Missing a zero
Change-Id: I43097bc62fb66dea849c5ed7882d01a6de768c82
Ping-Bug: 13244
Reviewed-on: https://code.wireshark.org/review/19416
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5bfa11213ca27308204a1d8b6073661161c9151e
Reviewed-on: https://code.wireshark.org/review/19414
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We save a list of dissectors that are disabled through the Enabled Protocols
dialog. This is because we assume dissectors are enabled by default.
For dissectors that are disabled by default, we have no way to keep them
enabled through the Enabled Protocols dialog. A dissector that defaults
to being disabled has to be reset to enabled each time Wireshark is launched.
Add a list similar to the disabled list for enabling dissectors that are
disabled by default.
This mostly applies to post-dissectors.
Change-Id: I31a8d97a9fdbc472fe2a8666384e0f8786bb8e9f
Reviewed-on: https://code.wireshark.org/review/19405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13188
Change-Id: I29b2712d4d6ae57e4b0ea4bc0ec126cb80172779
Reviewed-on: https://code.wireshark.org/review/19400
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I84472632e715a6f13e2fa5b58ae95f9dc9d16776
Reviewed-on: https://code.wireshark.org/review/19399
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_bitmask_value_with_flags() eventually calls
proto_tree_add_XXX() for the main hf and for the field elements.
These functions work for tvb==NULL if the length is also set to 0.
Otherwise, we'll end up in proto_tree_add_pi(), get_hfi_length() and
run into the DISSECTOR_ASSERT() there.
proto_tree_add_bitmask_value...() are meant for cases where the data is
passed directly and not read from a tvb. If tvb==NULL, set our length to
0 instead of using the field length from the main hf.
Change-Id: Ia55b068e9842ba4a1ae8be8692320a8e93ea8631
Reviewed-on: https://code.wireshark.org/review/19394
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When I first implemented this, proto_tree_add_subtree_format() worked
for tvb==NULL if len was also 0. The bounds check added in
56706427f5 breaks this use case and makes
DVB-CI spill out dissector asserts.
Warn Dissector bug, protocol DVB-CI, in packet 625:
../epan/tvbuff.c:532: failed assertion "tvb && tvb->initialized"
Create a proto_item first and link the subtree to this item. This will
work as long as proto_tree_add_uint() accepts tvb==NULL.
Thanks to Kay Katzorke for reporting this bug.
Change-Id: I25a071c21925f7d362c92852fd5a8136e4d361c8
Reviewed-on: https://code.wireshark.org/review/19389
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When using this option, rpc_prog_info_value structure is not fully initialized.
Depending on the memory allocator used, this can lead to a NULL pointer
dereference or an access to a random memory block.
Ensure that the structure if fully initialized and test pointer before
dereferencing it.
Bug: 13266
Change-Id: Ifdc54b31c8dd3b2b6220dbe9ee27272758ff60ca
Reviewed-on: https://code.wireshark.org/review/19385
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As those dissectors are registered by name, let's not make the assumption
that rtp_info is always present.
Change-Id: I959b8c71485471b3be4cd2e71a6d96c2d4b278ff
Reviewed-on: https://code.wireshark.org/review/19381
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rtsp_create_conversation was modified significantly:
- ignore non response calls => process only the complete information
- distinguish between UDP, TCP and RTSP interlaced media
- supports ED137 recording with RTP/UDP or RTP/TCP
It was tested on many samples from bugzilla and from my library.
Tests noted in bug 13257
Bug: 13257
Change-Id: I054505bcb9334c3abfff6d61c18c9cb6d2a6d56e
Reviewed-on: https://code.wireshark.org/review/19341
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP Safety: SERCOS Safety Network Number attribute should be 6 bytes. Don't just use all remaining bytes
2. Remove cip_byte_array type. The last remaining usage was #1 above and it really shouldn't be used in the future. Any attribute that would eat up all remaining bytes would have issues with Get Attribute List responses and Set Attribute List requests.
3. Optional Attribute List: Display the attribute name if known.
4. Port: Display Port Number name
5. Port: Associated Communication Objects attribute
Change-Id: I94d99bb1f07aa4b8c44949b2ffb5d75e72483459
Reviewed-on: https://code.wireshark.org/review/19374
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When a Reply chunk is not present, selecting the "Reply chunk" in
the protocol tree should also select the four bytes of zeroes in
the header. This should work the same way as for the Read list and
Write list.
Change-Id: I0a9b7f927cad21e39189cfc1f2b619537ba26a30
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19376
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4d1cf878245b03665207a500fb7593be1435c3d3
Reviewed-on: https://code.wireshark.org/review/19371
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "short_name" parameter of heur_dissector_add is defined as const
(and was assumed to be a string literal). This was no longer the case
though since a change in Lua where "short_name" is a dynamically
allocated string.
This "simple" fix clones the memory for internal use to avoid a
heap-use-after-free when heur_dissector_delete tries to access
"short_name".
An alternative option is to make Proto_register_heuristic track the
memory, but since there are multiple possible heuristics lists for a
protocol, the Proto (struct _wslua_field_t) structure is not
appropriate. A possible working alternative is to store the string into
lua_heur_dissectors_table_ref (replacing the value (function) by a tuple
{function,short_name}).
Change-Id: I6c6b393f4d304dd847e864da6ad17b54c8cd80e2
Fixes: v2.3.0rc0-1474-g7f2a838922 ("lua: Allow proto:register_heuristic to be used on multiple list names")
Reviewed-on: https://code.wireshark.org/review/19365
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit introduces a new dissector aimed at decoding the USB
protocol used by X-Rite i1 Display Pro (and derivatives) colorimeter. It
is based on reverse engineering work by Graeme Gill from the ArgyllCMS
project.
Change-Id: Icdfd0c3f75499d0df4360c6eb6856078de30ba56
Reviewed-on: https://code.wireshark.org/review/18901
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add preference in Infiniband dissector to distinguish between
heuristic and non-heuristic dissection (that uses Decode As).
Remove all of the preferences in the Infiniband subdissectors that
tried to put in "manual" heuristics and direct users to just use
Decode As. Most subdissectors still kept some basic heuristics in
their heuristic functions, but now also register with the Infiniband
dissector table for "manually" forcing dissection with Decode As.
Ping-Bug: 13259
Change-Id: I20d56eee38887664b439e52ec5f5b8f962c45ef1
Reviewed-on: https://code.wireshark.org/review/19362
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This decouples EAPOL from the few dissectors it needs to call based
on packet type and moves registration to the dissectors themselves.
Change-Id: Ia8412fe33370f4aeece52c2c80cda7f140a950cf
Reviewed-on: https://code.wireshark.org/review/19328
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12759
Change-Id: Ic4d47155168978541fb8c3670fcabaf3c35f8aad
Reviewed-on: https://code.wireshark.org/review/19187
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Resolves truncation warnings on the x86 clang build
Change-Id: I14ebbe39b8235bd1b909c488c0402b77deb6dde1
Reviewed-on: https://code.wireshark.org/review/19354
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add handling of STR_ASCII and STR_UNICODE as base types for string
and stringz. Add handling of SEP_DOT, SEP_DASH, SEP_COLON and
SEP_SPACE for bytes and uint_bytes. Add SEP_NONE for completeness.
Change-Id: Ida46c215fee7ec7132ec91ab5dd6cb3de4628920
Reviewed-on: https://code.wireshark.org/review/19337
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Fixes Lua on macOS, tested with an out-of-tree build:
WS_BIN_PATH=$PWD/run ../wireshark/test/test.sh -s wslua
Previously programs that were ran from the build directory would load
data files (radius/, diameter/, init.lua) from the source directory.
Then in the case of Lua, files were loaded from the program directory
($BUILDDIR/run/init.lua on Linux) or source directory
(sSOURCEDIR/epan/wslua/console.lua).
On macOS, this does not work for Lua since files are installed into
$BUILDDIR/run/Wireshark.app/Contents/Resources/share/wireshark/init.lua
instead. Since CMake always copies data files (radius, console.lua,
etc.) into the build directory, make get_datafile_dir() return this
"run" directory instead.
Change-Id: If97d2f5686271caf9ad4d4e4fc58e902dc592a98
Reviewed-on: https://code.wireshark.org/review/19330
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add support for using unit names in ProtoField integer types by
using base.UNIT_STRING.
Add unit name table argument in ProtoField.float() and
ProtoField.double() (and made backward compatibility).
The use of base.UNIT_STRING is not really the best API for adding
unit names in Lua, but is the simples solution without adding new
arguments to ProtoField.
Change-Id: Ib5d064480cffd970a41db1764440642f6c593bb2
Reviewed-on: https://code.wireshark.org/review/19313
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add a convenience btle.length field for easier filtering of BTLE
packets without data and with specific length ranges.
Change-Id: If56eac9c86ccf40741a6ceb50d13a1733132f448
Reviewed-on: https://code.wireshark.org/review/19348
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This will have to be done differently with xlc if it's necessary.
While we're at it, fix the spelling of "Cygwin" (no InterCaps).
Bug: 13262
Change-Id: If3084cfb58f4abd9048afafecdd24c13645c2776
Reviewed-on: https://code.wireshark.org/review/19355
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also added a note above field_display_e enum to indicate that this
values are parsed in make-init-lua.pl to build init.lua.
