For the conversion of a 16-bit short address in 6lowpan to an IID, there
are several RFCs that produce different results. RFC 4944 section 6
specifies that the conversion uses the given PAN ID and the 16-bit short
address. RFC 6282, on the other hand, specifies thta the conversion only
uses the 16-bit short address and no longer uses the PAN ID.
The current version of the 6lowpan dissector supports only the newer RFC
6282, but there are protocols out there that assume that the address
conversion still abides to RFC 4944.
In order to support these protocols and following the discussion from
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8970
this patch introduces a boolean preference in the 6lowpan dissector that
indicates whether or not the older RFC 4944 should be used for address
conversion. By default, it is set to FALSE, thus leaving the behavior of
the dissector unchanged.
Besides the boolean preference, another helper function
lowpan_addr16_with_panid_to_ifcid has been written that implements the
expected behavior from RFC 4944 using the same hint mechanism already in
place in the dissector for the support of RFC 6282.
Change-Id: I8d202c69a225d7b1212080a174e0111e5203553c
Reviewed-on: https://code.wireshark.org/review/10902
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The 6lowpan standard specifies a reserved octet in the extended header
of an IP_PROTO_FRAGMENT packet in the same place used for the header
length for other extension headers.
The current version of the 6lowpan dissector displays the reserved octet
and the rest of the header (6 more bytes) together as data, as opposed to
displaying the reserved octet by itself and then the data (using the
data dissector).
This patch does not change the functionality of the dissector in any
way, only how the 7 bytes are displayed. Instead of displaying the
header information and then 7 bytes of data, it displays the reserved
octet and then the data. This is also consistent with the way the ipv6
dissector displays it (showing the reserved octet and its value).
For this purpose, there is a new hf (hf_6lowpan_nhc_ext_reserved) and
the corresponding proto_tree calls. Also, depending on the type of
extension header, the octets sent to the general data dissector are
shifted by one.
Change-Id: I4c7fb58a3364307e79517b979808f3e34a2e0b94
Reviewed-on: https://code.wireshark.org/review/10908
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissectors developed as plugins in wireshark that create new address
types require the use of address_type_dissector_register. Without
WS_DLL_PUBLIC, the function is not found when loading the plugin and
wireshark refuses to initialize it.
This very simple patch fixes this problem.
Change-Id: I8594a7be525830dd4ab9e1b3ea633aac0a07938a
Reviewed-on: https://code.wireshark.org/review/10899
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not leak the key and SSID. Note that there are still some leaks in
the GTK UI related to get_wireshark_keys(), but I did not track them
down.
Caught by LeakSanitizer.
Change-Id: I639166e6ea457605d6ae0ebd58e56d7594a7b7db
Reviewed-on: https://code.wireshark.org/review/10860
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I25d84c725559f5f077dcc03fb425a89d87e90f55
Reviewed-on: https://code.wireshark.org/review/10897
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8cfd1c223c70c7e03728af8b2f7cbf9354d7ad86
Ping-Bug: 3949
Reviewed-on: https://code.wireshark.org/review/10865
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iebf0fc5d3e86fba9a2ea4da5784256d820598e39
Reviewed-on: https://code.wireshark.org/review/10744
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Would leak some bytes after startup.
Caught by LeakSanitizer.
Change-Id: I4644f204343ce5a803a7dfdedac6a1960882807f
Reviewed-on: https://code.wireshark.org/review/10859
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The p_(add|get)_proto_data() functions are used to store data related
to an AMQP frame. The stored information gets overwritten if there are
multiple small AMQP frames in one TCP/IP packet.
As suggested by Pascal and https://code.wireshark.org/review/#/c/10579/,
we should use tvb_raw_offset as key for p_(add|get)_proto_data().
Change-Id: I860df8af51a6fbbef495985747313ae96402cc5c
Reviewed-on: https://code.wireshark.org/review/10836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
* draft-ietf-dnsop-delegation-trust-maintainance-14 => RFC 7344
Update also DNS-Based Authentication of Named Entities (DANE) Parameters (
2014-04-23) (no change)
Change-Id: I7aa7dddf8c26d2ea2ccb4a0533d835ce119737bd
Reviewed-on: https://code.wireshark.org/review/10825
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Load RSA private keys based on their public key instead of relying on
the user to specify a valid address and port mapping. This is more
reliable and prepares for simplification of the SSL Keys dialog.
