoding, the consumed bytes in the tvb and
the length of the string of the dns name can be different. We need
to handle them separately for the purpose they are. Moreover the
name string can contain null bytes, then we can't rely on strlen()
but we need the actual length.
Subsequent calls to proto_tree_add_string() will require to pass
the string to format_text() in order have non-printable characters
printed.
Bug: 13289
Change-Id: I6d0b295867ece265f8995f82da2c629992aeb703
Reviewed-on: https://code.wireshark.org/review/19539
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
update support of draft-ietf-pce-segment-routing-08
Change-Id: I4d25268bb331462fbe219f242ff8278b017de37b
Reviewed-on: https://code.wireshark.org/review/19642
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
First Ack Block is always present in ACK Frame (don't depend of present of NACK)
Change-Id: I702151a6ccb236272ace9dfdf0f4b507a549871e
Reviewed-on: https://code.wireshark.org/review/19627
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Improved operation_code map to resolve RSVD v2 codes.
Changed GET_FILE_INFO -> GET_INITIAL_INFO for spec conformance.
See https://msdn.microsoft.com/en-us/library/dn392322.aspx
SMB2 IOCTL FSCTL_SVHDX_ASYNC_TUNNEL_REQUEST must be handled in the same way as FSCTL_SVHDX_SYNC_TUNNEL_REQUEST:
RSVD dissector must be used (new async flow used by RSVDv2).
See https://msdn.microsoft.com/en-us/library/dn366375.aspx
Ping-Bug: 11232
Change-Id: Ie51773fc2199a7674538101b87cec398354bd97a
Reviewed-on: https://code.wireshark.org/review/19657
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For running through the postseq cleanup and final registration lists, we
can use the same dummy function call_routine() that is used for the init
and the cleanup lists. We don't need our own copies.
Change-Id: Ia1ea647d5831adda26dab86eceba8fcf704ce122
Reviewed-on: https://code.wireshark.org/review/19668
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create pinos for all of the PPP protocols options and a dissector table to store
them all. Adapt a new version of dissect_ip_tcp_options, (now ppp_dissect_options)
that uses the dissector tables for name of options and dissection function.
Also standardize the dissectors for all protocols so that all include type and
length in the dissection.
Change-Id: I0033574e2831789040a1ce2857bf0e825d791cbe
Reviewed-on: https://code.wireshark.org/review/19656
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic1972399b706407ce8f15a3e554f1304a36d1009
Reviewed-on: https://code.wireshark.org/review/19663
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Like for OpenFlow (v4/1.3) (g4b7c2781fb)
Change-Id: I61cfea015e548e5eaa37856df86e96bd0ba21795
Ping-Bug: 13221
Reviewed-on: https://code.wireshark.org/review/19644
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0275a6e0d5d151f086d96c6388b9fa647ea0085c
Reviewed-on: https://code.wireshark.org/review/19654
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Now all unimplemented commands are in /* TODO */
Change-Id: I53c8dd0a660b62403214a3c75297e627337ed5fb
Reviewed-on: https://code.wireshark.org/review/19645
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia28ceef189f8fe16105da88c01e1a159d5029c0a
Reviewed-on: https://code.wireshark.org/review/19655
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If4c35d18db1dc982e981004838e0eabbf4479e78
Reviewed-on: https://code.wireshark.org/review/19653
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iafc9f1c4b2a0210d8098b37eefc095e740182258
Reviewed-on: https://code.wireshark.org/review/19648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Length of CDBBuffer must be always 16 bytes
If CDBLength is less than 16, add padding bytes
Change-Id: I241a10325ebe17b32469eaf7dc530fc7fe2105de
Reviewed-on: https://code.wireshark.org/review/19628
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support to dissect data of the connect command which
comes along with the cmd in same packet.
It also removed unwanted tvb addition for rdma fabric commands,
completion and nvme commands.
Bug: 13201
Change-Id: I33062f67a69cdca4b909ed8c08201dea5e0aa095
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
I've tested with pcaps from SampleCaptures (wiki).
Change-Id: Ifa1b628fbc675843c54dfd4b993809fd072dc69c
Reviewed-on: https://code.wireshark.org/review/19636
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
use same indent like packet-xml.c
Change-Id: I687b0306ba1d3559ce4a299a0e66c55e3f04fdfd
Reviewed-on: https://code.wireshark.org/review/19641
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I1a4b50873a183c0f6051dc0db3fecf5e62c92cbb
Reviewed-on: https://code.wireshark.org/review/19633
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
GSE Padding is outside of any GSE Packet and continues to the end of the
Baseband Frame, per 4.2.1 of ETSI TS 102 606-1.
Added dvb-s2_gse.padding as an integer representing the length in bytes
of the padding field.