Change-Id: Ibd125684f9a68e1b8116fae0ccbc72147825d75d
Reviewed-on: https://code.wireshark.org/review/19336
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
1. Convert the Mellanox encapsulation header into a heuristic dissector.
2. Convert EtherType header dissection into a heuristic dissector.
3. Convert "heuristic preferences" to use deprecated_heur_dissector_pref.
Ping-Bug: 5061
Ping-Bug: 2672
Change-Id: Iabcac1af8e07f3f6f25f825ed56b2036c3285783
Reviewed-on: https://code.wireshark.org/review/19317
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
BDAT handling takes the whole packet to add to its count of necessary
bytes, but wasn't updating the offset, so if a BDAT "data packet" had
multiple CRLF segments in it, the BDAT byte counter became inaccurate.
Bug: 13030
Change-Id: Idd44ccb95a8f4710db4546a918661c63a343260c
Reviewed-on: https://code.wireshark.org/review/19343
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Because luaL_argerror() does a longjmp all memory free must be done
before calling this.
Also rewrote true_false_string_from_table() to be a bit simpler
and to give argument error when too many strings in the table.
Change-Id: Ied0fa468f1274155c746fe2e086dacf1a8582b08
Reviewed-on: https://code.wireshark.org/review/19325
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Data",
"LE Set Extended Scan Response Data", and
"LE Set Extended Advertising Enable" command parser.
Change-Id: I3027dc9c213c15f503fa5495829726db3a207300
Reviewed-on: https://code.wireshark.org/review/19251
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Based on EUROCAE ED-137B specification:
ED-137B, Part 1: RADIO, INTEROPERABILITY STANDARDS FOR VOIP ATM COMPONENTS
https://boutique.eurocae.net/eshop/catalog/index.php
Bug: 13252
Change-Id: Ifab1aaf47e3405fcd46309167237f11ce2d7e2ff
Reviewed-on: https://code.wireshark.org/review/19302
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13251
Change-Id: I56a01e779f7f0eadc8a078f88543269a91148f00
Reviewed-on: https://code.wireshark.org/review/19293
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I433b6357914063ba7dbbe119771770e98e019091
Reviewed-on: https://code.wireshark.org/review/19324
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add RFC6926 and RFC7724
Change-Id: I2e10c337f3fe3043e5c36f501eb3e29b16bfcecc
Reviewed-on: https://code.wireshark.org/review/19312
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic6812fd266832743962e020cfc8f0af2d4742fdf
Reviewed-on: https://code.wireshark.org/review/19308
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Fragment offset unit is 8-octet, not bytes.
Reverts regression introduced in 232cb9a2dd.
Change-Id: Id015209b45e15cd630f42ed2c3bbf342094b8ba6
Reviewed-on: https://code.wireshark.org/review/19307
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Otherwise, we get complaints when generating the value_string_ext from
it.
Change-Id: I2b4fc4c57b1f0c47706fe73187192c155593da84
Reviewed-on: https://code.wireshark.org/review/19306
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The check*.pl scripts presume that files with the prefix "packet-"
are dissector files and therefore have different rules than other
files. Rather than trying to clarify that more with additional
directory information, just make any non-dissector file with
"packet-" filename prefix conform if it fails a "dissector specific"
check from the scripts.
Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
Reviewed-on: https://code.wireshark.org/review/19304
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Applications can also use GSMTAP framing to convey log messages
which would traditionally be printed on stderr or on log files. This
allows the ordered/interspersed display of protocol messages with log
lines from the applications that send or received those messages.
The osmocom logging framework (part of libosmocore) implements this in
libosmocore.git Change-Id I9a7e72b8c9c6f6f2d76d1ea2332dcdee12394625
Change-Id: I0de723445e5b5ce0199a4081808111240a9ed047
Reviewed-on: https://code.wireshark.org/review/19183
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
1. Generically handle/display all unparsed data. Any unparsed data can be found with cip.data
2. This now shows at least some unparsed data that was not previously displayed. Previously, extra data sent with Get Attribute List requests was not displayed. It was difficult to tell why devices were returning errors, without knowing there was extra data.
3. Make most functions return the number of bytes processed to support the above points.
Change-Id: I290c09d76e74c18facaef99c8903e7937fbdd710
Reviewed-on: https://code.wireshark.org/review/19263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I152a388db2f3b8c035c80bd06dfbb9a18f10c031
Reviewed-on: https://code.wireshark.org/review/19284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variables are removed
Change-Id: I54bb00a74255625c7ce487cfd31794fcdb9fa979
Reviewed-on: https://code.wireshark.org/review/19295
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many proto_item_append_text calls were just adding a unit string to a field.
There's a better way to do that now.
Change-Id: Id18d5ac1ea4d8ecdc4cbe7ebaec07fbd2eab6e78
Reviewed-on: https://code.wireshark.org/review/19289
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_uint_format_value had the most use of unit strings, this
patch handles all of the other proto_tree_add_xxx_format_value calls that
could be better served using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added more "common" unit string values to unit_strings.[ch]
Change-Id: I0fb680be781e10037eb7bd40dd21a9ee20c1fb1c
Reviewed-on: https://code.wireshark.org/review/19288
Reviewed-by: Michael Mann <mmann78@netscape.net>
As per glib manual, GSLists need to be NULL initialized.
Change-Id: If78904b900f6ddd7a0afaf3a1c480ec7626f2027
Reviewed-on: https://code.wireshark.org/review/19281
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those sizes are limited by the packet sizes we support, and we only
support a maximum packet size of 2^32.
This squelches some compiler warnings.
Remove some casts that this renders unnecessary.
Change-Id: Id9a7bcf8c2ce30bbed7be6c0e28deb9cf38002e0
Reviewed-on: https://code.wireshark.org/review/19279
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch modifies the homeplug-av dissector to better decode sniffer data according to the IEEE 1901-2010 standard.
The dissector now decodes MPDU variant fields correctly based on delimiter type, and decodes beacon MPDU payloads.
There are some variable-length fields it doesn't handle yet.
This patch should have no effect on how non-sniffer-data packets are decoded.
These changes are based on Andrew Margolis' pull request to faifa at https://github.com/ffainelli/faifa/pull/11
Change-Id: Ia60ac7affa99a68b38f04ab66373ac715c761328
Reviewed-on: https://code.wireshark.org/review/19156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See 8.4a.2 from 802.11ad-2012(.pdf)
Issue reported by Hany ASSASA
Ping-Bug: 13244
Change-Id: I6e22de3009b722e61b30ce2dd93596c4f51bb2fe
Reviewed-on: https://code.wireshark.org/review/19243
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3161 Appendix A. The ASN.1 elements it defines are not
officially part of any module, so just stick them into PKIXTSP.
Change-Id: I728505cb305b924465b62eb442288edea7f916a7
Reviewed-on: https://code.wireshark.org/review/19272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In some messages (observed in Oracle 12c) packet length has 4 bytes
instead of 2.
Tested with oracle12-example.pcapng from SampleCaptures wiki.
Also small datatype fix.
Change-Id: I35490ade8cf0dee6392f4fa1b51d8dc7cff85400
Reviewed-on: https://code.wireshark.org/review/19264
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added back legacy version (<= 0.9.7) support after restructuring
for dissector completeness.
Change-Id: I5355bf8faa1b9fd8ee9056254048fe5c314b6efb
Reviewed-on: https://code.wireshark.org/review/19271
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This clears up the diff between the local copy of the CMS module and
upstream, making it easier to determine what modifications were made.
Change-Id: I466cb97e6505ea8075d01663e1ede95b85468898
Reviewed-on: https://code.wireshark.org/review/19269
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Added header fields in a new subtree.
- Restructured to use fewer functions and to use offset
counting instead of offset defines.
- Removed support for legacy version 0.9.7.
- Removed unused code.
Change-Id: I9eb6c8b3b450ddb95fb0f4bdd9f9717dafa687b0
Reviewed-on: https://code.wireshark.org/review/19260
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a manual attempt at what proto_tree_add_bitmask can do anyway.
Change-Id: If551e8afa346a33b8e15dc441aae75ba0752ab46
Reviewed-on: https://code.wireshark.org/review/19257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also use proto_tree_add_item_ret_length for string handling.
Change-Id: Id1eae2e51460a3b7f4c3385b9b1fd7f12398a227
Reviewed-on: https://code.wireshark.org/review/19255
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove functionality that was replaced by a proto_tree_add_bitmask
2. Remove use of nbdgm_header structure which is just a useless placeholder
3. Remove some if (tree) over single fields.
Change-Id: I0879043685686eb5b861cf77ec38bbf25ed6044e
Reviewed-on: https://code.wireshark.org/review/19254
Reviewed-by: Michael Mann <mmann78@netscape.net>
IMG_JFIF was trying to be a macro for all display and expert info filters.
This messed with the pre-commit scripts ability to ensure protocol
filter name was being used as the prefix for display and expert info
filters. So replaced IMG_JFIF with the proper prefix - "image-jfif"
Change-Id: I1fe3dc8797529c9d17f75c511bc279824e7e69b0
Reviewed-on: https://code.wireshark.org/review/19253
Reviewed-by: Michael Mann <mmann78@netscape.net>
The file list contains semicolon-separated list of files to check.
When merging the lists we need to separate them properly.
Error:
No such file: "packet-ncp2222.cpacket-coseventcomm.c" at wireshark/tools/checkAPIs.pl line 2050.
Change-Id: I19702ab85408caf69ed922732fce74c3058be640
Reviewed-on: https://code.wireshark.org/review/19237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.
