GSE Padding is outside of any GSE Packet and continues to the end of the
Baseband Frame, per 4.2.1 of ETSI TS 102 606-1.
Added dvb-s2_gse.padding as an integer representing the length in bytes
of the padding field.
Change-Id: I9ed22c37a1969059a09ba44d9e3473cb9d0a1880
Reviewed-on: https://code.wireshark.org/review/19579
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Hex digits 0xa through 0xe are '*', '#', 'a', 'b', and 'c',
respectively.
Constify the dgt_set_t argument to tvb_bcd_dig_to_wmem_packet_str(),
while we're at it.
Bug: 13316
Change-Id: I7586f35d23fd262453779d99946e7ccad4b6ffab
Reviewed-on: https://code.wireshark.org/review/19620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch passes RDMA read request packets to ULP dissectors similar to
other RDMA packets so that ULP dissector can have opportunity to show as
upper layer protocol instead of IB or RRoCE.
Change-Id: I594d8eada858b7f77fc94be44e3639526789779e
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19619
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I00fea4d2e8c4d7fc8fc54627ced21796d40b854a
Reviewed-on: https://code.wireshark.org/review/19616
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function will free the resources allocated by the caller.
Change-Id: Ib486c14e4fd3c321662fb71f7fd06733ce9a64a4
Reviewed-on: https://code.wireshark.org/review/19375
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of using a dissector function placed in a dissector table, just use the
protocol information registered with the dissector table to create the desired
dissector tree.
Change-Id: Ic32b15e3c05d73df6e8f69890c47172e991bda6f
Reviewed-on: https://code.wireshark.org/review/19509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Like OpenFlow (v5/1.4) dissector
and include dissect_openflow_header_v4
Ping-Bug: 13221
Change-Id: I123fad871bcb1c9d54946500505525d55a81f8f3
Reviewed-on: https://code.wireshark.org/review/19602
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
replace our own function for dissecting the CRC with
the generic proto_tree_add_checksum()
Change-Id: I569c877836a7b771b01a37b57b6c50fc0183e9a7
Reviewed-on: https://code.wireshark.org/review/19601
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Any call of the form tvb_new_subset_length_caplen(tvb, offset, -1, -1)
should instead be tvb_new_subset_remaining(tvb, offset).
Change-Id: I4bc95b028103ea4fc82453ef3460c147d7ccabd6
Reviewed-on: https://code.wireshark.org/review/19598
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only decode subtype 1 : AP Name with unknown data (7 bytes)
Change-Id: I4fc0c6fff1a931075ab333a8527251f12acb2827
Reviewed-on: https://code.wireshark.org/review/19586
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That's the amount of data left in the packet; perhaps not all of it was
*captured*, and using tvb_reported_length_remaining() will throw an
exception, but that's what *should* happen ("packet cut short"
notification and all).
Use tvb_new_subset_remaining() to get a tvbuff with everything after a
certain point in the packet.
Change-Id: I2512e58e23600f7e7bbce0126732b05997692a65
Reviewed-on: https://code.wireshark.org/review/19596
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It seems that somewhere in the last few years the changes for FCoIB
have caused it to loose its frame marker processing. This change puts
that back.
Also there is an ambiguity in EOF handling, which is solved.
Change-Id: Iefbb42726e4e5491a50d7ce96626c906fb5ea857
Reviewed-on: https://code.wireshark.org/review/19594
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
For the Sector Sweep Frame in which the Sector Sweep Direction = Responder, the format of the Sector Sweep Feedback Field should be the one in the standard (Figure 8-431d—SSW Feedback field format when not transmitted as part of an ISS) i.e. similar to the one in Sector Sweep Feedback Frame and Acknowledgement.
Issue reported by Hany ASSASA
bug: 13244
Change-Id: Ic8c6d83fc32d017fb73116a54759608498f99452
Reviewed-on: https://code.wireshark.org/review/19590
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed ke_modes and auth_modes fields, add
identity.obfuscated_ticket_age and binders fields. (Note that binders
field is not dissected further at this moment due to the lack of a pcap
for verification.)
Ping-Bug: 12779
Change-Id: I9af7d93feb2352a494be2d5bda66d124267cf464
Reviewed-on: https://code.wireshark.org/review/19462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per https://ask.wireshark.org/questions/58532/missing-dissector-pw_eth_cw
it appears some MPLS dissectors are still referenced by name and
not just for the dissector table created in
I1e0c3ae784b71c0145b1f1730a97feae8e9f488f.
Change-Id: I27be132f56c879be16f78f76ac0e9688673a47c1
Reviewed-on: https://code.wireshark.org/review/19582
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If you don't have control words - and several MPLS pseudo-wire RFCs say
"in these cases, a control word isn't necessary, and isn't useful, so
you might want to leave it out" - the first nibble values of 0, 1, 4,
and 6 could just be part of the packet header.
Explain some other stuff as well.
Change-Id: I2f1aae2ab8653bdd7f8b3b52ef450f6d43a1afcd
Reviewed-on: https://code.wireshark.org/review/19583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
See draft-ietf-opsawg-mud for details. File changes include addition
of new asn1 directory and associated files, as well as edits to various
other files to support the change.
Change-Id: Ib910980e1ddcafaa31aa07cf049562520b61a3aa
Reviewed-on: https://code.wireshark.org/review/19505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Refactored so that all handling of ranges in struct preference
can be internal to prefs.c
Change-Id: I68577909f9c07b23a16ab3443a523355d4645314
Reviewed-on: https://code.wireshark.org/review/19577
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix problem with baseband header CRC check that caused almost all
baseband frames to show a spurious CRC error, introduced with
proto_tree_add_checksum.
Change-Id: I6b2f9680507eeb79e59b825f3ac9e4cee1033976
Reviewed-on: https://code.wireshark.org/review/19567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The existing sanity check on column_size makes incorrect assumptions
about the size of the CTableColumn structure (which is an internal
dissector structure that contains optional data). The sanity check
test *always* fails. This change uses the minimum size of CTableColumn
structure instead which should prevent excessive allocation during fuzz
testing.
Bug: 13299
Change-Id: Id9fcbc15a4df4c74bb7576c6fdca1000890947fd
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-on: https://code.wireshark.org/review/19566
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Added support to dissect read and write commands.
2. Added support to dissect SGL fields addr, len, key.
3. Changed long reserved fields to decimal presentation.
4. Fixed typo for cqe reserved field.
Change-Id: I63c674c68143c9c61610bada0410b49a134361d4
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19565
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3b954e3623473899b6039f0ff572eb56defe14cc
Fixes: v2.3.0rc0-1841-ga8b68205a4 ("packet: duplicate short_name to fix UAF in wslua")
Reviewed-on: https://code.wireshark.org/review/19571
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is mostly to address memory leaks in range preferences (the biggest
user of range functionality) on shutdown.