Change-Id: I9ed22c37a1969059a09ba44d9e3473cb9d0a1880
Reviewed-on: https://code.wireshark.org/review/19579
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hex digits 0xa through 0xe are '*', '#', 'a', 'b', and 'c',
respectively.
Constify the dgt_set_t argument to tvb_bcd_dig_to_wmem_packet_str(),
while we're at it.
Bug: 13316
Change-Id: I7586f35d23fd262453779d99946e7ccad4b6ffab
Reviewed-on: https://code.wireshark.org/review/19620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch passes RDMA read request packets to ULP dissectors similar to
other RDMA packets so that ULP dissector can have opportunity to show as
upper layer protocol instead of IB or RRoCE.
Change-Id: I594d8eada858b7f77fc94be44e3639526789779e
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19619
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I00fea4d2e8c4d7fc8fc54627ced21796d40b854a
Reviewed-on: https://code.wireshark.org/review/19616
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of using a dissector function placed in a dissector table, just use the
protocol information registered with the dissector table to create the desired
dissector tree.
Change-Id: Ic32b15e3c05d73df6e8f69890c47172e991bda6f
Reviewed-on: https://code.wireshark.org/review/19509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Like OpenFlow (v5/1.4) dissector
and include dissect_openflow_header_v4
Ping-Bug: 13221
Change-Id: I123fad871bcb1c9d54946500505525d55a81f8f3
Reviewed-on: https://code.wireshark.org/review/19602
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
replace our own function for dissecting the CRC with
the generic proto_tree_add_checksum()
Change-Id: I569c877836a7b771b01a37b57b6c50fc0183e9a7
Reviewed-on: https://code.wireshark.org/review/19601
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Any call of the form tvb_new_subset_length_caplen(tvb, offset, -1, -1)
should instead be tvb_new_subset_remaining(tvb, offset).
Change-Id: I4bc95b028103ea4fc82453ef3460c147d7ccabd6
Reviewed-on: https://code.wireshark.org/review/19598
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only decode subtype 1 : AP Name with unknown data (7 bytes)
Change-Id: I4fc0c6fff1a931075ab333a8527251f12acb2827
Reviewed-on: https://code.wireshark.org/review/19586
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's the amount of data left in the packet; perhaps not all of it was
*captured*, and using tvb_reported_length_remaining() will throw an
exception, but that's what *should* happen ("packet cut short"
notification and all).
Use tvb_new_subset_remaining() to get a tvbuff with everything after a
certain point in the packet.
Change-Id: I2512e58e23600f7e7bbce0126732b05997692a65
Reviewed-on: https://code.wireshark.org/review/19596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It seems that somewhere in the last few years the changes for FCoIB
have caused it to loose its frame marker processing. This change puts
that back.
Also there is an ambiguity in EOF handling, which is solved.
Change-Id: Iefbb42726e4e5491a50d7ce96626c906fb5ea857
Reviewed-on: https://code.wireshark.org/review/19594
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
For the Sector Sweep Frame in which the Sector Sweep Direction = Responder, the format of the Sector Sweep Feedback Field should be the one in the standard (Figure 8-431d—SSW Feedback field format when not transmitted as part of an ISS) i.e. similar to the one in Sector Sweep Feedback Frame and Acknowledgement.
Issue reported by Hany ASSASA
bug: 13244
Change-Id: Ic8c6d83fc32d017fb73116a54759608498f99452
Reviewed-on: https://code.wireshark.org/review/19590
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed ke_modes and auth_modes fields, add
identity.obfuscated_ticket_age and binders fields. (Note that binders
field is not dissected further at this moment due to the lack of a pcap
for verification.)
Ping-Bug: 12779
Change-Id: I9af7d93feb2352a494be2d5bda66d124267cf464
Reviewed-on: https://code.wireshark.org/review/19462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per https://ask.wireshark.org/questions/58532/missing-dissector-pw_eth_cw
it appears some MPLS dissectors are still referenced by name and
not just for the dissector table created in
I1e0c3ae784b71c0145b1f1730a97feae8e9f488f.
Change-Id: I27be132f56c879be16f78f76ac0e9688673a47c1
Reviewed-on: https://code.wireshark.org/review/19582
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If you don't have control words - and several MPLS pseudo-wire RFCs say
"in these cases, a control word isn't necessary, and isn't useful, so
you might want to leave it out" - the first nibble values of 0, 1, 4,
and 6 could just be part of the packet header.
Explain some other stuff as well.
Change-Id: I2f1aae2ab8653bdd7f8b3b52ef450f6d43a1afcd
Reviewed-on: https://code.wireshark.org/review/19583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
See draft-ietf-opsawg-mud for details. File changes include addition
of new asn1 directory and associated files, as well as edits to various
other files to support the change.