Used TCP and NTP dissectors as the guinea pig with sample use.
Documentation updates includes some unrelated cleanup just because it was noticed.
Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Set all addresses before we do reassembly because sub-dissectors may set
their own addresses, and we don't want to override them again.
This fixes "Follow TCP Stream" and shows the correct IP addresses in the
Source and Destination columns when transporting IP packets.
Allocate the addresses in pinfo pool to avoid possible stack buffer overflow.
Bug: 13230
Change-Id: I3b81ccb02b38331add4773d9bb3d5e0f6dcf025e
Reviewed-on: https://code.wireshark.org/review/19201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.
Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Parameters" and
"LE Set Extended Advertising Parameters" commands parsing.
Change-Id: Ibcc9f145694e54710da3a11ade237f7132674366
Reviewed-on: https://code.wireshark.org/review/19234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissectors above infiniband (such as RPC dissector)
performs exact lookup on saddr, daddr, sport, dport. They are unaware
that underlying transport is infiniband which doesn't have src_qp in
packets. Due to which srcport remains uninitialized and exact lookup
fails.
In order to get them work seemlessly, this fix updates the sport
to src_qp (similar to destport to dest_qp). With this upper level
dissectors can perform direct lookup similar to TCP. Those which need to
access private data of unidirectional CM messages, can still continue to
perform unidirectional lookup as before.
It also fixes the issue where req_qp and resp_qp were swapped during
bidirectional conversation creation. This was caught during testing with
packet-rpc.c by Chuck Lever.
Tested protocols:
1. nfs-rdma over Infiniband with trace of Bug 13213
2. ICMP packets over Infiniband
3. NVMe fabrics over RDMA
Tested with trace of Bug 13201 for Nvme.
Bug: 13202
Bug: 13213
Change-Id: Ica1b6aae3ccaa6642dc3b3edfa9a5a4c335cc5da
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the dynamic payload type defined. If so set the dynamic
payload_type_string to that dissectors name.
This is for RTP analysis to work if there is no setup information in the
file.
Change-Id: I7ae7b957cfa9eb6013f7d32d50563e2034210af6
Reviewed-on: https://code.wireshark.org/review/19220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".
Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode. Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037. Add ENC_EBCDIC_CP037 for code page 037.
Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* kex_first_packet_follows -> first_kex_packet_follows
That's the name the spec (RFC 4253) uses.
* DH H signature -> H signature, DH host key -> host key
Neither the host key nor the H signature have much to do
with Diffie-Hellman. They're used in the same way in
every key exchange method that I know of, so their names
should be more generic.
* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
This is to make all key exchange method-specific fields follow
a consistent pattern with all names/abbrevs being prepended
by the method name.
Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All the pseudo-headers encode the endpoint as per a bEndpointAddress in
sections 9.6.6 "Endpoint" of the USB 2.0 spec and the USB 3.1 spec, with
a 4-bit endpoint number at the bottom and a 1-bit direction at the top
with 0 = OUT and 1 = IN.
Show the FreeBSD endpoint address the same way the other endpoint
addresses are shown; the FreeBSD one is shown as a 4-byte little-endian
value, but only the low-order (first) byte is used, so just show that
byte.
Call that field the "endpoint address", with the lower 4 bits being the
"endpoint number" and the uppermost bit the "endpoint direction".
Change-Id: Ic7358c7fb6b6df2502315b590eb5178cecb321d9
Reviewed-on: https://code.wireshark.org/review/19200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.
Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.
Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, sort the initializations of structure members by the order in the
structure, to make it easier to check that we've initialized them all.
Bug: 13231
Change-Id: Id2819940d916a5fd5a3f1bf2fc20bd3ee34a75f4
Reviewed-on: https://code.wireshark.org/review/19195
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The header field ID variables are listed in a somewhat chaotic order,
making the list hard to comprehend and update. Group them according
to the part of the protocol the corresponding fields occur in, and
order the groups and the IDs within groups to roughly match
the protocol flow and message formats.
Change-Id: I915f508fd78ff89819c96d246c79d335de6a172e
Reviewed-on: https://code.wireshark.org/review/19154
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The code was making the assumption that the ICMP data time will always
be greater than or equal to the frame time, but not earlier, but that
is not always the case and the heuristics can fail.
Bug: 13161
Change-Id: I4bc7bd8d22d717d3b1f08afdd651f8a70cb7aef2
Reviewed-on: https://code.wireshark.org/review/19157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie13e23232e183818b813e391274d75415b3fee83
Reviewed-on: https://code.wireshark.org/review/19181
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12824
Change-Id: I4b857f3cc488867d8ee7487c1f978edf639988f8
Reviewed-on: https://code.wireshark.org/review/19182
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
what happens.
Change-Id: Ib64c127ef5e2ba3fe57301c7ac7c75fd1d0e0d27
Reviewed-on: https://code.wireshark.org/review/19176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Libgcrypt prints all log messages to stderr by default. On Windows the
slow_gatherer routine logs
NOTE: you should run 'diskperf -y' to enable the disk statistics
if DeviceIoControl(..., IOCTL_DISK_PERFORMANCE, ...) fails. We don't
depend on cryptographically secure random numbers and the message is
needlessly confusing. Add a log handler that ignores less-severe messages.
Change-Id: If40a691ea380364457dfdf126b9bf33ac2672d3a
Reviewed-on: https://code.wireshark.org/review/19155
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, remove the "make sure we're not fetching a bogus structure" tests.
Add a comment explaining how a compiler bug where it's overly optimizing
a combination of tests could cause the valgrind errors we were seeing,
so we're zeroing the entire structure, padding included, to avoid that.
Change-Id: I24f94b2cbceec5234c1da82b891f609648075839
Reviewed-on: https://code.wireshark.org/review/19149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
while at it extend IE value_strings.
Change-Id: Iea592aca088384c381843be7255922db2ade393a
Reviewed-on: https://code.wireshark.org/review/19145
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not just decode the payload type for RTP/AVP, but also all RTP
transport types.
Add RTP/AVPF (same as normal RTP/AVP, but with additional RTCP formats).
Similarly, add RTP/SAVPF and the two DTLS variants. Add references to
the relevant specifications and order per IANA registry.
Tested with dtls-srtp-ws-sip.pcapng, now the payload types under the
"m=" tree have names and frames that were previously reported as RTP
show up as SRTP. Frame 442 now shows "Encrypted RTCP Payload" warning
instead of decoding it as garbage.
Change-Id: I06893f385ec270391f8891e72a364d08d2354a0a
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/19139
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 92a2c184b0.
Actually, that address *is* attached to a pinfo structure.
Change-Id: I183135f9cf10a6714045091d2ae02d2799093bae
Reviewed-on: https://code.wireshark.org/review/19143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Nit: Make it easier to see the transition between the end of the
RPC-over-RDMA transport header and the start of the RPC header.
Calculate the selection size of the RPC-over-RDMA header
properly, including the size of the chunk lists.
Change-Id: I84bc7d970a95e8f50a21a45ded386322711b6512
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19034
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Value 1 incorrect. Remaining enumerations correct
Change-Id: I31939fabded6c4eab13c5b61bbdd4f61b962f0e0
Reviewed-on: https://code.wireshark.org/review/19137
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit e2c26ff90c.
*That* address isn't attached to a pinfo structure, it's used to create a conversation, and a copy is made of it, using file scope. So that's not the cause of this problem.
Change-Id: I07ce091e678c42c30080cd00fd17cd1584f473ad
Reviewed-on: https://code.wireshark.org/review/19138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The address data is supposed to outlive the current routine's scope, so
you can't pass it a pointer to an argument to the routine; you have to
allocate pinfo-scoped memory and copy the variable to that.
Bug: 13219
Change-Id: Id3fdb52b614036d4d24d0676e798a2524fbe916c
Reviewed-on: https://code.wireshark.org/review/19136
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit db7c628616.
As pointed out in bug 13044, the warning is really coming from checking
"cops_call->solicited", no need to expand the whole expression.
Ping-Bug: 13044
Change-Id: Ib376ce6d0ec9fcf896e6081adae7664f19d9f759
Reviewed-on: https://code.wireshark.org/review/19115
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Show each version in the list independently as an item.
Perhaps the Set Protocol response version lists seen have only one
version, but the presence of a version-0 terminator suggests that it
could contain multiple versions, so dissect it as such.
For FT_STRINGZ values, let proto_tree_add_item() determine the length -
pass a length of -1. If we need the length, use
proto_tree_add_item_ret_length().
Change-Id: I5954ccac34f9e462c6d43e9a213974cf818f4d0d
Reviewed-on: https://code.wireshark.org/review/19134
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set Protocol is a SQLNET (NET8) message of Data packet type. At the
moment, request message is fully implemented, response partly.
Also, remove unused href entry(s).
Change-Id: I1814ce867cf4f03fa70f05552bfe870ed8f7737c
Reviewed-on: https://code.wireshark.org/review/19051
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And try to improve column output readability by using
separators.
Change-Id: I274f47275519c2a87def483f8f857a98edc341d1
Reviewed-on: https://code.wireshark.org/review/19109
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use proto_item_set_len instead of walking the packet ahead of time
trying to compute the size.
Change-Id: I5eb3da1fef45895853cb5b6b198d0310394e4176
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19120
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13212
Change-Id: I249d38e843f737bbd0773828f24980d148fbaa00
Reviewed-on: https://code.wireshark.org/review/19126
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the bitmask also stored whether the type of media (video) and
address type (IPv4/IPv6). Now that these are gone, it makes more sense
to use enums.