Now range preferences must use epan scoped memory when referencing
internal preference structures to keep consistency.
Change-Id: Idc644f59b5b42fa1d46891542b53ff13ea754157
Reviewed-on: https://code.wireshark.org/review/19387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can now use bitmap on 64bits (or 48bits)
and also add a reserved field
Ping-Bug: 13244
Change-Id: I2ec9412f6cfebd3a8ca5c082af5e8481e2646eaf
Reviewed-on: https://code.wireshark.org/review/19561
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
grepping for "Decode As" comments reveals exactly was pinos were
created for - distinguishing multiple dissection functions in a
single dissection table.
Change-Id: Iaa9294045e9d0633563e7d763cb585c0e6dc598f
Reviewed-on: https://code.wireshark.org/review/19490
Reviewed-by: Michael Mann <mmann78@netscape.net>
Supports the recommended meanings of the priority field as
changed by 802.1Q-2005, and the change from the CFI to DEI
in 802.1Q-2011. A preference is added to use the older
(non-compatible) spec version. Note that 802.1Q-2011 is
consistent with 802.1ad and ah, which got rolled up in 802.1Q,
but ends up removing support for bridging Token Ring and FDDI
over Ethernet.
Bug: 13294
Change-Id: Ieeadb0f6dda2758750f9e6649f1390609d78c50e
Reviewed-on: https://code.wireshark.org/review/19548
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I486c883b27059eb55e9fe11fcc372fc31c1e56ca
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19560
Reviewed-by: Michael Mann <mmann78@netscape.net>
use UINT16
Change-Id: I7f7c4e847ed6ccb6ced446d493aa27f76cc8db61
Reviewed-on: https://code.wireshark.org/review/19559
Reviewed-by: Michael Mann <mmann78@netscape.net>
Wrong field name for Dynamic Allocation
Issue reported by Hany ASSASA
Bug: 13244
Change-Id: Idec2cb48c5b3d22d75880325d2aec0083d89ca95
Reviewed-on: https://code.wireshark.org/review/19558
Reviewed-by: Michael Mann <mmann78@netscape.net>
I97b82fb53fd63d9107ee5d4c64b94840e743fc72 changed the default but not the
help text.
Change-Id: I05375c44c01703e36686d0a16a094cb8d6b3dcd2
Reviewed-on: https://code.wireshark.org/review/19557
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before we were showing an expert warning saying that it was not
supported. Now we show the parametrized data dissected in the form
sequence of (id, length, value)
Added also filters so it is possible to filter on the ids (useful
in RTPS)
Bug: 13278
Change-Id: I8569830305bc303febe6f3460221e7a52867a34d
Reviewed-on: https://code.wireshark.org/review/19458
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Maybe there was an issue on Windows back in the old days, when 1) we
didn't have a shared libwireshark library from which to import functions
and data variables and thus you couldn't get variables such as
etype_vals in a plugin and 2) the Infiniband dissector was a plugin, but
neither of those are the case any more.
Change-Id: Id8b82886317bd36a32ad1e1591673623696d4808
Reviewed-on: https://code.wireshark.org/review/19530
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 3264
Change-Id: I9fa8cfaf1e21a8a984941ee40e2e404ae21e55c9
Reviewed-on: https://code.wireshark.org/review/19528
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Given by gcc-4.9.2 on arm:
epan/dissectors/packet-infiniband.c:2708:9: error: variable ‘offset’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
int offset = 0;
^
cc1: all warnings being treated as errors
Change-Id: I12066031093c1fa638792ff8be8f3f5457e3feda
Reviewed-on: https://code.wireshark.org/review/19515
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add Reserved fields as defined by:
* RFC 7296 for IKEv2
* RFC 2408 for IKEv1
* draft-ietf-ipsec-isakmp-mode-cfg-05 for the IKEv1 Attributes Payload
Change-Id: I0c25de6e543aa5461650fb4cd2c103a6a3a8c392
Reviewed-on: https://code.wireshark.org/review/19480
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ida3c5d5826f0ca01a25052a67f1460ff4686008f
Reviewed-on: https://code.wireshark.org/review/19513
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix the size of the Identifier field in the IKEv1 Attributes Payload.
Reference: draft-ietf-ipsec-isakmp-mode-cfg-05, section 3.2
Change-Id: I30bfde9caa6750b342f7dfbad39e63341614a45b
Reviewed-on: https://code.wireshark.org/review/19502
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Fix dissection of the IKEv2 Identification Payload.
Unlike IKEv1, it does not have Protocol and Port fields.
References:
* RFC 2407, section 4.6.2
* RFC 7296, section 3.5
Change-Id: I968e378abd49363785dd7308a4f27908c1c05a8a
Reviewed-on: https://code.wireshark.org/review/19497
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 13221
Change-Id: Ide3e734fca280a294a993afade2503cd751d78a2
Reviewed-on: https://code.wireshark.org/review/19459
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Left over from some stuff I was fiddling with.
Bug: 11785
Change-Id: Ifb06e8b65db65037b336c46e5e180012ae5b7a59
Reviewed-on: https://code.wireshark.org/review/19487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Unless I'm missing something, that code can't be reached, so local_proto
should always be set.
Change-Id: Idf765552d66cce684eb0de8dc8da57382aaf8444
Reviewed-on: https://code.wireshark.org/review/19486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We *have* to use the Windows code on Windows for the reasons given in
the comment. However, some versions of Visual Studio have a time.h that
CMake thinks defines tzname[] (which the header will do under some
circumstances), so HAVE_TZNAME gets defined on Windows. We check for
Windows *before* checking for HAVE_TZNAME - or HAVE_STRUCT_TM_TM_ZONE.
Bug: 11785
Change-Id: I61360daf08203dbd9d109a87c05727b4dbecea66
Reviewed-on: https://code.wireshark.org/review/19483
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This provides external access for dissectors and plugins to provide their
own implementation of TCP options.
Bug: 13141
Bug: 4452
Change-Id: I2fa6290616a4d8a8b421dd6daf98a23ce55479b9
Reviewed-on: https://code.wireshark.org/review/19461
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is for dissectors that need distinguishing names either for registering
multiple dissection functions in a single dissector table or for "internal"
dissectors whose just need a name associated with the dissection function.
Features like enable/disable are handled by the "parent" protocol.
This avoids clutter in the "official" protocol list.
Change-Id: I69e7d27d332ae85286f254e95e8d79920da7a9e2
Reviewed-on: https://code.wireshark.org/review/19464
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are times when byte arrays don't want to show their value
in the packet tree or there is a field that is the "header" of
a subtree where showing the field value distracts from the tree
display. For these cases, BASE_NO_DISPLAY_VALUE can be used
to not display the value.
Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
Reviewed-on: https://code.wireshark.org/review/19479
Reviewed-by: Michael Mann <mmann78@netscape.net>
From the code before change, it appears that only SPI field is in network byte order.
