When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rane make -C asn1 and found this missing change.
Somehow the unnecessary initialization was not included with the
dissector regeneration in 3243b6f964
("asn1: split off cleanup routines").
Change-Id: I26d6f0ca4e7fa0b791108f016c684556da5d06e8
Reviewed-on: https://code.wireshark.org/review/10538
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
I'm guessing fix-encoding-args.pl doesn't work on packet-ncp2222.inc because the hf_ declarations/definitions aren't in the file itself, so it can't figure out endianness or field type. So to bring the file up to modern coding standards, I did it "manually". In general I think this file has escaped critique because of the "generated" nature of the dissector.
Also removed tvb_ensure_bytes_exist and tvb_get_ptr use as both were superfluous.
Change-Id: I224f0ce15f8eb93c48ecb8eea66d161d98468f23
Reviewed-on: https://code.wireshark.org/review/10502
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modifications to ncp2222.py
Add absolute time values eptime for file/volume info
Add support for 64 bit File Transfer NCP's (22/54, 22/55, 22/56, 22/57, 22/58, 87/70, 87/71, 87/72, 87/73, 89/41, 123/35)
Fix numerous dissection errors in NWInfo and ExtNWInfo structures
Fix some indention (white space) in source
Modifications to packet-ncp2222.inc
Change seq count rollover value to 16 instead of 255 to make it more robust
Add ncp 87,72 reply
Add ncp 8x20 request
Fix ncp 8x20 reply
Change-Id: I80bdcc5854c02edd4ea51c74aa0bbc9c0e062bc1
Reviewed-on: https://code.wireshark.org/review/10017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Broken in ge450b9b, when it stopped being static (which fixed other bugs). Conversations still need the fchdr "address" data to remain in scope.
Bug:11457
Change-Id: I17a3814bf76d2940124a2700fb6b12c6d7d834c1
Reviewed-on: https://code.wireshark.org/review/10518
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A few calls in the epan directory and comments in the ui directory
Change-Id: Ia8f8830ac6909ab94d3a03283bfd173456bc9718
Reviewed-on: https://code.wireshark.org/review/10492
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
After some analysis, update the dissector
Display only VC IP when type = 3, 4, 5 or 7
Change-Id: I53214125eebe978f67f6503072638ce3521cd155
Reviewed-on: https://code.wireshark.org/review/10441
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add 34 attributes.
All attributes for this day should be supported now.
Expect 3:
0x2906 - Valid Range
0x2A2A - IEEE 11073-20601 Regulatory Certification Data List
0x2A4D - Report
The first is hard to implement now, the second needs to buy
specification, the last one will be implemented later - when USB HID
implementation will be full.
Please note that FLOAT/SFLOAT types are now supported right now.
Change-Id: I0499e17257aa8cb831fbd0cf1524d8e59c98cac7
Reviewed-on: https://code.wireshark.org/review/10526
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Finally we have FT_UINT40, so used it in Bluetooth ATT and
HDP dissectors.
Change-Id: Iab0e71345f031bca972b1eee20d7e95e193b2aef
Reviewed-on: https://code.wireshark.org/review/10527
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
"GN" does not seems to be really useful, but "PAN GN" is reasonable.
Change-Id: Ia04aa20e4b95743c7db46e87606e3843a124d7e4
Reviewed-on: https://code.wireshark.org/review/10524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add error codes from AVDTP, GAVDTP and A2DP 1.3.1.
Change-Id: Ida7c8041bafcd954d9939c165808347f16c542a8
Reviewed-on: https://code.wireshark.org/review/10523
Reviewed-by: Michael Mann <mmann78@netscape.net>
The comment was valid, the private key is already looked during the
ClientHello message (using ssl_find_private_key) and since the key is
only used during the key exchange, it is not needed to look it up that
early.
Verified with the test suite (DTLS Decryption).
Change-Id: Ia084a40d98cd74c77e9f1659ac57eeb8d44e59b6
Reviewed-on: https://code.wireshark.org/review/10529
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Those lengths had better fit in an int if they're added to packet offsets.