There is no functional change (only debugging output is different).
Change-Id: Idc9659cd21e36489a3f5720bbf13640c4beecc02
Reviewed-on: https://code.wireshark.org/review/19124
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Temporariy add a "magic" field, initialize it when we allocate it, and
whenever we fetch a structure from the array, make sure the "magic"
field has the right value.
(If this all turns out to be a valgrind bug, I'm not going to be very
happy.)
Change-Id: I29becc715367fdc305504b38d48be05dc516132a
Reviewed-on: https://code.wireshark.org/review/19128
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the Infiniband-centric QP filtering. This filtering attempted
to create conversations to allow the heuristic dissector to be
bypassed once it was established that a QP was carrying
RPC-over-RDMA traffic.
However, it was preventing proper identification of RPC-over-RDMA
traffic when a CM connection establishment exchange doesn't appear
in the capture (which is frequently the case for captures of NFS
traffic).
Also, without this conversation logic, loading a capture file
appears to be significantly faster, at least for capture files
I have on hand.
Later, some form of conversation management will be needed in
order to associate RPC-over-RDMA transport headers with
RDMA Read and Write operations that go along with them. But it
will need to be agnostic about the underlying link layer.
Bug: 13199
Bug: 13202
Change-Id: Ie6b7a4c65979dac036306f7367ce18836713ab4d
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19032
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Those functions also known as NET8 commands or SQLNET layer of TNS protocol.
Also added a lot of sub-functions for one NET8 command, also known as OCI
(Oracle Call Interface).
Do other cleanup while in the neighbor hood including:
1. Use proto_tree_add_bitmask where applicable
2. Remove individual "hidden" command fields. Filtering should use "tns.type"
3. Remove unnecessary if (tree)s
Change-Id: Ib7cc5cf307179d5d252c334949a4e77d9d396ba4
Reviewed-on: https://code.wireshark.org/review/19050
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3d8da3f481d6808d374c2a906652370a46a4c088
Reviewed-on: https://code.wireshark.org/review/19121
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Valgrind 3.11.0 on the Ubuntu 16.04 buildbot reports that
cops_call->solicited is not initialized:
pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
/* ... */
for (i=0; i < pdus_array->len; i++) {
cops_call = (cops_call_t*)g_ptr_array_index(pdus_array, i);
if ( /* ... */
( (cops_call->op_code == COPS_MSG_KA && !(cops_call->solicited)) &&
^^^^^^^^^^^^^^^^^^^^
which is clearly bogus since the only place where cops_call could be
created is a few lines up:
ver_flags = tvb_get_guint8(tvb, offset);
is_solicited = (lo_nibble(ver_flags) == 0x01);
/* ... */
pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
if (pdus_array == NULL) {
pdus_array = g_ptr_array_new();
wmem_map_insert(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value), pdus_array);
}
/* ... */
cops_call = wmem_new(wmem_file_scope(), cops_call_t);
cops_call->op_code = op_code;
cops_call->solicited = is_solicited;
/* ... */
g_ptr_array_add(pdus_array, cops_call);
Try to zero the whole structure to avoid this bogus warning.
Change-Id: I1ec4d23e99c987849af580a1c8134610c383e55e
Ping-Bug: 13044
Ping-Bug: 13203
Reviewed-on: https://code.wireshark.org/review/19119
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Debug mode keys are described by Bluetooth Core4 specification.
Inform user if any of keys are debug. Debug mode is only if both
keys are debug.
Change-Id: Id7f58c2445614dc386a67b91cbe6f78ffbeda880
Reviewed-on: https://code.wireshark.org/review/19083
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add "Linkkey" and "Reserved" fields.
Change-Id: I21a23824348500bbcf8366c947fe2d6599b015d4
Reviewed-on: https://code.wireshark.org/review/19081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allow the Write segment count field to be selected and filtered on.
In many Write chunks there is just one segment. However in some
special cases there can be multiple segments in a Write or Reply
chunk.
Change-Id: Ic4a4104e3a44bf4f2c96e4e5353a10e7547350c9
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19102
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5d415ba9ce7ae62eff43d47ceaa96e6282eaad1a
Reviewed-on: https://code.wireshark.org/review/19113
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
- update callback must return a boolean to indicate success / failure
- error message must be allcoated in glib memory as GUI will g_free it
Bug: 13209
Change-Id: Ibb9690034d66dae85e775d0010aadeb192c76b4a
Reviewed-on: https://code.wireshark.org/review/19111
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The media_count meaning is horrendous. -1 means "none", a count of "0"
actually means "1". This led to various bugs in the past, so just rip it
out and use a (wmem) array from which the length can be determined.
That also means that a hard-coded limit on the media can now easily be
lifted without affecting the size of the transport_info_t structure.
(This limit, SDP_MAX_RTP_CHANNELS, is unchanged in this patch though.)
Refactor the SDP dissector such that:
- Media and related attributes are no longer a bunch of fixed array
fields, but grouped in one structure. This results in the largest
changes all over the place since "transport_info->media[n]" is now
transformed into "media_desc->media" where "media_desc" is an element
of the "transport_info->media_descriptions" wmem array.
- Simplify protocol (in "m=") parsing (lots of ifs -> array + loop).
- Remove convert_disposable_media and disposable_media_info_t, parse
fields (media protocol from "m=", connection address from "c=", etc.)
while parsing the SDP instead of parsing it at the end.
- Have two distinct structures for keeping the info for the session and
media level. Emphasize that new media descriptions are inherited from
session level attributes (via sdp_new_media_description).
- Delay creation of dynamic payload type information table until we
actually create the media description. Create function
clean_unused_media_descriptions to handle the common of freeing
unused dynamic pt.
- Remove SDP_IPv4/SDP_IPv6, these are replaced by checking the type
member of the address structure.
Changes to MSRP part:
- Move MSRP attributes to the media-level attributes.
- Remove msrp_transport_address_set attribute, rely on the AT_NONE
address type for detecting bad addresses.
- Remove SDP_MSRP_IPv4 check, this never worked as the flag was never
set. Now it relies on the address family from the host in a=path:.
Tested with these capture files with no change in PDML output nor
improvements/regressions with memleaks (as reported by ASAN):
capture sip call wireshark 1.8.2.pcap
NOringback.pcapng
rtp_not_parsed_by_1_10_1.pcap
rtsp_interleaved_coreplayer.cap
SIP_CALL_RTP_G711.pcapng
srtpincorrectlyselected.pcap
tdnwifitontwifi_withnatting_clientAbhopati_03082015.pcapng
Change-Id: Ia0dbc63f8bd78cc84dad2e18174540e31b78a80d
Reviewed-on: https://code.wireshark.org/review/19072
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is no way to iterate through the contents. For a future patch to
the SDP dissector (where the session-level info is copied to the
media-level), it would be nice to duplicate the dynamic payload info.
Change-Id: I79b8349e5e157298a28fc608e20c2c2e03e76400
Reviewed-on: https://code.wireshark.org/review/19106
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.
Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Observe that some code in setup_sdp_transport is effectively the same
code as a part from dissect_sdp with these differences:
- Removal of these two conditions (setup_sdp_transport already returns
early when a packet is visited):
(!pinfo->fd->flags.visited) && (transport_info == &local_transport_info)
- "establish_frame" in setup_sdp_transport is replaced by "pinfo->num"
in dissect_sdp.
dissect_sdp further has two additional blocks that add information to
the VoIP calls dialog. This is preserved.
Freeing of the RTP payload information has also been simplified. Instead
of checking it inside the main loop that adds addresses (now moved to a
new function, "apply_sdp_transport"), let the caller do it outside the
loop.
The transformation in this patch is rather mechanical:
0. Add a comment on what the new function is supposed to do.
1. Move code from setup_sdp_transport into a new function,
apply_sdp_transport and reduce indentation level.
2. Copy all variables to the new function and populate the parameter
list.
3. Compile result, remove unused variables that the compiler warns for.
4. Move freeing of unused media outside the loop to the caller.
5. Create a new conditional statement before the duplicated loop, which
checks whether setup_sdp_transport has been used before. (SIP first
calls setup_sdp_transport, then it invokes the media type dissector
which calls dissect_sdp to populate the tree.)
6. Remove the duplicated code from the dissect_sdp loop until only the
VoIP Calls dialog info remains.
There is no functional change intended.
Change-Id: I928379466af56ef1729cccbf4a5b60895ddb3227
Reviewed-on: https://code.wireshark.org/review/19047
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissect the first, fixed part of a=candidate. The candidate type is also
unabbreviated for easier understanding. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.
Change-Id: I9950c8f066becea86f1fe8e9ffab2dc07ae0f425
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. ENIP: Display the CIP Forward Open Request packet number for connected data
2. CIP: Extended Network: Display expert info when the expected bytes does not match actual bytes
3. CIP: Look up more data fields as CIP service or Device Type
4. CIP: Display data as Dec/Hex, depending on how the spec shows things
5. Minor: Pull out common code into load_cip_request_data()
6. Minor: Text corrections
Change-Id: I184ac3899786f650e4d4643a5dfe68bba785d6e0
Reviewed-on: https://code.wireshark.org/review/19092
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Display the Reply chunk as a tree, using the same code that the
Write list dissector now uses. Fix up the selection size of the
Reply chunk.