Bug: 13279
Change-Id: Ia157b43a9da30d61dc9cb7607c66d44c8f607498
Reviewed-on: https://code.wireshark.org/review/19477
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Supporting all MA modes this way makes the dissector useless as a heuristic dissector; it always matches. I just didn't understand about heuristic dissectors, and will look for a better solution.
The fragmentation edge cases were also misunderstood. On closer reading of the spec, these are not valid edge cases to be handled smoothly, but packet formatting errors to be diagnosed.
The BB CRC fix is valid AFAIK, and will be resubmitted separately.
This reverts commit 2563503301.
Change-Id: I842f4eca59193b24f41a67ce7d081c681b70f449
Reviewed-on: https://code.wireshark.org/review/19449
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If eContent is not an octet string, content_tvb will be null, and
attempting to use it will trigger an assertion. Besides ill-formed
files, this can also occur in old-style PKCS #7 files, since in PKCS #7
the corresponding field has the ANY type, rather than OCTET STRING.
Change-Id: I9a5bce983aa82107a9602317737c183461cac7f3
Reviewed-on: https://code.wireshark.org/review/19448
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and fix also bitmap (32 bits)
Change-Id: I04b7cb64bf7d593648131c09d05eb8e9b1eca8ca
Reviewed-on: https://code.wireshark.org/review/19471
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Assigned flag bits are the least significant bits of the flags field,
not at the most significant end.
Bug: 13280
Change-Id: Ie568df6ca137c491fedb32cf2316a0240270b3d6
Reviewed-on: https://code.wireshark.org/review/19463
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "infiniband.payload" heuristic dissector was converted to use the base
of the packet tree so that subdissectors could show their protocol as the
base layer. Since many of the subdissectors use the same dissection function
for both "infiniband.payload" and "infiniband.mad.cm.private", ensure that
both use the same "tree level", but still pass in the "payload tree" as part
of the dissector data in case a subdissector wants to use it (currently used
by InfinibandSDP)
Ping-Bug: 13259
Change-Id: I899e8348f6b23d8eee9e74764d8ca32d7bf6e625
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19441
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Parav Pandit <paravpandit@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Create a new subtree for each traffic selector.
Use the length field to find the next traffic selector
rather than accumulating the individual TS field sizes.
Split dissect_ts() to introduce separate offset variables.
After adding the final field, do not advance offset again
to avoid unused variable warnings.
Change-Id: I9951662c1bb3958994162b25b70b43ec1da103a7
Reviewed-on: https://code.wireshark.org/review/19440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at http://www.nvmexpress.org.
Bug: 13201
Change-Id: Id40edaf72838eea9f4087c8ddba9518a9374efab
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19063
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Parav Pandit <paravpandit@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This type is originally from PKCS #7, the predecessor of CMS, so it makes
more sense for it to be there.
Change-Id: I3a146f1d000a3bcbcd0d8f1cfe2fc27ed80cc69d
Reviewed-on: https://code.wireshark.org/review/19335
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a check, to allow the filtering of remote only interfaces. Also
add the necessary options to the type menu.
Change-Id: Ib82519362454094f64abf1cbe6d7bc917990d7ac
Reviewed-on: https://code.wireshark.org/review/19438
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Replace the individual field assignment with struct assignement to
- Reduce code (only single line, but he),
- (Hopefully) show Coverity this is as intended.
Change-Id: I9400b6e38f86acf57018ee7993e66d5b06d1c39c
Reviewed-on: https://code.wireshark.org/review/19434
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These are probably obsolete dissectors anyway, but they are a
bunch of very small files causing unnecessary file pollution.
Change-Id: I03976484996b4bf987d6743ed379534456809c2c
Reviewed-on: https://code.wireshark.org/review/19437
Reviewed-by: Michael Mann <mmann78@netscape.net>
add a function to dissect the sequence of TLV elements
use a hash table for payload functions like we do for the bitmaps
add two tags whose payload is another TLV sequence
Change-Id: Ibb19fd7af2f58e201174d07d410557dc315c652a
Reviewed-on: https://code.wireshark.org/review/19435
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Use Analyze -> Enabled Protocol dialog interface. Added support
for backwards compatibility of preference.
Change-Id: I32b3fce9d18083d9324197e3fd7ddc7eb888d1fb
Reviewed-on: https://code.wireshark.org/review/19422
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now that proto_tree_add_bitmask_value_with_flags() works for tvb==NULL,
we can use it to simplify the dissection of DVB-CI's resource id.
Change-Id: Ia09d5668bf0a61161ecd0cb412680838a67d7a7a
Reviewed-on: https://code.wireshark.org/review/19409
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Enable/disable preference not needed - just use Enabled Protocol
dialog interface. Added support for backwards compatibility of preference.
2. Add value_string for calculation values
3. Create an structured array of "hfs of interest" so they can more easily
be extended.
4. Convert a bunch of arrays into hash tables and lists. For the amount
of wasted space they were taking up, we can live with the very slight
performance degrade. Also puts less limits on number of things to process.
Change-Id: I7399789d62432b507062ed9cdc20ad974b9dde1b
Reviewed-on: https://code.wireshark.org/review/19406
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support all four mode adaptation interface formats. Add a user preference to
specify which format is in use, or to request that the format be guessed.
Guessing is improved, but can never be reliable.
Fix problem with baseband header CRC check that caused almost all packets to
show a spurious CRC error, introduced with proto_tree_add_checksum.
Fix problem with GSE PDU fragmentation CRC beginning in one fragment and
ending in another. Any GSE frames following the fragment containing the
end of the CRC would be parsed at the wrong offset.
Fix problem with IPv4 or IPv6 starting exactly on a fragmentation boundary,
so that one baseband frame contains the complete GSE header but zero bytes
of the IP payload. Trying to further dissect the zero-length payload led to
a "malformed packet" display.
Standardize spelling per governing document: adaption -> adaptation
Change-Id: I69e64e74e4b4f02515411471e1d76b0eeb02fef1
Reviewed-on: https://code.wireshark.org/review/19421
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
one from ISS and other to ISS
Add also reserved field
Issue reported by Hany ASSASA
Bug:13244
Change-Id: Ib20cf6ae455664b87ea3470ebb6d5386a97b0f48
Reviewed-on: https://code.wireshark.org/review/19420
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
You can now use bitmap on 64bits (or 40bits)
and also add a reserved field
Change-Id: Ibc68b56477e76c2b13624920eb7a9a49f8f887f3
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19418
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iee6012e841007b731dc16545a1d9bf6f17377580
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19417
Reviewed-by: Michael Mann <mmann78@netscape.net>
Missing a zero
Change-Id: I43097bc62fb66dea849c5ed7882d01a6de768c82
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19416
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5bfa11213ca27308204a1d8b6073661161c9151e
Reviewed-on: https://code.wireshark.org/review/19414
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13188
Change-Id: I29b2712d4d6ae57e4b0ea4bc0ec126cb80172779
Reviewed-on: https://code.wireshark.org/review/19400
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I84472632e715a6f13e2fa5b58ae95f9dc9d16776
Reviewed-on: https://code.wireshark.org/review/19399
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_bitmask_value_with_flags() eventually calls
proto_tree_add_XXX() for the main hf and for the field elements.