(BTW, gsize is the spawn of Satan; it should never be used except when
you're dealing with GLib. It *should* have just been another name for
size_t, but it's 32 bits on 64-bit Windows, which means it's narrower
than size_t, which causes us some pain with g_snprintf().)
Change-Id: Icd8f0632242303dbea0d80e0dad45b317097daaa
Reviewed-on: https://code.wireshark.org/review/10516
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only make one pass through the parameter list, adding fields as we go. Use a
wmem_strbuf to simplify string construction. Extract the "add a param" switch
into its own function so it can be called from two different places.
Should be far easier to reason about, and much more efficient.
Change-Id: I0818e0b98cbc6d2025c776bce82e56fb72e8753a
Reviewed-on: https://code.wireshark.org/review/10505
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Evan Huus <eapache@gmail.com>
ServerRes message does not follow other message when it comes to
provinding the list of ip-addresses. The type of ip-address (IPv4
or IPv6 does not depend on the protocol version but the length of
the message.
Fix: ipv4 address displayed as ip-address
Change-Id: Ie16f81c9482b30a80da37b9327b09e933d7808f8
Reviewed-on: https://code.wireshark.org/review/10513
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit adds handling for option 242 to bootp.
The value of the Avaya option 242 is a string containing a list of
several suboptions seperated by a ",".
However some suboptions may have multiple values also seperated by
a comma. The values may be enclosed in quotes.
A real-life string e.g. looks like:
MCIPADD=10.1.1.2,10.1.1.3,TLSSRVR=10.1.1.5,VLANTEST=60,L2Q=1,L2QVLAN=77
Documentation can be found here:
https://downloads.avaya.com/elmodocs2/one-X_Deskphone_Edition/R1.5/output/16_300698_4/admn054.html and
http://downloads.avaya.com/css/P8/documents/100068659
A set of crafted packets is attached to the bug.
Bug: 11021
Change-Id: I99b557a952fd34c0fcab6d0a5311440969316973
Reviewed-on: https://code.wireshark.org/review/7443
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some new firmware has come out for sccp devices which contains the use of
1 new message and some extended enums
Fix: UserToDeviceData was reusing the hf_skinny_data flag which had a side effect of showing the label as 'Statistics' which was incorrect.
Change-Id: I84f31f5f170dee075df64b5e7187f8742b6768af
Reviewed-on: https://code.wireshark.org/review/10483
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
I.e., the calculations (thanks to the masking etc.) will result in
values that fit into a guint, so there's no loss of data in converting
to a guint.
Change-Id: I3dacce93ab87c625a45d22090b27774b9a63ba21
Reviewed-on: https://code.wireshark.org/review/10496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not in C, but in C++, and we check to make sure our C code can be
compiled by a C++ compiler.
Change-Id: Ib77fac1abf1c583ebbf4465e4bd681b9db71123c
Reviewed-on: https://code.wireshark.org/review/10495
Reviewed-by: Guy Harris <guy@alum.mit.edu>
tvb_get_string_enc() treats the FH as an an ASCII string and thus stops
reading at the first zero (0) it encounters.
Replace 'tvb_get_string_enc()' with 'tvb_memdup()' in dissect_fhandle_data().
Change-Id: Ifc30ec41590e9cab5666d0988fab1f66040ce0c7
Reviewed-on: https://code.wireshark.org/review/10493
Reviewed-by: Cal Turney <cturney@charter.net>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
It prevents proper update of Info column, and various other things
Change-Id: I355c46e6f6b3f923250d6b5bf720ea052ef3b646
Reviewed-on: https://code.wireshark.org/review/10488
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit fixes bug that I have encountred in the Flow graphs of VoIP calls.
Where the RTP communication is shown only in one direction. This happens
because the packet-sip.c dissector is unable to find SIP/SDP setup frame from
the recivers side and sets the setup frame to 0. Now if no frame is found the
number of current frame is used. I have checked the previous versions and in
ver 1.8.12 it worked properly (same as after this change).