Bug: 13197
Change-Id: Ie861b7721b2c2dd9a5839986488ee22f39f81d1e
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19101
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Write list as a list of RDMA segments (it's a
list of counted arrays).
Bug: 13197
Change-Id: I6f8e788d66eefd17d6c1995e238a9ff9fa1e81f2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19100
Reviewed-by: Michael Mann <mmann78@netscape.net>
The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Read list as a counted array (it's a list).
Part of this confusion arises because RFC 5666 uses the term "chunk"
to mean "chunk", "read segment", and "rdma segment". Re-organize
the dissector logic to make this distinction properly.
Bug: 13197
Change-Id: Iad517804dbcf8b30de795af03af7a71a6f231231
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19099
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Rather than pass a boolean that has to be continually evaluated, just pass the
necessary encoding (ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN)
2. Incorporate more use of proto_tree_add_item_ret_[u]int
3. Remove NEXT_guint16 and NEXT_guint32 because we now have tvb_get_guint16 and
tvb_get_guint32
Change-Id: Ib1c3488450b4e727d2c1943ba4e577faf2350dcc
Reviewed-on: https://code.wireshark.org/review/19103
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- support rest of api keys
- dissect kafka.required_acks with constants
- dissect kafka.message_timestamp_type
- add expert info about missing request
Change-Id: I3d18936adac6702a61f545385bdec1b75b564bd9
Reviewed-on: https://code.wireshark.org/review/18954
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I3a3a51de76286800992b1445c332c50059112c54
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19098
Reviewed-by: Michael Mann <mmann78@netscape.net>
When tshark displays each frame in default mode (without -V):
- NFS on TCP is dissected and displayed
- NFS on RPC/RDMA is displayed as only an RPC/RDMA frame
NFS on RPC/RDMA should be dissected and displayed just like NFS on
TCP. Make passing along the RPC payload to the RPC dissector
unconditional.
Bug: 13198
Change-Id: Ia86f3abcfcbc65a860d4ff7bac19a5f3af44a0b0
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19027
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13204
Change-Id: Iaad562aafe3a4f0300398fc45927ac810814ee75
Reviewed-on: https://code.wireshark.org/review/18990
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissect SC, Keypress and Reserved bits.
Up to Bluetooth Core 4 specification.
Change-Id: Id7ac75bd917786abe9aada433a1343887a32234d
Reviewed-on: https://code.wireshark.org/review/19079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix unexpected Direction flag pass to BTLE dissector
what caused reassemble of L2CAP not working correctly
(it based on Source/Destination addresses/columns).
Change-Id: I10fb17c29b020f6ca746f7bbccb7527e0ba04624
Reviewed-on: https://code.wireshark.org/review/19084
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the file offset fields are 32-bit, but the algorithms use gsize
variables, which can vary between 32 and 64 bit builds. The 64-bit
builds are the ones with the problem with "garbage" data comes from
(effectively) invalid 32-bit offsets.
Bug: 11133
Change-Id: I20b8cafb75fc021594159ab092c18c24f3e257e3
Reviewed-on: https://code.wireshark.org/review/19073
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
size_str points to a dash, so the result of calling ws_strtoi32 on it is
a negative number, which becomes a huge positive number, because size is
a guint32.
Parse the number after the dash instead, and use ws_strtou32.
Also, check that size is divisible by 8, since otherwise it's unlikely
to be a bit length.
Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64
Reviewed-on: https://code.wireshark.org/review/19006
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
After this, hf_ssh_kexdh_host_key is no longer used, so remove it.
Change-Id: Ie56a086481bbe087b7ba3b17aea394c05986f63d
Reviewed-on: https://code.wireshark.org/review/19052
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Fixed find_conversation for PT_IBQP to not lookup in reverse
direction when all searches fail.
This is required, because there could be valid different connection in
reverse direction which mistakenly gets updated for non template cases.
2. Added support for having MAD data for upper level dissectors to process
during RC packet processing.
This is required because connection options are negotiated out of band
using this CM exchanges (unlike in band TCP options).
3. Moved creating unidirectional connections when actually MAD packets
are processed.
Previously client-to-server unidirectional conversation was created when
CM_RSP stage, where MAD Data of CM_REQ packet is inaccessible.
4. Fixed creating multiple conversations with same address property by
eliminating create_conv_and_add_proto_data during RTU stage, which was
incorrect.
Now they are created during REQ and RSP frame processing. (Instead of
RSP and RTU processing).
5. Added support for creating bidirectional connection that ULP can
refer.
This is required to keep track of oustanding transactions on a
connection (requests and responses).
Bug: 11363
Change-Id: I32ea084a581a58efbc16dbb7a3e267c82622c50c
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/18982
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Maybe this way we can identify which *particular* test is, according to
Valgrind, looking at uninitialized data; there's nothing obvious that
shows up from inspecting the code, and neither of our static analyzers
seem to have found anything.
Change-Id: I80f6bb8e6fa92decfe195c01766330b97e980821
Reviewed-on: https://code.wireshark.org/review/19049
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The current mechanism of detecting RPC-over-RDMA is broken because
it treats the Read list as a counted array (it's a list); and treats
the Write list and Reply chunk identically (one is a list, one is
always a single chunk).
While we're here, refactor pre-detection helper functions so they
can be used during frame dissection as well.
Bug: 13196
Change-Id: I76e210c8d2a9464fed00e7199072d37f4ebbebf2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19025
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since the use of 'Decode as' can result in another port number than the
default port (7) being the service port, this should be checked against.
Change-Id: I93383613115595fff621e2fb9ab7959cd448c01e
Reviewed-on: https://code.wireshark.org/review/18991
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display length fields in decimal, just as they are displayed by the
RDMA RETH dissector.
Display version fields in decimal, just as they are displayed by the
RPC dissector.
RDMA offset fields are left in hexadecimal since they are
essentially addresses, and at least the Linux RPC-over-RDMA
implementation has debugging messages that display these as
hexadecimal values.
Change-Id: I7206970675ca0ca486b3a2837b6dbb1c4d764091
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19028
Reviewed-by: Michael Mann <mmann78@netscape.net>
On an RDMA transport, RPC protocol never appears in a frame by
itself. If RPC-over-RDMA is not present, then RPC is by definition
not present as an InfiniBand data payload.
Bug: 13195
Change-Id: Icaea9d4936477af32adc73140c67539e977a7a9a
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19024
Reviewed-by: Michael Mann <mmann78@netscape.net>
That way, if we #define anything for large file support, that's done
before we include any system header files that either depend on that
definition or that define it themselves if it's not already defined.
Change-Id: I9b07344151103be337899dead44d6960715d6813
Reviewed-on: https://code.wireshark.org/review/19035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also adjust the smb2_info_t structure that handles the value.
Bug: 12915
Change-Id: Ia314b8dc840b9d26d2c1d185f06ef93f242a3a7b
Reviewed-on: https://code.wireshark.org/review/19019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A new "--export-object <protocol>,<destdir>" option is added to tshark.
This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)
Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Apply the same value checks to the vendor generic suboption dissection
as is done for the Cable lab and ADSL forum ones.
See https://ask.wireshark.org/questions/57695 for an example issue.
Change-Id: I4fe07d07cf0a93f4693e5ff54dd70c008701cf41
Reviewed-on: https://code.wireshark.org/review/18999
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib1e2b4e57832e94b94d34102c0079f820b18f350
Reviewed-on: https://code.wireshark.org/review/19000
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When registering preferences, make sure our titles and descriptions are
valid UTF-8. Make sure our titles are short and only contain printable
characters.
Fix problematic titles and descriptions.
Change-Id: I20d3f93438f2b3c30266f934297feb79897f2ee5
Reviewed-on: https://code.wireshark.org/review/18998
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
add expert info if this is exceeded. Spotted in the wild via
https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid
Tested with a synthetic pcap having length 2^14+1 using Python:
from scapy.all import IP, TCP, UDP, wrpcap
len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
wrpcap('bad-record-length.pcap', [
IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
])
Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
Reviewed-on: https://code.wireshark.org/review/18959
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
FT_CHAR is straightforward to support.
Split the list of "invalid" types into a list of "unsupported" types and
a short list of "invalid" types, containing FT_PCRE (which isn't a valid
type for a field) and "everything else". Add FT_IEEE_11073_SFLOAT and
FT_IEEE_11073_FLOAT to the "unsupported" list.
Flag the whole unsupported list as just "not handled yet".
Change-Id: I62d2d7eead53377e4e601594a035b4395fdbeead
Reviewed-on: https://code.wireshark.org/review/18979
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As stated in 3GPP 23.003:
"the APN has, after encoding as defined in the paragraph below,
a maximum length of 100 octets"
Change-Id: Iae23117f44ea5b668f6cb23dbd0e726e4e56ce41
Reviewed-on: https://code.wireshark.org/review/18972
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Apparently, it was forgotten ;)
Bug: 12614
Change-Id: Id1a2d98e3ea2b381c5fa60faeb342256d4c7d9f8
Reviewed-on: https://code.wireshark.org/review/18955
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
wmem_file_scope() was used too many times when wmem_packet_scope() will do.
Also, use the wmem string functions to only allocate enough space to
handle a string instead of using MAX_BUF_LEN.
Change-Id: I3031d3aef34b7105264b17dc83e3b1f4cfb4b3d4
Reviewed-on: https://code.wireshark.org/review/18910
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iaa554ac94d248c67c635ac180ea2d1c1e3775b6a
Reviewed-on: https://code.wireshark.org/review/18915
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They don't work on Windows, and we support Windows, so....