These functions work for tvb==NULL if the length is also set to 0.
Otherwise, we'll end up in proto_tree_add_pi(), get_hfi_length() and
run into the DISSECTOR_ASSERT() there.
proto_tree_add_bitmask_value...() are meant for cases where the data is
passed directly and not read from a tvb. If tvb==NULL, set our length to
0 instead of using the field length from the main hf.
Change-Id: Ia55b068e9842ba4a1ae8be8692320a8e93ea8631
Reviewed-on: https://code.wireshark.org/review/19394
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When I first implemented this, proto_tree_add_subtree_format() worked
for tvb==NULL if len was also 0. The bounds check added in
56706427f5 breaks this use case and makes
DVB-CI spill out dissector asserts.
Warn Dissector bug, protocol DVB-CI, in packet 625:
../epan/tvbuff.c:532: failed assertion "tvb && tvb->initialized"
Create a proto_item first and link the subtree to this item. This will
work as long as proto_tree_add_uint() accepts tvb==NULL.
Thanks to Kay Katzorke for reporting this bug.
Change-Id: I25a071c21925f7d362c92852fd5a8136e4d361c8
Reviewed-on: https://code.wireshark.org/review/19389
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When using this option, rpc_prog_info_value structure is not fully initialized.
Depending on the memory allocator used, this can lead to a NULL pointer
dereference or an access to a random memory block.
Ensure that the structure if fully initialized and test pointer before
dereferencing it.
Bug: 13266
Change-Id: Ifdc54b31c8dd3b2b6220dbe9ee27272758ff60ca
Reviewed-on: https://code.wireshark.org/review/19385
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As those dissectors are registered by name, let's not make the assumption
that rtp_info is always present.
Change-Id: I959b8c71485471b3be4cd2e71a6d96c2d4b278ff
Reviewed-on: https://code.wireshark.org/review/19381
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rtsp_create_conversation was modified significantly:
- ignore non response calls => process only the complete information
- distinguish between UDP, TCP and RTSP interlaced media
- supports ED137 recording with RTP/UDP or RTP/TCP
It was tested on many samples from bugzilla and from my library.
Tests noted in bug 13257
Bug: 13257
Change-Id: I054505bcb9334c3abfff6d61c18c9cb6d2a6d56e
Reviewed-on: https://code.wireshark.org/review/19341
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP Safety: SERCOS Safety Network Number attribute should be 6 bytes. Don't just use all remaining bytes
2. Remove cip_byte_array type. The last remaining usage was #1 above and it really shouldn't be used in the future. Any attribute that would eat up all remaining bytes would have issues with Get Attribute List responses and Set Attribute List requests.
3. Optional Attribute List: Display the attribute name if known.
4. Port: Display Port Number name
5. Port: Associated Communication Objects attribute
Change-Id: I94d99bb1f07aa4b8c44949b2ffb5d75e72483459
Reviewed-on: https://code.wireshark.org/review/19374
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When a Reply chunk is not present, selecting the "Reply chunk" in
the protocol tree should also select the four bytes of zeroes in
the header. This should work the same way as for the Read list and
Write list.
Change-Id: I0a9b7f927cad21e39189cfc1f2b619537ba26a30
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19376
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4d1cf878245b03665207a500fb7593be1435c3d3
Reviewed-on: https://code.wireshark.org/review/19371
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "short_name" parameter of heur_dissector_add is defined as const
(and was assumed to be a string literal). This was no longer the case
though since a change in Lua where "short_name" is a dynamically
allocated string.
This "simple" fix clones the memory for internal use to avoid a
heap-use-after-free when heur_dissector_delete tries to access
"short_name".
An alternative option is to make Proto_register_heuristic track the
memory, but since there are multiple possible heuristics lists for a
protocol, the Proto (struct _wslua_field_t) structure is not
appropriate. A possible working alternative is to store the string into
lua_heur_dissectors_table_ref (replacing the value (function) by a tuple
{function,short_name}).
Change-Id: I6c6b393f4d304dd847e864da6ad17b54c8cd80e2
Fixes: v2.3.0rc0-1474-g7f2a838922 ("lua: Allow proto:register_heuristic to be used on multiple list names")
Reviewed-on: https://code.wireshark.org/review/19365
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit introduces a new dissector aimed at decoding the USB
protocol used by X-Rite i1 Display Pro (and derivatives) colorimeter. It
is based on reverse engineering work by Graeme Gill from the ArgyllCMS
project.
Change-Id: Icdfd0c3f75499d0df4360c6eb6856078de30ba56
Reviewed-on: https://code.wireshark.org/review/18901
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add preference in Infiniband dissector to distinguish between
heuristic and non-heuristic dissection (that uses Decode As).
Remove all of the preferences in the Infiniband subdissectors that
tried to put in "manual" heuristics and direct users to just use
Decode As. Most subdissectors still kept some basic heuristics in
their heuristic functions, but now also register with the Infiniband
dissector table for "manually" forcing dissection with Decode As.
Ping-Bug: 13259
Change-Id: I20d56eee38887664b439e52ec5f5b8f962c45ef1
Reviewed-on: https://code.wireshark.org/review/19362
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This decouples EAPOL from the few dissectors it needs to call based
on packet type and moves registration to the dissectors themselves.
Change-Id: Ia8412fe33370f4aeece52c2c80cda7f140a950cf
Reviewed-on: https://code.wireshark.org/review/19328
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12759
Change-Id: Ic4d47155168978541fb8c3670fcabaf3c35f8aad
Reviewed-on: https://code.wireshark.org/review/19187
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Resolves truncation warnings on the x86 clang build
Change-Id: I14ebbe39b8235bd1b909c488c0402b77deb6dde1
Reviewed-on: https://code.wireshark.org/review/19354
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add handling of STR_ASCII and STR_UNICODE as base types for string
and stringz. Add handling of SEP_DOT, SEP_DASH, SEP_COLON and
SEP_SPACE for bytes and uint_bytes. Add SEP_NONE for completeness.
Change-Id: Ida46c215fee7ec7132ec91ab5dd6cb3de4628920
Reviewed-on: https://code.wireshark.org/review/19337
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Fixes Lua on macOS, tested with an out-of-tree build:
WS_BIN_PATH=$PWD/run ../wireshark/test/test.sh -s wslua
Previously programs that were ran from the build directory would load
data files (radius/, diameter/, init.lua) from the source directory.