After this change, the "address" part of the UAT dialog will be ignored
when loading the private key. The port+protocol mapping is still
imported, but should probably be removed too.
Change-Id: I4d7a2bfcf63d17e66e336ef770759f20510fc176
Reviewed-on: https://code.wireshark.org/review/10766
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The certificate and GnuTLS private key are never used except for
reporting in the log file. Remove the unused certificate-related code
from the PKCS#12 file parsing. Report an immediate error instead of
opening key file if GnuTLS is disabled.
Made ssl_load_key and ssl_load_pkcs12 static, they are not used outside
the SSL dissector. If for some reason the PKCS#12 bag contains multiple
private keys, then the previous one would be overwritten (leaking
memory). Fix this by returning the first private key found.
Simplify key_hash (dtls_key_hash/ssl_key_hash) memory management, now
the table automatically frees keys/values when items are removed.
Fix memory leaks:
- ssldecrypt_uat_fld_password_chk_cb: release ssl_load_pkcs12 memory.
- ssl_load_key: avoid leaking gnutls_x509_privkey_t on error.
- ssl_load_pkcs12: fix ssl_pkey leak on error path.
Change-Id: I5db6fecb0d74e5c78796392aeb17e3eb7985a2ef
Reviewed-on: https://code.wireshark.org/review/10764
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the adjustment to heur_dissector_add passing an enable/disable flag and "global" control of heuristic dissectors just like regular ones, this is no longer needed.
Change-Id: I2d433c7bff8353421eca31f8813992e38b716911
Reviewed-on: https://code.wireshark.org/review/10848
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From draft-ietf-idr-bgp-extended-messages
Update BGP Capability Codes to 2015-09-30
Change-Id: I2f3b44ad8ad7a9e5444cdfbfb22bf7d0538ffbfc
Reviewed-on: https://code.wireshark.org/review/10826
Reviewed-by: Michael Mann <mmann78@netscape.net>
Cosmetic change, to better distinguish if multiple
SPDO packages have been detected.
This should also be back-ported to 1.12 and 2.0
Change-Id: I3d0b26ecb6e0cc60b3cdc9861920c5ccaeb70cbd
Reviewed-on: https://code.wireshark.org/review/10829
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That way, the generic 802.11 radio dissector, and any future taps if we
add a tap with radio information, can get the channel for radiotap and
PPI headers, as we do for some other radio headers that supply just a
frequency.
Change-Id: I9e3037f69938bed3b3ba563689ff00aaed486a16
Reviewed-on: https://code.wireshark.org/review/10821
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Avoid displaying duplicate port numbers with transport name resolution disabled and
make some dissector code simpler.
Introduces port_with_resolution_to_str_buf() function and amends UDP/TCP/DCCP/SCTP to
use the new field display type.
Change-Id: Ifb97810b9c669ccbb1a310a2c0ffd6e2b63af210
Reviewed-on: https://code.wireshark.org/review/10625
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit extends h225 and h245 dissectors to support dissection
of ipv6 packets.
Change-Id: Id8c045344711a96f15d619ddd72065aa3712c429
Reviewed-on: https://code.wireshark.org/review/10799
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I6298b3de5f0a1cb988014ff16082eaf8c2a3c3c0
Reviewed-on: https://code.wireshark.org/review/10786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The AMQP channel number is 16-bit only.
packet-amqp.c: In function 'dissect_amqp_0_9_method_channel_close':
packet-amqp.c:8481: warning: cast to pointer from integer of different size
packet-amqp.c: In function 'get_conversation_channel':
packet-amqp.c:10512: warning: cast to pointer from integer of different size
packet-amqp.c:10518: warning: cast to pointer from integer of different size
Change-Id: I398ecfb19ecb7e741c2ed0675c1c625bf6a894f9
Reviewed-on: https://code.wireshark.org/review/10793
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Remove variadic macros restriction (c99, c++11 feature) from
README.developer. GCC, Clang, MSVC 2005 all support it.
Enable -Wno-variadic-macros in configure.ac and CMakeLists.txt when
-Wpedantic is enabled (which would enable -Wvariadic-macros).
For all files matching 'define\s*\w+[0-9]\(', replace "FOO[0-9]" by
"FOO" and adjust the macro definition accordingly. The nbap dissector
was regenerated after adjusting its template and .cnf file. The
generated code is the same since all files disabled the debug macros.