Change-Id: Ib910980e1ddcafaa31aa07cf049562520b61a3aa
Reviewed-on: https://code.wireshark.org/review/19505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Refactored so that all handling of ranges in struct preference
can be internal to prefs.c
Change-Id: I68577909f9c07b23a16ab3443a523355d4645314
Reviewed-on: https://code.wireshark.org/review/19577
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix problem with baseband header CRC check that caused almost all
baseband frames to show a spurious CRC error, introduced with
proto_tree_add_checksum.
Change-Id: I6b2f9680507eeb79e59b825f3ac9e4cee1033976
Reviewed-on: https://code.wireshark.org/review/19567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The existing sanity check on column_size makes incorrect assumptions
about the size of the CTableColumn structure (which is an internal
dissector structure that contains optional data). The sanity check
test *always* fails. This change uses the minimum size of CTableColumn
structure instead which should prevent excessive allocation during fuzz
testing.
Bug: 13299
Change-Id: Id9fcbc15a4df4c74bb7576c6fdca1000890947fd
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/19566
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Added support to dissect read and write commands.
2. Added support to dissect SGL fields addr, len, key.
3. Changed long reserved fields to decimal presentation.
4. Fixed typo for cqe reserved field.
Change-Id: I63c674c68143c9c61610bada0410b49a134361d4
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19565
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3b954e3623473899b6039f0ff572eb56defe14cc
Fixes: v2.3.0rc0-1841-ga8b68205a4 ("packet: duplicate short_name to fix UAF in wslua")
Reviewed-on: https://code.wireshark.org/review/19571
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is mostly to address memory leaks in range preferences (the biggest
user of range functionality) on shutdown.
Now range preferences must use epan scoped memory when referencing
internal preference structures to keep consistency.
Change-Id: Idc644f59b5b42fa1d46891542b53ff13ea754157
Reviewed-on: https://code.wireshark.org/review/19387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can now use bitmap on 64bits (or 48bits)
and also add a reserved field
Ping-Bug: 13244
Change-Id: I2ec9412f6cfebd3a8ca5c082af5e8481e2646eaf
Reviewed-on: https://code.wireshark.org/review/19561
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
grepping for "Decode As" comments reveals exactly was pinos were
created for - distinguishing multiple dissection functions in a
single dissection table.
Change-Id: Iaa9294045e9d0633563e7d763cb585c0e6dc598f
Reviewed-on: https://code.wireshark.org/review/19490
Reviewed-by: Michael Mann <mmann78@netscape.net>
Supports the recommended meanings of the priority field as
changed by 802.1Q-2005, and the change from the CFI to DEI
in 802.1Q-2011. A preference is added to use the older
(non-compatible) spec version. Note that 802.1Q-2011 is
consistent with 802.1ad and ah, which got rolled up in 802.1Q,
but ends up removing support for bridging Token Ring and FDDI
over Ethernet.
Bug: 13294
Change-Id: Ieeadb0f6dda2758750f9e6649f1390609d78c50e
Reviewed-on: https://code.wireshark.org/review/19548
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I486c883b27059eb55e9fe11fcc372fc31c1e56ca
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19560
Reviewed-by: Michael Mann <mmann78@netscape.net>
use UINT16
Change-Id: I7f7c4e847ed6ccb6ced446d493aa27f76cc8db61
Reviewed-on: https://code.wireshark.org/review/19559
Reviewed-by: Michael Mann <mmann78@netscape.net>
Wrong field name for Dynamic Allocation
Issue reported by Hany ASSASA
Bug: 13244
Change-Id: Idec2cb48c5b3d22d75880325d2aec0083d89ca95
Reviewed-on: https://code.wireshark.org/review/19558
Reviewed-by: Michael Mann <mmann78@netscape.net>
I97b82fb53fd63d9107ee5d4c64b94840e743fc72 changed the default but not the
help text.
Change-Id: I05375c44c01703e36686d0a16a094cb8d6b3dcd2
Reviewed-on: https://code.wireshark.org/review/19557
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before we were showing an expert warning saying that it was not
supported. Now we show the parametrized data dissected in the form
sequence of (id, length, value)
Added also filters so it is possible to filter on the ids (useful
in RTPS)
Bug: 13278
Change-Id: I8569830305bc303febe6f3460221e7a52867a34d
Reviewed-on: https://code.wireshark.org/review/19458
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Maybe there was an issue on Windows back in the old days, when 1) we
didn't have a shared libwireshark library from which to import functions
and data variables and thus you couldn't get variables such as
etype_vals in a plugin and 2) the Infiniband dissector was a plugin, but
neither of those are the case any more.
Change-Id: Id8b82886317bd36a32ad1e1591673623696d4808
Reviewed-on: https://code.wireshark.org/review/19530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 3264
Change-Id: I9fa8cfaf1e21a8a984941ee40e2e404ae21e55c9
Reviewed-on: https://code.wireshark.org/review/19528
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>