Then in the case of Lua, files were loaded from the program directory
($BUILDDIR/run/init.lua on Linux) or source directory
(sSOURCEDIR/epan/wslua/console.lua).
On macOS, this does not work for Lua since files are installed into
$BUILDDIR/run/Wireshark.app/Contents/Resources/share/wireshark/init.lua
instead. Since CMake always copies data files (radius, console.lua,
etc.) into the build directory, make get_datafile_dir() return this
"run" directory instead.
Change-Id: If97d2f5686271caf9ad4d4e4fc58e902dc592a98
Reviewed-on: https://code.wireshark.org/review/19330
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add support for using unit names in ProtoField integer types by
using base.UNIT_STRING.
Add unit name table argument in ProtoField.float() and
ProtoField.double() (and made backward compatibility).
The use of base.UNIT_STRING is not really the best API for adding
unit names in Lua, but is the simples solution without adding new
arguments to ProtoField.
Change-Id: Ib5d064480cffd970a41db1764440642f6c593bb2
Reviewed-on: https://code.wireshark.org/review/19313
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add a convenience btle.length field for easier filtering of BTLE
packets without data and with specific length ranges.
Change-Id: If56eac9c86ccf40741a6ceb50d13a1733132f448
Reviewed-on: https://code.wireshark.org/review/19348
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This will have to be done differently with xlc if it's necessary.
While we're at it, fix the spelling of "Cygwin" (no InterCaps).
Bug: 13262
Change-Id: If3084cfb58f4abd9048afafecdd24c13645c2776
Reviewed-on: https://code.wireshark.org/review/19355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also added a note above field_display_e enum to indicate that this
values are parsed in make-init-lua.pl to build init.lua.
Change-Id: Ibd125684f9a68e1b8116fae0ccbc72147825d75d
Reviewed-on: https://code.wireshark.org/review/19336
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
1. Convert the Mellanox encapsulation header into a heuristic dissector.
2. Convert EtherType header dissection into a heuristic dissector.
3. Convert "heuristic preferences" to use deprecated_heur_dissector_pref.
Ping-Bug: 5061
Ping-Bug: 2672
Change-Id: Iabcac1af8e07f3f6f25f825ed56b2036c3285783
Reviewed-on: https://code.wireshark.org/review/19317
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BDAT handling takes the whole packet to add to its count of necessary
bytes, but wasn't updating the offset, so if a BDAT "data packet" had
multiple CRLF segments in it, the BDAT byte counter became inaccurate.
Bug: 13030
Change-Id: Idd44ccb95a8f4710db4546a918661c63a343260c
Reviewed-on: https://code.wireshark.org/review/19343
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Because luaL_argerror() does a longjmp all memory free must be done
before calling this.
Also rewrote true_false_string_from_table() to be a bit simpler
and to give argument error when too many strings in the table.
Change-Id: Ied0fa468f1274155c746fe2e086dacf1a8582b08
Reviewed-on: https://code.wireshark.org/review/19325
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Data",
"LE Set Extended Scan Response Data", and
"LE Set Extended Advertising Enable" command parser.
Change-Id: I3027dc9c213c15f503fa5495829726db3a207300
Reviewed-on: https://code.wireshark.org/review/19251
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Based on EUROCAE ED-137B specification:
ED-137B, Part 1: RADIO, INTEROPERABILITY STANDARDS FOR VOIP ATM COMPONENTS
https://boutique.eurocae.net/eshop/catalog/index.php
Bug: 13252
Change-Id: Ifab1aaf47e3405fcd46309167237f11ce2d7e2ff
Reviewed-on: https://code.wireshark.org/review/19302
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13251
Change-Id: I56a01e779f7f0eadc8a078f88543269a91148f00
Reviewed-on: https://code.wireshark.org/review/19293
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I433b6357914063ba7dbbe119771770e98e019091
Reviewed-on: https://code.wireshark.org/review/19324
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add RFC6926 and RFC7724
Change-Id: I2e10c337f3fe3043e5c36f501eb3e29b16bfcecc
Reviewed-on: https://code.wireshark.org/review/19312
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic6812fd266832743962e020cfc8f0af2d4742fdf
Reviewed-on: https://code.wireshark.org/review/19308
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Fragment offset unit is 8-octet, not bytes.
Reverts regression introduced in 232cb9a2dd.
Change-Id: Id015209b45e15cd630f42ed2c3bbf342094b8ba6
Reviewed-on: https://code.wireshark.org/review/19307
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Otherwise, we get complaints when generating the value_string_ext from
it.
Change-Id: I2b4fc4c57b1f0c47706fe73187192c155593da84
Reviewed-on: https://code.wireshark.org/review/19306
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Applications can also use GSMTAP framing to convey log messages
which would traditionally be printed on stderr or on log files. This
allows the ordered/interspersed display of protocol messages with log
lines from the applications that send or received those messages.
The osmocom logging framework (part of libosmocore) implements this in
libosmocore.git Change-Id I9a7e72b8c9c6f6f2d76d1ea2332dcdee12394625
Change-Id: I0de723445e5b5ce0199a4081808111240a9ed047
Reviewed-on: https://code.wireshark.org/review/19183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
1. Generically handle/display all unparsed data. Any unparsed data can be found with cip.data
2. This now shows at least some unparsed data that was not previously displayed. Previously, extra data sent with Get Attribute List requests was not displayed. It was difficult to tell why devices were returning errors, without knowing there was extra data.
3. Make most functions return the number of bytes processed to support the above points.
Change-Id: I290c09d76e74c18facaef99c8903e7937fbdd710
Reviewed-on: https://code.wireshark.org/review/19263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I152a388db2f3b8c035c80bd06dfbb9a18f10c031
Reviewed-on: https://code.wireshark.org/review/19284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variables are removed
Change-Id: I54bb00a74255625c7ce487cfd31794fcdb9fa979
Reviewed-on: https://code.wireshark.org/review/19295
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many proto_item_append_text calls were just adding a unit string to a field.
There's a better way to do that now.
Change-Id: Id18d5ac1ea4d8ecdc4cbe7ebaec07fbd2eab6e78
Reviewed-on: https://code.wireshark.org/review/19289
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_uint_format_value had the most use of unit strings, this
patch handles all of the other proto_tree_add_xxx_format_value calls that
could be better served using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added more "common" unit string values to unit_strings.[ch]
Change-Id: I0fb680be781e10037eb7bd40dd21a9ee20c1fb1c
Reviewed-on: https://code.wireshark.org/review/19288
Reviewed-by: Michael Mann <mmann78@netscape.net>
As per glib manual, GSLists need to be NULL initialized.
Change-Id: If78904b900f6ddd7a0afaf3a1c480ec7626f2027
Reviewed-on: https://code.wireshark.org/review/19281
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those sizes are limited by the packet sizes we support, and we only
support a maximum packet size of 2^32.
This squelches some compiler warnings.