Change-Id: Icdbdfcfd930ae13aba6d8fb018d7e2af55b76fa1
Reviewed-on: https://code.wireshark.org/review/18943
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This dissector allows Snort to process all of the
packets passed to Wireshark, and for the alerts to
be shown in the protocol tree. It is also possible
to set the source of alerts to be packet comments.
Change-Id: I6e0a50d3418001cbac2d185639adda2553a40de8
Reviewed-on: https://code.wireshark.org/review/18848
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This allows dissectors to not need to know about the internal preference structure.
Change-Id: I1ae67248cd0b0132aefc225ea0a9befaf9afdde2
Reviewed-on: https://code.wireshark.org/review/18864
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change the tooltips texts to make them better describe the preference.
Bug: 13130
Bug: 13131
Change-Id: Ie753e3703a702bdafed91cf0f41b306347088526
Reviewed-on: https://code.wireshark.org/review/18878
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I55f9303624471d09b446c10939e5c22bf8e21511
Reviewed-on: https://code.wireshark.org/review/18894
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- support draft-ietf-6tisch-6top-protocol-03
- rename variables and constants to reflect the protocol hierarchy
- show 6P specific information in the "Protocol" and "Info" column
- cleanup
Bug: 13136
Change-Id: I83ca8a55d59225e0cce64f3463100b3750a58b8f
Reviewed-on: https://code.wireshark.org/review/18824
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If1daef88dce166ec92f00a8c6e71bcb220d25e0c
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18917
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If838db823dd1c7614fcfdfc2774952bf70da3c6e
Reviewed-on: https://code.wireshark.org/review/18919
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Use tvb_get_guintXX with encoding parameter rather than have an "is_little_endian" flag
2. Replace proto_tree_add_xxx_format with proto_tree_add_xxx_format_value or proto_tree_add_item
3. Create some value_strings in favor of functions.
Change-Id: If4b8e8992662bda768b39ba5f1932272760eef65
Reviewed-on: https://code.wireshark.org/review/18909
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'bthci_evt.pending_response_delta' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_DOUBLE
Change-Id: I7665ea0c007ef089c6986c102f2358d08d4628df
Reviewed-on: https://code.wireshark.org/review/18889
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Currently, when passing a -1 length to proto_tree_add_item_ret_string_and_length() or
proto_tree_add_item_ret_string(), the -1 length will be passed directly
to the field info. The calculated length should be used instead.
Bug: 13159
Change-Id: I980d18fb9bde3c452e64a8735e62d4830ce53b64
Reviewed-on: https://code.wireshark.org/review/18904
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ic4e6fe7978382854b4f36eebc8372eb3cd8e7551
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/18895
Reviewed-by: Michael Mann <mmann78@netscape.net>
'uds.tp.suppress_reply' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
Change-Id: I8f6035c79c7b6481dd2915cfcfc99963fef7fc23
Reviewed-on: https://code.wireshark.org/review/18884
Reviewed-by: Michael Mann <mmann78@netscape.net>
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_BYTES
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_INT64 and FT_STRING
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_INT8 and FT_INT64
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_DOUBLE and FT_INT32
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_FLOAT
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_UINT8 and FT_UINT64
Change-Id: I83697e72ebfa4e164178141d789c4ca2d9d09db0
Reviewed-on: https://code.wireshark.org/review/18887
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Benjamin Parzella <bparzella@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It can be not FALSE
Change-Id: I938011296b40013a1dad813c3196e899b1b90347
Reviewed-on: https://code.wireshark.org/review/18883
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'uftp4.announce.publicmcast' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'uftp4.announce.privatemcast' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'uftp4.fileinfo.tstamp' exists multiple times with NOT compatible types: FT_ABSOLUTE_TIME and FT_UINT32
Change-Id: I94b235e9ba8ebe8a036620f9537eb674f418f1e5
Reviewed-on: https://code.wireshark.org/review/18882
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'radiotap.present.flags' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT32
Change-Id: Ib53eb43c2103b24bd02bd41fd20030b7e7ae321b
Reviewed-on: https://code.wireshark.org/review/18886
Reviewed-by: Michael Mann <mmann78@netscape.net>
'vxlan.flags_reserved' exists multiple times with NOT compatible types: FT_UINT8 and FT_BOOLEAN
Change-Id: I98d296393796defc5741c41a496432eb8f927be2
Reviewed-on: https://code.wireshark.org/review/18881
Reviewed-by: Michael Mann <mmann78@netscape.net>
A Attribute Identifier List can have more than one AT element. Therefore
we have to loop through the elements list.
Bug: 13077
Change-Id: I3adaa5ba50a1ad01e7c5bacd05118c65afcf4442
Reviewed-on: https://code.wireshark.org/review/18825
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Calculated Checksum tree item prints the checksum from the
tvb, instead of the computed one (the "should be 0x...." tree
item above it _does_ print the computed one). As such, in a packet
with bad checksum, the Calculated Checksum is incorrect. Fix the value.
This seems to have been introduced in ad6fc87d ("Add
proto_tree_add_checksum.")
Change-Id: Ia20d5addc40956713a944102e79d25317b969a0e
Reviewed-on: https://code.wireshark.org/review/18859
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix a memory error found by the buildbot and valgrind in my recent patch
Bug: 13100
Change-Id: Ieb21aa25e048f90ce7192546b0ad3d4718ff07df
Reviewed-on: https://code.wireshark.org/review/18877
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Details:
- update supported api keys
- add api key ApiVersions
- change api key names according to documentation
- add pcapng files for supported api keys
- add new documentation link
- add declaration of lz4 message codec
Change-Id: I943dc31144890dcd3dd333981a86754668c2bec4
Reviewed-on: https://code.wireshark.org/review/18861
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
In the association_sanity_check_t structure:
Have separate flags to indicate whether we *have* an IE specifying an
FT AKM suite and whether we *have* an IE specifying a non-FT AKM suite.
Use those to decide whether to add an expert info, so we add it
regardless of whether we are building a protocol tree or not.
Set the protocol tree item for the first FT AKM suite and the first
non-FT AKM suite only if we have a protocol tree.
Bug: 13149
Change-Id: I16a3194017b34d8d2c9128364c2761d1c202969d
Reviewed-on: https://code.wireshark.org/review/18863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When decode_prefix4() gets called with more prefixes the length of
proto_tree_add_subtree_format() should not be the total length.
As the "Withdrawn route" part was the only one where decode_prefix4() has
been called with a tlen not equal 0 we can eliminate the tlen parameter.
Bug: 13146
Change-Id: I708dec2cecbed6054b60190104b82c72d54e8037
Reviewed-on: https://code.wireshark.org/review/18852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 13147
Change-Id: Icfd1343458c0795c4e3a74e4ed4f06d18f1c1831
Reviewed-on: https://code.wireshark.org/review/18854
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I48c0cb58cd5643ad1c930b668b81cc3cc7270afa
Reviewed-on: https://code.wireshark.org/review/18837
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Various cleanups and corrections regarding MAC address handling.
Change-Id: I31e2e377bc1c73705a89517c776d51bbb19b9ce3
Reviewed-on: https://code.wireshark.org/review/18836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2ad9621c632060fba1010ab5fed0b62557580dff
Reviewed-on: https://code.wireshark.org/review/18726
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most attributes specify the path length before the EPATH data, but some do not. The previous code for parsing EPATHs just looped until there was no more data. This is a problem for EPATH that do not specify a length, because it will eat up too many bytes. This mainly affects Get Attribute List Responses and Set Attribute List Requests. For the small number of attributes like this, the Spec says exactly what kind of segment should be in the EPATH, so just parse a single segment.
This fixes: Port attributes: 'Port Number and Node Address' and 'Chassis Identity'
There is still one that is a problem in packet-cipsafety.c, but we will have to deal with it later. See the TODO in that file.
I use the .pcap attached to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12049, to make sure I didn't break any existing path/segment handling.
Ping-Bug: 12049
Change-Id: Id035f9809f6cc747ea7b6327d94dd26dc66cb466
Reviewed-on: https://code.wireshark.org/review/18675
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update the list
Add dissection of SR Algorithm
use value string for TLV list
Change-Id: If3573320a182235b720620af949e540b3706f538
Ping-Bug: 13118
Reviewed-on: https://code.wireshark.org/review/18813
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Travis CI found the following errors:
wireshark/epan/dissectors/packet-per.c: In function ‘dissect_per_open_type_internal’:
wireshark/epan/dissectors/packet-per.c:193:24: error: ‘pdu_tvb’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
tvb_composite_append(pdu_tvb, tvb_new_octet_aligned(tvb, offset, 8*type_length));
^
wireshark/epan/dissectors/packet-per.c: In function ‘dissect_per_bit_string’:
wireshark/epan/dissectors/packet-per.c:2269:24: error: ‘fragmented_tvb’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
tvb_composite_append(fragmented_tvb, tvb_new_octet_aligned(tvb, offset, length));
Change-Id: Idfd8bfc20439485f53e906a46e0717fc6199071c
Reviewed-on: https://code.wireshark.org/review/18827
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Because of the way PER specification encodes length determinant >= 16K,
we cannot get the PDU length from a fixed position at the beginning of
the message. So drop tcp_dissect_pdus() (that cannot work for this use
case) and manually request extra chunks until the full PDU is available.