Note: I am not sure if the 1.8.12 is the last version where this was working
properly.
Change-Id: Ibb3cf85cbce03f80a2492eeae6cf64acddc439f5
Reviewed-on: https://code.wireshark.org/review/10440
Reviewed-by: Tomáš Kukosa <tomas.kukosa@unify.com>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
SBC-4 Adds three new fields to the block limits VPD page related to the new
opcode WITE_ATOMIC_16 that we need to decode:
Max atomic transfer length
Atomic Alignment
Atomic Transfer Length Granularity
Change-Id: Ia75793972535f3c8f524eaba037b3297743d1853
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10481
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Replace use of "IPv6 option" or *_opt_* to describe extension header.
Change-Id: I84fec8e1b89a22a15c1843de1c86c39417d872ad
Reviewed-on: https://code.wireshark.org/review/10466
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added a new relational test: 'x in {a b c}'. The only LHS entity
supported at this time is a field. The generated DFVM operations are
equivalent to an OR'ed series of =='s, but with the redundant existence
tests removed.
Change-Id: Iddc89b81cf7ad6319aef1a2a94f93314cb721a8a
Reviewed-on: https://code.wireshark.org/review/10246
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As pointed out by checkAPI.pl
Change-Id: I1599a420cee168997102bf9c06d36a230fdd3c9e
Reviewed-on: https://code.wireshark.org/review/10467
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As pointed out by checkAPI.pl
Change-Id: I603465614236ec41d1050e6e3452dbf9021bf1d5
Reviewed-on: https://code.wireshark.org/review/10468
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As pointed out by checkAPI.pl.
Change-Id: Ibab9b2720f3ef666b06b2b61ffc54aa23cbb01fc
Reviewed-on: https://code.wireshark.org/review/10469
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
See:
https://www.wireshark.org/lists/wireshark-users/201508/msg00023.html
(Also set a fence on COL_INFO so we can see each packet's contribution to
the column.)
Change-Id: I9a4b1f60c5ad7065c2f025bbcca1dd2d09fec9de
Reviewed-on: https://code.wireshark.org/review/10471
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Report the exception and continue dissection of the end of RRC message
This is useful when there is an invalid NAS EPS message like in bug 11513
Change-Id: I74154892fe8125df57ef5a6966273d6df777977a
Reviewed-on: https://code.wireshark.org/review/10463
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
dissect_opts() is used to dissect both hop-by-hop options and
destination options.
Change-Id: I2cb8716a30cf521772d9128155c87c0f92598ef6
Reviewed-on: https://code.wireshark.org/review/10459
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Copied from the RTP Analysis dialog, just like the GTK+ version.
Change-Id: I111020bc4073a3a3ba583bdace51a91ee5fef300
Reviewed-on: https://code.wireshark.org/review/10447
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also make it configurable through preferences
Bug: 11508
Change-Id: Ic2cc085376d61892996b33ed45f906e4b3ff19da
Reviewed-on: https://code.wireshark.org/review/10449
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
OptoMMP sets destination_ID to 0x0000 if MSB not set
Else makes subtree with full dest_ID and boot_ID
Change-Id: I459a8428eacd71846344b5e9f95ef471c3bb049a
Reviewed-on: https://code.wireshark.org/review/10361
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The developer may provide a given menu as parent menu for the
sub menu. If the menu does not exist, the main menu will be used.
Has been implemented for Qt as well as GTK.
Change-Id: I3f26684862fd0b08f59eeb4d6f4a24ce7dc3d428
Reviewed-on: https://code.wireshark.org/review/9939
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
AirPDCapPacketProcess() really does two different things; some of the
stuff it does in both code paths only needs to be done in one code path.
Make it so.
Change-Id: Idb231d729150781f323e88ed375c983a3afd2577
Reviewed-on: https://code.wireshark.org/review/10439
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is intended for use in expert_add_info_format or proto_tree_add_expert_format to get the "base" string to then append additional information, but I'm sure other uses can be found.