Remove some casts that this renders unnecessary.
Change-Id: Id9a7bcf8c2ce30bbed7be6c0e28deb9cf38002e0
Reviewed-on: https://code.wireshark.org/review/19279
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch modifies the homeplug-av dissector to better decode sniffer data according to the IEEE 1901-2010 standard.
The dissector now decodes MPDU variant fields correctly based on delimiter type, and decodes beacon MPDU payloads.
There are some variable-length fields it doesn't handle yet.
This patch should have no effect on how non-sniffer-data packets are decoded.
These changes are based on Andrew Margolis' pull request to faifa at https://github.com/ffainelli/faifa/pull/11
Change-Id: Ia60ac7affa99a68b38f04ab66373ac715c761328
Reviewed-on: https://code.wireshark.org/review/19156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See 8.4a.2 from 802.11ad-2012(.pdf)
Issue reported by Hany ASSASA
Ping-Bug: 13244
Change-Id: I6e22de3009b722e61b30ce2dd93596c4f51bb2fe
Reviewed-on: https://code.wireshark.org/review/19243
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3161 Appendix A. The ASN.1 elements it defines are not
officially part of any module, so just stick them into PKIXTSP.
Change-Id: I728505cb305b924465b62eb442288edea7f916a7
Reviewed-on: https://code.wireshark.org/review/19272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In some messages (observed in Oracle 12c) packet length has 4 bytes
instead of 2.
Tested with oracle12-example.pcapng from SampleCaptures wiki.
Also small datatype fix.
Change-Id: I35490ade8cf0dee6392f4fa1b51d8dc7cff85400
Reviewed-on: https://code.wireshark.org/review/19264
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added back legacy version (<= 0.9.7) support after restructuring
for dissector completeness.
Change-Id: I5355bf8faa1b9fd8ee9056254048fe5c314b6efb
Reviewed-on: https://code.wireshark.org/review/19271
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This clears up the diff between the local copy of the CMS module and
upstream, making it easier to determine what modifications were made.
Change-Id: I466cb97e6505ea8075d01663e1ede95b85468898
Reviewed-on: https://code.wireshark.org/review/19269
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Added header fields in a new subtree.
- Restructured to use fewer functions and to use offset
counting instead of offset defines.
- Removed support for legacy version 0.9.7.
- Removed unused code.
Change-Id: I9eb6c8b3b450ddb95fb0f4bdd9f9717dafa687b0
Reviewed-on: https://code.wireshark.org/review/19260
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a manual attempt at what proto_tree_add_bitmask can do anyway.
Change-Id: If551e8afa346a33b8e15dc441aae75ba0752ab46
Reviewed-on: https://code.wireshark.org/review/19257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also use proto_tree_add_item_ret_length for string handling.
Change-Id: Id1eae2e51460a3b7f4c3385b9b1fd7f12398a227
Reviewed-on: https://code.wireshark.org/review/19255
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove functionality that was replaced by a proto_tree_add_bitmask
2. Remove use of nbdgm_header structure which is just a useless placeholder
3. Remove some if (tree) over single fields.
Change-Id: I0879043685686eb5b861cf77ec38bbf25ed6044e
Reviewed-on: https://code.wireshark.org/review/19254
Reviewed-by: Michael Mann <mmann78@netscape.net>
IMG_JFIF was trying to be a macro for all display and expert info filters.
This messed with the pre-commit scripts ability to ensure protocol
filter name was being used as the prefix for display and expert info
filters. So replaced IMG_JFIF with the proper prefix - "image-jfif"
Change-Id: I1fe3dc8797529c9d17f75c511bc279824e7e69b0
Reviewed-on: https://code.wireshark.org/review/19253
Reviewed-by: Michael Mann <mmann78@netscape.net>
The file list contains semicolon-separated list of files to check.
When merging the lists we need to separate them properly.
Error:
No such file: "packet-ncp2222.cpacket-coseventcomm.c" at wireshark/tools/checkAPIs.pl line 2050.
Change-Id: I19702ab85408caf69ed922732fce74c3058be640
Reviewed-on: https://code.wireshark.org/review/19237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set all addresses before we do reassembly because sub-dissectors may set
their own addresses, and we don't want to override them again.
This fixes "Follow TCP Stream" and shows the correct IP addresses in the
Source and Destination columns when transporting IP packets.
Allocate the addresses in pinfo pool to avoid possible stack buffer overflow.
Bug: 13230
Change-Id: I3b81ccb02b38331add4773d9bb3d5e0f6dcf025e
Reviewed-on: https://code.wireshark.org/review/19201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.
Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Parameters" and
"LE Set Extended Advertising Parameters" commands parsing.
Change-Id: Ibcc9f145694e54710da3a11ade237f7132674366
Reviewed-on: https://code.wireshark.org/review/19234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissectors above infiniband (such as RPC dissector)
performs exact lookup on saddr, daddr, sport, dport. They are unaware
that underlying transport is infiniband which doesn't have src_qp in
packets. Due to which srcport remains uninitialized and exact lookup
fails.
In order to get them work seemlessly, this fix updates the sport
to src_qp (similar to destport to dest_qp). With this upper level
dissectors can perform direct lookup similar to TCP. Those which need to
access private data of unidirectional CM messages, can still continue to
perform unidirectional lookup as before.
It also fixes the issue where req_qp and resp_qp were swapped during
bidirectional conversation creation. This was caught during testing with
packet-rpc.c by Chuck Lever.
Tested protocols:
1. nfs-rdma over Infiniband with trace of Bug 13213
2. ICMP packets over Infiniband
3. NVMe fabrics over RDMA
Tested with trace of Bug 13201 for Nvme.
Bug: 13202
Bug: 13213
Change-Id: Ica1b6aae3ccaa6642dc3b3edfa9a5a4c335cc5da
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the dynamic payload type defined. If so set the dynamic
payload_type_string to that dissectors name.
This is for RTP analysis to work if there is no setup information in the
file.
Change-Id: I7ae7b957cfa9eb6013f7d32d50563e2034210af6
Reviewed-on: https://code.wireshark.org/review/19220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".
Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode. Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037. Add ENC_EBCDIC_CP037 for code page 037.
Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* kex_first_packet_follows -> first_kex_packet_follows
That's the name the spec (RFC 4253) uses.
* DH H signature -> H signature, DH host key -> host key
Neither the host key nor the H signature have much to do
with Diffie-Hellman. They're used in the same way in
every key exchange method that I know of, so their names
should be more generic.
* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
This is to make all key exchange method-specific fields follow
a consistent pattern with all names/abbrevs being prepended
by the method name.
Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All the pseudo-headers encode the endpoint as per a bEndpointAddress in
sections 9.6.6 "Endpoint" of the USB 2.0 spec and the USB 3.1 spec, with
a 4-bit endpoint number at the bottom and a 1-bit direction at the top
with 0 = OUT and 1 = IN.