Bug: 8221
Change-Id: I91e32160fc2180f74b3edb9699ba510798b46983
Reviewed-on: https://code.wireshark.org/review/18808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a TCP frame contains more DICOM segments, make sure that
only segments with "More fragments" bit set gets reassembled.
Bug: 13110
Change-Id: Ie19c71285a00240a035ff92ce3183de4d9048cbd
Reviewed-on: https://code.wireshark.org/review/18805
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I3ba3fa626398718fefcc3430fffeaed2f4ea47b9
Reviewed-on: https://code.wireshark.org/review/18799
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13097
Change-Id: If6128f5a3c940b4713c396e1a4a8f002a6bd03b8
Reviewed-on: https://code.wireshark.org/review/18764
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When storing a copy of the composite tvb in tvb->real_data, ensure to copy the full
data and not only the length currently requested by the call to tvb_get_ptr()
Change-Id: I6b42f3d46c4fba83fadf4d06f465c8d2486f4853
Reviewed-on: https://code.wireshark.org/review/18806
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
In the C API, one can register a heuristic for the same protocol on different
lists by specifying another unique short_name. This is impossible in the
lua API, as the protocol name is used as the short name itself.
This change fixes that by creating an unique shortname composed of the
protocol name and the target list name.
Change-Id: I2c30ce6e4f7a3b38879180c64cf8564f779163b4
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18711
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Bug: 13127
Change-Id: I09893fadc6f64316a373ddb8ac72e07a6743e149
Reviewed-on: https://code.wireshark.org/review/18758
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Change-Id: I797da3c55ecb1a8a61166d8fbf503c4bdeffc213
Reviewed-on: https://code.wireshark.org/review/18755
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie5bfe4d366a679ebcb561716f23d174e7b9bf487
Reviewed-on: https://code.wireshark.org/review/18754
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I17785d32ca1f5ef69731c5dfba04892aa09648a0
Reviewed-on: https://code.wireshark.org/review/18756
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It seems more recent RBS2000 models have extended the range of the CON
Connection Point (CCP) by one bit, as I'm seeing CCP 1896 in protocol
traces. Similarly, the Contiguity Index can at least reach 96. Using
the full 8bit value to make sure IS and CON dissectors use the same
ranges for connection points and contiguity index.
Change-Id: Iece34106fc97a11dc8a01cf2578b5e4245a4c9e8
Reviewed-on: https://code.wireshark.org/review/18753
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ie834da60a2d389d33e1a5b6cc897e13ae1522fb9
Reviewed-on: https://code.wireshark.org/review/18742
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
NPN is a legacy extension (superseded by ALPN), but there was still a
capture with this value. However, the decimal number is wrong. Adjust it
to the one in the draft -03 (the hex number is still correct).
Change-Id: I80ce468bcb653bc8ec87432d76d478cb0423b46f
Reviewed-on: https://code.wireshark.org/review/18744
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Display in dec the LSA Type (like IANA)
Bug: 13118
Change-Id: I78001b2066f186dcf2175153e539216437b1754e
Reviewed-on: https://code.wireshark.org/review/18740
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
g_strlcpy copies at most n-1 bytes to ensure that the string is NULL terminated.
Bug: 13121
Change-Id: I4f1677c518e65eb58b79d72052520ecce8c51722
Reviewed-on: https://code.wireshark.org/review/18743
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
start_offset(offset) and the while loop should be on searched_bytes.
Change-Id: I62343f7cb04f9110f773ba1ada8dbcbfbd262861
Reviewed-on: https://code.wireshark.org/review/18741
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Just causes preference to be added twice.
Bug: 13113
Change-Id: Iebbe296a8b35cbe58c163c4f1f5fac9d27c76ead
Reviewed-on: https://code.wireshark.org/review/18737
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the model from the 2.0 branch and earlier that only "tapped" the
follow data in a single location. This fixes duplicate data for
reassembled data and handles out-of-order packets.
Bug: 12855
Change-Id: I5268f13e3c08e9271acf026b859de693ad794c94
Reviewed-on: https://code.wireshark.org/review/18368
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fixes UBsan complaint:
epan/dissectors/packet-lsd.c:141:7: runtime error: load of misaligned address 0x61d00017029e for type 'const guint32', which requires 4 byte alignment
Change-Id: I74034f3e0bc198b4b86ca6cd7559d8df7283377f
Reviewed-on: https://code.wireshark.org/review/18733
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The MRP PDU dissection is updated with respect to MRP standard IEC62439-2 Ed.2.
0x88e3 is added for MRP Ether Type
String definions of MRP block and sub block types are updated.
dissect_pn_ManuData function is removed since it is not used anymore.
Change-Id: Iec6666abc75bcba4189f2c38851407abc23267f9
Reviewed-on: https://code.wireshark.org/review/18730
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Already try to enhance but get always some false positive with STUN/RTP
Change-Id: I187959ed526a0d538a2c6db76af07ae3dbf06c6e
Reviewed-on: https://code.wireshark.org/review/18702
Reviewed-by: thies.moeller <thies.moeller@baslerweb.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While there correct a typo.
Change-Id: I58f9f4353e1fb4155d4f4f77f0f93325940d291f
Reviewed-on: https://code.wireshark.org/review/18722
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.
Fix dag_version tag short name. Was clashing with another tag due to typo.
ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.
While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.
Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.
Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in 3GPP 24.008 §10.5.1.4, for GMM and EMM procedures the
length should be set to 3 when using the 'no identity' type.
Change-Id: Ib2d5930416b0d26853f4cc430df0ce2f29488877
Reviewed-on: https://code.wireshark.org/review/18707
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Bug: 13103
Change-Id: I531aeb941bb80a1ac403d5e0ffcb6ba549ea9370
Reviewed-on: https://code.wireshark.org/review/18699
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For fields that contain both a value and a subtree, print the value and
then create a new item with a _tree suffix for the subtree content
Bug: 13086
Change-Id: I5a3c96bf9895d87faff3925d439bb54b73769a3e
Reviewed-on: https://code.wireshark.org/review/18663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kacer <kacer.martin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I59b667d7415d340eddc48f648da594d2fac3ad93
Reviewed-on: https://code.wireshark.org/review/18700
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The P-GSL uplink PACCH messages contain information about the decoded
access burst information four consecutive frame numbers. Each burst
individually carries receive level, access burst type (8/11bit),
validity information and access delay.
Change-Id: I9d874d9b2c6de6a5461591e0f1f037ef2c34c143
Reviewed-on: https://code.wireshark.org/review/18682
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I79d7b9afbde34451b545ac7e67c22b012843d822
Reviewed-on: https://code.wireshark.org/review/18654
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix a copy+paste mistake (using the codec_csy string for the
codec_rxlev) and use the existing val_str_ext for decoding the GSM/GPRS
RxLev value into a dBm value range.
Change-Id: Ie19621019977f6a41201cca424de3d44ece309b0
Reviewed-on: https://code.wireshark.org/review/18683
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And tweak the Pidl generator for Wireshark not to generate "flags" like
that.
(The generator also does field name and true/false strings' case
differently, so I didn't use it to regenerate the dissectors; that needs
to be looked at.)
Change-Id: Ie1657a782ebdb107e58792cedd29bbaa79b17bd4
Reviewed-on: https://code.wireshark.org/review/18695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The frame numbers are stored as 24bit value in little endian byte order,
not in big endian (as assumed so far).
Change-Id: Ia58db03749375a025e7b3b6b5805687af7601d9a
Reviewed-on: https://code.wireshark.org/review/18681
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Rather than displaying the P-GSL data as "data", let's call the
proper GPRS RLC/MAC dissector to get a decode of the payload.
As the RLC/MAC payload of P-GSL is one un-aligned stream of bits
containing the EGPRS header + RLC data blocks, we need to re-aling the
data blocks before calling into the RLC/MAC dissector in case of EGRPS.
Change-Id: Ib081606c1b7af2a15ecf3c5f5b3ff44b5096e865
Reviewed-on: https://code.wireshark.org/review/18483
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Regarding the EGPRS header, a value of '1' means bads checksum/quality,
and '0' means good quality/checksum. Let's explicitly state this by
overriding the default True/False boolean labels with Bad/Good.
Change-Id: I2168771d5552345c9c2eb6910f2839013da8210e
Reviewed-on: https://code.wireshark.org/review/18684
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also cleanup ANSI TCAP dissector that had a commented out attempt at what
was just cleaned up with TCAP.
Change-Id: I347f11e21a493d8d444c2dc528bb7713a227381a
Reviewed-on: https://code.wireshark.org/review/18129
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
calculations.
Change-Id: Ie314f7caee067b16da8dcb2a45cb1395ce0cb266
Reviewed-on: https://code.wireshark.org/review/17719
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The frame number is (as in all messages) three bytes long, not just one
byte.
Change-Id: I461121d61d2515f51462a3df1086ab988e4afab5
Reviewed-on: https://code.wireshark.org/review/18686
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
* Added support for 3-byte integers in :int() and :le_int()
* Added support for 5, 6, and 7-byte integers in :int64() and :le_int64()
Change-Id: If9ab4ea806191bc63effe45a081b9c65693c2367
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Split PLMNs arrays in 2 so as to clearly konw if the MNC is 2 or 3 digits long
Bug: 13092
Change-Id: Ic5f776f3c1e5141f8739bf2137ebd046f7e4a0d6
Reviewed-on: https://code.wireshark.org/review/18679
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
6LoWPAN is not only used over IEEE 802.15.4, so adjust the full name.