Similar to some of the proto_get_xxx APIs, but still only "create as needed".
Change-Id: Ib76e6ed557c2ae41e0a40957a9efa4bf485909da
Reviewed-on: https://code.wireshark.org/review/10420
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AES keys must be at least 128 bits; AES_unwrap returns a null pointer if
handed a too-short key, and we then just dereference that null pointer
and crash. Just give up with a too-short key.
Bug: 11507
Change-Id: Id1cf0a43c608597a11ff9df40f3654e6ff30619d
Reviewed-on: https://code.wireshark.org/review/10422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is what should be used if, for some reason, decryption can't be
performed. (And if there's a known reason why decryption can't be
performed, it should be used, so the user knows why their
802.11/SSL/whatever traffic isn't decrypted, and either doesn't have to
ask why or, at least, can give more details when they do ask why.)
(Yes, I plan to use this for the 802.11 decryption code. Work in
progress.)
Change-Id: I812e61c2a4613d2e85f9ced1f5ed6ae91ac5f7ae
Reviewed-on: https://code.wireshark.org/review/10421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
RFC 7250 has changed the format of the Certificate structure from
RFC 5246 to the following:
opaque ASN.1Cert<1..2^24-1>;
struct {
select(certificate_type) {
// certificate type defined in RFC 7250
case RawPublicKey:
opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
// X.509 certificate defined in RFC 5246
case X.509:
ASN.1Cert certificate_list<0..2^24-1>;
};
} Certificate;
Thus, ssl_dissect_hnd_cert() must parse subjectPublicKeyInfo
immediately when the message's certificate type is
SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY. Otherwise, the message will
contain a certificate_list.
This modification first determines the certificate type and then
handles both cases independently. For raw public keys, no subtree
is created to reflect the flat structure of the certificate
message.
Bug: 11480
Change-Id: I1c55eca361c4e40fcbff5bc32bfc8de3576bdfbf
Reviewed-on: https://code.wireshark.org/review/10272
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When set, this brings back the dissection code that was removed in g84a8c1d (bug 5696)
Bug: 11475
Change-Id: Iba6b0ec6490e2971a3670d13cb3b84351b69f126
Reviewed-on: https://code.wireshark.org/review/10399
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Serval is a service-centric architecture that has been ported to XIA to
allow applications to communicate using service names. This change adds
a dissector for XIP Serval, which sits between layers 3 and 4, and
also amends the XIP dissector to be able to invoke it.
Bug: 11491
Change-Id: I11299ddbd0fb9eaf8728f8b3fde2a63656963114
Reviewed-on: https://code.wireshark.org/review/10315
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by Clang 3.7
Change-Id: I3a7c41eba2ee636bb74326598a3de47f5a23126a
Reviewed-on: https://code.wireshark.org/review/10325
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of false-positive coverity issues by using a macro instead
of source code if-statement.
Bug: 11501
Change-Id: I07f478ed334931f05bdfb87cb8f614b16bbf8fa8
Reviewed-on: https://code.wireshark.org/review/10376
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
IPv6 Extension Headers compressed using IPHC should have a single Pad1
or PadN inserted at the end if necessary - the previous code just left
any padding zero-initialised (equivalent to multiple Pad1s).
This guarantees correctly-compressed packets are accurately
decompressed, including the specific option padding pattern. (The type of
padding could matter, eg for IPSec authentication - padding options are
authenticated.)
Print a warning note if a non-option header needs padding - this is
invalid.
Bug: 10523
Change-Id: I66c98370862800a8fccbe02ed6a851961e2f7d1d
Reviewed-on: https://code.wireshark.org/review/10230
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
These aren't "true" shadow issues, but the script doesn't completely understand C syntax (for things like struct member names "time" and "index"). But fixing them creates less noise.