Show the FreeBSD endpoint address the same way the other endpoint
addresses are shown; the FreeBSD one is shown as a 4-byte little-endian
value, but only the low-order (first) byte is used, so just show that
byte.
Call that field the "endpoint address", with the lower 4 bits being the
"endpoint number" and the uppermost bit the "endpoint direction".
Change-Id: Ic7358c7fb6b6df2502315b590eb5178cecb321d9
Reviewed-on: https://code.wireshark.org/review/19200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.
Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.
Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, sort the initializations of structure members by the order in the
structure, to make it easier to check that we've initialized them all.
Bug: 13231
Change-Id: Id2819940d916a5fd5a3f1bf2fc20bd3ee34a75f4
Reviewed-on: https://code.wireshark.org/review/19195
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The header field ID variables are listed in a somewhat chaotic order,
making the list hard to comprehend and update. Group them according
to the part of the protocol the corresponding fields occur in, and
order the groups and the IDs within groups to roughly match
the protocol flow and message formats.
Change-Id: I915f508fd78ff89819c96d246c79d335de6a172e
Reviewed-on: https://code.wireshark.org/review/19154
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The code was making the assumption that the ICMP data time will always
be greater than or equal to the frame time, but not earlier, but that
is not always the case and the heuristics can fail.
Bug: 13161
Change-Id: I4bc7bd8d22d717d3b1f08afdd651f8a70cb7aef2
Reviewed-on: https://code.wireshark.org/review/19157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie13e23232e183818b813e391274d75415b3fee83
Reviewed-on: https://code.wireshark.org/review/19181
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12824
Change-Id: I4b857f3cc488867d8ee7487c1f978edf639988f8
Reviewed-on: https://code.wireshark.org/review/19182
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
what happens.
Change-Id: Ib64c127ef5e2ba3fe57301c7ac7c75fd1d0e0d27
Reviewed-on: https://code.wireshark.org/review/19176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Libgcrypt prints all log messages to stderr by default. On Windows the
slow_gatherer routine logs
NOTE: you should run 'diskperf -y' to enable the disk statistics
if DeviceIoControl(..., IOCTL_DISK_PERFORMANCE, ...) fails. We don't
depend on cryptographically secure random numbers and the message is
needlessly confusing. Add a log handler that ignores less-severe messages.
Change-Id: If40a691ea380364457dfdf126b9bf33ac2672d3a
Reviewed-on: https://code.wireshark.org/review/19155
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, remove the "make sure we're not fetching a bogus structure" tests.
Add a comment explaining how a compiler bug where it's overly optimizing
a combination of tests could cause the valgrind errors we were seeing,
so we're zeroing the entire structure, padding included, to avoid that.
Change-Id: I24f94b2cbceec5234c1da82b891f609648075839
Reviewed-on: https://code.wireshark.org/review/19149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
while at it extend IE value_strings.
Change-Id: Iea592aca088384c381843be7255922db2ade393a
Reviewed-on: https://code.wireshark.org/review/19145
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not just decode the payload type for RTP/AVP, but also all RTP
transport types.
Add RTP/AVPF (same as normal RTP/AVP, but with additional RTCP formats).
Similarly, add RTP/SAVPF and the two DTLS variants. Add references to
the relevant specifications and order per IANA registry.
Tested with dtls-srtp-ws-sip.pcapng, now the payload types under the
"m=" tree have names and frames that were previously reported as RTP
show up as SRTP. Frame 442 now shows "Encrypted RTCP Payload" warning
instead of decoding it as garbage.
Change-Id: I06893f385ec270391f8891e72a364d08d2354a0a
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/19139
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 92a2c184b0.
Actually, that address *is* attached to a pinfo structure.
Change-Id: I183135f9cf10a6714045091d2ae02d2799093bae
Reviewed-on: https://code.wireshark.org/review/19143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Nit: Make it easier to see the transition between the end of the
RPC-over-RDMA transport header and the start of the RPC header.
Calculate the selection size of the RPC-over-RDMA header
properly, including the size of the chunk lists.
Change-Id: I84bc7d970a95e8f50a21a45ded386322711b6512
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19034
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Value 1 incorrect. Remaining enumerations correct
Change-Id: I31939fabded6c4eab13c5b61bbdd4f61b962f0e0
Reviewed-on: https://code.wireshark.org/review/19137
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit e2c26ff90c.
*That* address isn't attached to a pinfo structure, it's used to create a conversation, and a copy is made of it, using file scope. So that's not the cause of this problem.
Change-Id: I07ce091e678c42c30080cd00fd17cd1584f473ad
Reviewed-on: https://code.wireshark.org/review/19138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The address data is supposed to outlive the current routine's scope, so
you can't pass it a pointer to an argument to the routine; you have to
allocate pinfo-scoped memory and copy the variable to that.
Bug: 13219
Change-Id: Id3fdb52b614036d4d24d0676e798a2524fbe916c
Reviewed-on: https://code.wireshark.org/review/19136
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit db7c628616.
As pointed out in bug 13044, the warning is really coming from checking
"cops_call->solicited", no need to expand the whole expression.
Ping-Bug: 13044
Change-Id: Ib376ce6d0ec9fcf896e6081adae7664f19d9f759
Reviewed-on: https://code.wireshark.org/review/19115
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Show each version in the list independently as an item.
Perhaps the Set Protocol response version lists seen have only one
version, but the presence of a version-0 terminator suggests that it
could contain multiple versions, so dissect it as such.
For FT_STRINGZ values, let proto_tree_add_item() determine the length -
pass a length of -1. If we need the length, use
proto_tree_add_item_ret_length().
Change-Id: I5954ccac34f9e462c6d43e9a213974cf818f4d0d
Reviewed-on: https://code.wireshark.org/review/19134
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set Protocol is a SQLNET (NET8) message of Data packet type. At the
moment, request message is fully implemented, response partly.
Also, remove unused href entry(s).
Change-Id: I1814ce867cf4f03fa70f05552bfe870ed8f7737c
Reviewed-on: https://code.wireshark.org/review/19051
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And try to improve column output readability by using
separators.
Change-Id: I274f47275519c2a87def483f8f857a98edc341d1
Reviewed-on: https://code.wireshark.org/review/19109
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use proto_item_set_len instead of walking the packet ahead of time
trying to compute the size.
Change-Id: I5eb3da1fef45895853cb5b6b198d0310394e4176
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19120
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13212
Change-Id: I249d38e843f737bbd0773828f24980d148fbaa00
Reviewed-on: https://code.wireshark.org/review/19126
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the bitmask also stored whether the type of media (video) and
address type (IPv4/IPv6). Now that these are gone, it makes more sense
to use enums.
There is no functional change (only debugging output is different).