Discussed at:
https://www.wireshark.org/lists/wireshark-dev/201209/msg00142.htmlhttps://www.wireshark.org/lists/wireshark-dev/201510/msg00012.html
Change-Id: I3b2e22487db817cbbaac774a592669a4f44314b2
Reviewed-on: https://code.wireshark.org/review/10781
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch adds cross-references between publish/delivery and
ack/nack frames. This improves user comfort when inspecting the traffic.
Change-Id: I819b19474a3f0351eb769eadf3d32042cb5f5256
Reviewed-on: https://code.wireshark.org/review/10745
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The dissect_tcp_pdus function in LUA is passed two LUA functions that
get the PDU length and the dissect a PDU. When one of these functions
fail, a longjmp is made to the the caller of lua_pcall.
This is no problem for the PDU length function, but the PDU dissect
function is wrapped in a TRY/CATCH/ENDTRY block which also uses longjmp
and need to be fully executed. Without doing so, LUA exceptions will
crash on a weird location (except_pop).
Fix the crash by not using luaL_error, but throw dissector errors which
properly breaks out of the tcp_dissect_pdus C function and then convert
it to a LUA error such that the dissector can handle it.
Test with `tshark -X lua_script:crash.lua -r ssl.pcap`:
trivial_proto = Proto("trivial", "Trivial Protocol")
function dissect_foo(tvb, pinfo, tree)
error("triggering a LUA error");
end
function get_pdu_len(tvb, pinfo, tree) return 5; end
function trivial_proto.dissector(tvb, pinfo, tree)
dissect_tcp_pdus(tvb, tree, 5, get_pdu_len, dissect_foo)
end
tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(443, trivial_proto)
It should not crash and will print this:
Lua Error: dissect_tcp_pdus dissect_func: [string "crash.lua"]:3: triggering a LUA error
Change-Id: Ibd079cc5eb3a2e4d2e62ea49a512fa2cc8e561ea
Reviewed-on: https://code.wireshark.org/review/10685
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reported by Graham:
packet-bacapp.c(5299) : warning C4146: unary minus operator applied to unsigned type, result still unsigned
Regression in v1.99.10rc0-330-g71ec57a ("bacapp: fix
-Wshift-negative-value").
Change-Id: Ia3ea3acad3afdf7b8a449224c815ea45d7fdbc2b
Reviewed-on: https://code.wireshark.org/review/10785
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Keep "UDPLite" in ipproto.c in accordance with the IANA Considerations
section of RFC 3828.
Change-Id: Icfa2bc07ea3c6782e838b4896f9e4aec28422d34
Reviewed-on: https://code.wireshark.org/review/10765
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Found by starting Wireshark within an empty profile, opening
Preferences, search for Protocol "IEEE 802.11" (because it has radio
buttons), then close everything again.
Many fixes are trivial, but the various recent_read_* functions in
recent.c were changed to return a boolean such that the result can
always be checked even if errno==0.
QButtonGroup leak was hinted by Clang Static Analyzer, all other
memleaks were found using ASAN/LSan.
Change-Id: Ia73f5d4c09d92f22e72377be59e23342f8ad7211
Reviewed-on: https://code.wireshark.org/review/10776
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Shifting a negative signed value is undefined. Found by Clang.
Change-Id: If58d7b82899859892d8c58d627e98a8a902dd7fd
Reviewed-on: https://code.wireshark.org/review/10780
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Bug: 9877
Change-Id: I84fbfb0ae2dcfc98b005b0f4243d07bd929bb195
Reviewed-on: https://code.wireshark.org/review/10773
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It just dissects the fields, it doesn't do any decryption.
Also general cleanup while in the neighborhood.
Bug: 11022
Change-Id: I9acc787473c04730eab6016dce988dd194287894
Reviewed-on: https://code.wireshark.org/review/10759
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
S7 communication is also possible without TCP/IP.
This ISO transport uses the following protocols:
LLC->ISO8473->ISO8073->s7comm.
The cotp dissector has two subdissector lists.
cotp is uses with ISO-on-TCP, cotp_is with ISO transport.
Change-Id: Ife543bee8331184d2181b347e683dfc1c2e4a05a
Reviewed-on: https://code.wireshark.org/review/10771
Reviewed-by: Michael Mann <mmann78@netscape.net>