Change-Id: I56305baa74c0cc9337dfd5e813965035fd7dcec6
Reviewed-on: https://code.wireshark.org/review/18677
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Always add the Data (Fragment) item, also for the last frame.
Also add link to "Reassembled in #" for all except the last frame.
The reassembly logic should be rewritten to use reassemble.h functions
to be able to show the fragments frame list, fragment count and
reassembled length items.
Change-Id: Ib0e17711e182178d0b7ea0fd6903a9144adb757d
Reviewed-on: https://code.wireshark.org/review/18659
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add a lof of Command Opcodes.
Implement trivial Event: "Inquiry Response Notification"
and "Get MWS Transport Layer Configuration"
Change-Id: I4ca13878e2f972caae4320e9c0149dc3d75c45a5
Reviewed-on: https://code.wireshark.org/review/18668
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Add 3rd level subtree in Event->LE Meta, because of
existance of "Subevent" which is in similar thing to
Event or Opcode in CommandComplete.
Change-Id: Ib732ab417c5141251736b608de2e4e64b702c20a
Reviewed-on: https://code.wireshark.org/review/18667
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The implementation is up to Core 4 specification.
Change-Id: I3fc3f06f8ec6bdd488cff109bdbca275cd0f0121
Reviewed-on: https://code.wireshark.org/review/18666
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
1. LE Remote Connection Parameter Request
2. LE Data Length Change
3. LE Read Local P-256 Public Key Complete
4. LE Generate DHKey Complete
5. LE Enhanced Connection Complete (implies more meta-info present)
Change-Id: I4aac5b66808cd15cc5b6825429b2bff848aa88b4
Reviewed-on: https://code.wireshark.org/review/18665
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
BLE connections that use this event cannot be fully decoded since the
connection handle is unknown to Wireshark.
Change-Id: I56eb6fc7c918b235fb1d68d89b6f1f2847e648e1
Reviewed-on: https://code.wireshark.org/review/18661
Reviewed-by: Sharvil Nanavati <sharvil@playground.global>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Issue reported by Vladimir Vysotsky
Bug: 13085
Change-Id: Ibdc1bf662f852818777cfb44fa19d798972390ca
Reviewed-on: https://code.wireshark.org/review/18651
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for defragmentation of fragments that use the defragmentation
scheme of PPP MP (RFC 1990). Instead of getting "sequence_number,
fragment_number, last" as in other protocols, PPP MP provides a single
sequence number that is effectively "seqnum + fragnum", though it provides
flags for both the first and last fragment of a reassembly.
See Appendix A of RFC 4623 (PWE3 Fragmentation and Reassembly) for a list
of protocols that use this style, including PPP MP (RFC 1990), PWE3 MPLS
(RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame Relay.
Also add support for the Multi-class Extension to Multilink PPP (RFC 2686),
which uses some of the previously reserved bits as classes that distinguish
otherwise identical sequence numbers.
Bug: 12548
Change-Id: Ic2ce3c50e61ab2eb50e4d92fd353ca4d2a48fe18
Reviewed-on: https://code.wireshark.org/review/16327
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4dd0e42df00ab27073b55cfce7da173b0e9dab00
Reviewed-on: https://code.wireshark.org/review/18647
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's the *absence* of flag bits, so you can't test whether it's set;
don't have a field for it. This gets rid of a dissector assertion.
Add some more URLs for information about DCE RPC and MS-RPC.
Change-Id: I53e8f11692c66e16ae2ec7fd4ba8eb90b0673da4
Reviewed-on: https://code.wireshark.org/review/18648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allows to use negative values (FT_INT) in a bitmask field.
If a field type greater or equal (FT_(U)INT40) is used then also
a 64 bit value string and 64 bit format function must be used.
Change-Id: Ib86d45bee73a71a784068ab717d35810c6f48017
Reviewed-on: https://code.wireshark.org/review/18601
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib29f3cb5b670b4e6e5432922a160f2eb4b780aae
Reviewed-on: https://code.wireshark.org/review/18473
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Values in psm_data structure used in reassembly must be initialized
to zero to ensure that the reassembly logic works.
Change-Id: I47c636dde60f28a8dcd9a366664fd23019a12323
Reviewed-on: https://code.wireshark.org/review/18633
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix root cause in dissect_af
Bug: 12252
Change-Id: Ia20fc7bad39e80062e177b4ddd7c7bb87accf328
Reviewed-on: https://code.wireshark.org/review/14644
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ice365bf3ca2198b3d81994a5670ac50add3e53dc
Reviewed-on: https://code.wireshark.org/review/18620
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for SA(PortGroupTableRecord). Fixed parse errors in
SA(CableInfoRecord), SA(BufferControlTable), SA(PathRecord),
SA(PortInfo), & SM/SA(SMInfo). Moved SA(FabricInfoRecord) to be in SA
Sections. Remove the attribute modifier 'ALL' bit being incorrectly
used in SM/SA. Add support for the valid case when SA returns with
zero records and a none zero MAD status.
Change-Id: I9bdc87d113be045132a78ecf5c8b4ffa3ac29900
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/18629
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12979
Change-Id: I7f0e806081704dfeaf40ce1e4e41271ffd5e3023
Reviewed-on: https://code.wireshark.org/review/18618
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Decode the header as specified in http://www.retrocomputing.net/info/doc/GA27-3136-20_SNA_Formats.pdf chapter 13.
Note that the Information field is not decoded yet.
Bug: 13084
Change-Id: Iaaee344ef0b2805906a3eeae1134479abf9d403e
Reviewed-on: https://code.wireshark.org/review/18616
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Th link throughput and latency objects are just 32-bit integers; process
them as such and, as they're bytes-per-second and microsecond values,
respectively, show them as decimal, rather than as hex, as most of us
have 10, not 16, fingers.
The ETX metric object is a 16-bit integer; process it as such, and show
it in decimal as well.
Attach an expert info representing an error to the item in error.
Change-Id: I57dfac0127d263724cc6940a0457d63e17616b64
Reviewed-on: https://code.wireshark.org/review/18617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I1b20a49008e41728cb10cd11765833a762f66505
Reviewed-on: https://code.wireshark.org/review/18603
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There could be some reuse out of it, so but it with the rest of the
general utilities.
Change-Id: I404c135b933660a82678510b9ca2701985c5632a
Reviewed-on: https://code.wireshark.org/review/18589
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Fixed setting right address type instead of AT_IB for RoCE and RRoCE
depending on address type given by pinfo where address type would be
IPv4 or IPV6.
Fail to do so was resulting into infiniband dissector adding
conversation info based on AT_IB type vs payload dissectors dissecting
based on pinfo. Fixing this allows to add/search based on right
address type.
(Tested for Infiniband and RRoCE)
2. Added support to pass already parsed CM attribute id from infiniand to
other mad private data dissectors so that right dissection of private data
can be done based on CM attribute id (message type).
Moved CM attribute id definitions to header file so that private data
dissectors based on CM attribute id can reuse these values without
duplicate defines.
(Tested for Infiniband and RRoCE)
3. Added direction client to server/server to client, (active/passive) to
conversation_data for payload dissectors which cannot dissect only based
on payload content without knowing the direction.
(Tested for RRoCE)
4. Fixed IP CM to claim all 92 bytes of private data (including consumer
private data), instead of just 36 bytes of header because its part of IP
CM private data.
(Tested for Infiniband and RRoCE)
5. Fixed MAD header to claim all 232 (256-24) bytes of data as it belongs
to it in the tree.
(Tested for Infiniband and RRoCE)
6. Fixed getting ip version by performing AND operation first to extract IP
version field.
(Tested for RRoCE-IPV4 and Infiniband)
Change-Id: I37daca6a089784b61c25e10cdc8f3cf028ca8c58
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/18573
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- reinitialize the variable used to insert comma between packets when
performing a new export
- ensure that escaped ASCII characters are code on 4 digits characters
Change-Id: Ib557da4843f6b98f793b60e417260ebb27a38b99
Ping-Bug: 13073
Reviewed-on: https://code.wireshark.org/review/18598
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Fixed RAI which was broken
* Improved CGI and SAI
Change-Id: I1807b628ef54e2f3e94551c26301f1376bef0914
Reviewed-on: https://code.wireshark.org/review/18604
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Width of this field was increased in the 1.0a MA USB Update.
Change-Id: Ib1a40dee6fbcfd389c982b53c4b51f538c1973e7
Reviewed-on: https://code.wireshark.org/review/18607
Reviewed-by: Michael Mann <mmann78@netscape.net>
Parses large communities as specified in https://tools.ietf.org/html/draft-heitz-idr-large-community-04
Path Attribute - LARGE_COMMUNITY: 65536:1:1 65536:1:2 65536:1:3
Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
1... .... = Optional: Optional
.1.. .... = Transitive: Transitive
..0. .... = Partial: Complete
...0 .... = Length: Regular length
Type Code: LARGE_COMMUNITY (32)
Length: 36
Large communities: 65536:1:1
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 1
Large communities: 65536:1:2
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 2
Large communities: 65536:1:3
Global Administrator: 65536
Local Data Part 1: 1
Local Data Part 2: 3
Bug: 13083
Change-Id: I8db0601f621ceb6fb2e170ed9bfc2747091495ee
Reviewed-on: https://code.wireshark.org/review/18172
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Alexis La Goutte
Harald Welte