Change-Id: Idc9659cd21e36489a3f5720bbf13640c4beecc02
Reviewed-on: https://code.wireshark.org/review/19124
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Temporariy add a "magic" field, initialize it when we allocate it, and
whenever we fetch a structure from the array, make sure the "magic"
field has the right value.
(If this all turns out to be a valgrind bug, I'm not going to be very
happy.)
Change-Id: I29becc715367fdc305504b38d48be05dc516132a
Reviewed-on: https://code.wireshark.org/review/19128
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the Infiniband-centric QP filtering. This filtering attempted
to create conversations to allow the heuristic dissector to be
bypassed once it was established that a QP was carrying
RPC-over-RDMA traffic.
However, it was preventing proper identification of RPC-over-RDMA
traffic when a CM connection establishment exchange doesn't appear
in the capture (which is frequently the case for captures of NFS
traffic).
Also, without this conversation logic, loading a capture file
appears to be significantly faster, at least for capture files
I have on hand.
Later, some form of conversation management will be needed in
order to associate RPC-over-RDMA transport headers with
RDMA Read and Write operations that go along with them. But it
will need to be agnostic about the underlying link layer.
Bug: 13199
Bug: 13202
Change-Id: Ie6b7a4c65979dac036306f7367ce18836713ab4d
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19032
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those functions also known as NET8 commands or SQLNET layer of TNS protocol.
Also added a lot of sub-functions for one NET8 command, also known as OCI
(Oracle Call Interface).
Do other cleanup while in the neighbor hood including:
1. Use proto_tree_add_bitmask where applicable
2. Remove individual "hidden" command fields. Filtering should use "tns.type"
3. Remove unnecessary if (tree)s
Change-Id: Ib7cc5cf307179d5d252c334949a4e77d9d396ba4
Reviewed-on: https://code.wireshark.org/review/19050
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3d8da3f481d6808d374c2a906652370a46a4c088
Reviewed-on: https://code.wireshark.org/review/19121
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Valgrind 3.11.0 on the Ubuntu 16.04 buildbot reports that
cops_call->solicited is not initialized:
pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
/* ... */
for (i=0; i < pdus_array->len; i++) {
cops_call = (cops_call_t*)g_ptr_array_index(pdus_array, i);
if ( /* ... */
( (cops_call->op_code == COPS_MSG_KA && !(cops_call->solicited)) &&
^^^^^^^^^^^^^^^^^^^^
which is clearly bogus since the only place where cops_call could be
created is a few lines up:
ver_flags = tvb_get_guint8(tvb, offset);
is_solicited = (lo_nibble(ver_flags) == 0x01);
/* ... */
pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
if (pdus_array == NULL) {
pdus_array = g_ptr_array_new();
wmem_map_insert(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value), pdus_array);
}
/* ... */
cops_call = wmem_new(wmem_file_scope(), cops_call_t);
cops_call->op_code = op_code;
cops_call->solicited = is_solicited;
/* ... */
g_ptr_array_add(pdus_array, cops_call);
Try to zero the whole structure to avoid this bogus warning.
Change-Id: I1ec4d23e99c987849af580a1c8134610c383e55e
Ping-Bug: 13044
Ping-Bug: 13203
Reviewed-on: https://code.wireshark.org/review/19119
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Debug mode keys are described by Bluetooth Core4 specification.
Inform user if any of keys are debug. Debug mode is only if both
keys are debug.
Change-Id: Id7f58c2445614dc386a67b91cbe6f78ffbeda880
Reviewed-on: https://code.wireshark.org/review/19083
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add "Linkkey" and "Reserved" fields.
Change-Id: I21a23824348500bbcf8366c947fe2d6599b015d4
Reviewed-on: https://code.wireshark.org/review/19081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allow the Write segment count field to be selected and filtered on.
In many Write chunks there is just one segment. However in some
special cases there can be multiple segments in a Write or Reply
chunk.
Change-Id: Ic4a4104e3a44bf4f2c96e4e5353a10e7547350c9
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19102
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5d415ba9ce7ae62eff43d47ceaa96e6282eaad1a
Reviewed-on: https://code.wireshark.org/review/19113
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
- update callback must return a boolean to indicate success / failure
- error message must be allcoated in glib memory as GUI will g_free it
Bug: 13209
Change-Id: Ibb9690034d66dae85e775d0010aadeb192c76b4a
Reviewed-on: https://code.wireshark.org/review/19111
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The media_count meaning is horrendous. -1 means "none", a count of "0"
actually means "1". This led to various bugs in the past, so just rip it
out and use a (wmem) array from which the length can be determined.
That also means that a hard-coded limit on the media can now easily be
lifted without affecting the size of the transport_info_t structure.
(This limit, SDP_MAX_RTP_CHANNELS, is unchanged in this patch though.)
Refactor the SDP dissector such that:
- Media and related attributes are no longer a bunch of fixed array
fields, but grouped in one structure. This results in the largest
changes all over the place since "transport_info->media[n]" is now
transformed into "media_desc->media" where "media_desc" is an element
of the "transport_info->media_descriptions" wmem array.
- Simplify protocol (in "m=") parsing (lots of ifs -> array + loop).
- Remove convert_disposable_media and disposable_media_info_t, parse
fields (media protocol from "m=", connection address from "c=", etc.)
while parsing the SDP instead of parsing it at the end.
- Have two distinct structures for keeping the info for the session and
media level. Emphasize that new media descriptions are inherited from
session level attributes (via sdp_new_media_description).
- Delay creation of dynamic payload type information table until we
actually create the media description. Create function
clean_unused_media_descriptions to handle the common of freeing
unused dynamic pt.
- Remove SDP_IPv4/SDP_IPv6, these are replaced by checking the type
member of the address structure.
Changes to MSRP part:
- Move MSRP attributes to the media-level attributes.
- Remove msrp_transport_address_set attribute, rely on the AT_NONE
address type for detecting bad addresses.
- Remove SDP_MSRP_IPv4 check, this never worked as the flag was never
set. Now it relies on the address family from the host in a=path:.
Tested with these capture files with no change in PDML output nor
improvements/regressions with memleaks (as reported by ASAN):
capture sip call wireshark 1.8.2.pcap
NOringback.pcapng
rtp_not_parsed_by_1_10_1.pcap
rtsp_interleaved_coreplayer.cap
SIP_CALL_RTP_G711.pcapng
srtpincorrectlyselected.pcap
tdnwifitontwifi_withnatting_clientAbhopati_03082015.pcapng
Change-Id: Ia0dbc63f8bd78cc84dad2e18174540e31b78a80d
Reviewed-on: https://code.wireshark.org/review/19072
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is no way to iterate through the contents. For a future patch to
the SDP dissector (where the session-level info is copied to the
media-level), it would be nice to duplicate the dynamic payload info.
Change-Id: I79b8349e5e157298a28fc608e20c2c2e03e76400
Reviewed-on: https://code.wireshark.org/review/19106
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MustBeArt
Harald Welte