Change-Id: I5a2db1549095824530428529e86cab453c031a04
Reviewed-on: https://code.wireshark.org/review/10368
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
Replace all-caps "WIN32" referring to Windows in comments and other text
with "Windows" or "Win32". (The two are pretty much equivalent, these
days; nobody much cares about Win16, not that we ever ran on it, and
64-bit Windows is just a 64-bitified Win32.)
Change-Id: Id327bcd4b1e9baa4f27055eff08c2d9e594d6f70
Reviewed-on: https://code.wireshark.org/review/10367
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove some old cruft which compiled packet-rrc.c with '/Zd'
option for certain very old Microsoft C compilers which we no
longer support (e.g., MSVC6!).
Change-Id: I47f7ab8c92b9e495acedfe76260d607a01c2a40f
Reviewed-on: https://code.wireshark.org/review/10362
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Ib28206e9573f1dd624be1d3c265fef405f65b19a
Reviewed-on: https://code.wireshark.org/review/10351
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
890:9: warning: Access to field 'str' results in a dereference of a null pointer (loaded from variable 'token_list')
3132:4: warning: Value stored to 'str' is never read
3155:4: warning: Value stored to 'str' is never read
3166:4: warning: Value stored to 'str' is never read
3183:4: warning: Value stored to 'str' is never read
3192:4: warning: Value stored to 'str' is never read
3203:4: warning: Value stored to 'str' is never read
3220:4: warning: Value stored to 'str' is never read
Change-Id: If1a1acfc331e0648f95f6d6defe6533b6927ccaa
Reviewed-on: https://code.wireshark.org/review/10357
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I67f572129821fb00e4478a30bfd4a52287b8b1a1
Reviewed-on: https://code.wireshark.org/review/10350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If617016f588bbf940f37699e27559dc5c59cf508
Reviewed-on: https://code.wireshark.org/review/10349
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I95edc1b40c07a4addf194df6a2056e7b61193e5a
Reviewed-on: https://code.wireshark.org/review/10348
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I22dccb2f2d71897334e11632f4060ccfbf4794ad
Reviewed-on: https://code.wireshark.org/review/10334
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert both the MTP3 statistics and summary. As with the GSM stats this
is mostly untested.
Change-Id: I7af8d5f21c8161dc95f7f2c710f32364b6f6a431
Reviewed-on: https://code.wireshark.org/review/10338
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I353b4fcb3091e731a4b2a68e1932a5abc60c6038
Reviewed-on: https://code.wireshark.org/review/10323
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This currently only works for data frames. A Fixme is in place for
managment frames.
Change-Id: I0a72a9a3e40cf8269856fbbcd97b270af422afa2
Reviewed-on: https://code.wireshark.org/review/10322
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
don't create an expert info under if (tree)
Change-Id: I2c8f90483c434d708a97b621621ca123fc505edc
Reviewed-on: https://code.wireshark.org/review/10319
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
RFC 6282 specifies special handling of the "Length" field in compressed
IPv6 extension headers. However, the Fragment Header does not have a
Length field, so this special handling does not apply - the second octet
should be treated as opaque data, and the header length is always 8
octets.
Bug: 11368
Change-Id: I28fcd66d96f58a5959bb669caf4244afaca9e67e
Reviewed-on: https://code.wireshark.org/review/10231
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
I now read 8.2.4.1.10 "Order field" in 802.11-2012 as saying that, in
management and QoS data frames, the Order bit shouldn't be set for
non-HT, non-VHT frames, so we can just test it for those frame types
without bothering to check the radio metadata to see if the frame is an
HT or VHT frame.
This handles cases where the radio metadata isn't complete, e.g. an HT
frame with a radiotap header but no MCS field.
Handle this for *all* QoS data frames when capturing.
Get rid of the "fixed-length link-layer header" stuff; it's not being
used.
Fix a case where we're appending text to a tree item without a space
separating it from the previous text.
Bug: 11351
Change-Id: I980f5b7509603b0c22c297fddc19434c08817913
Reviewed-on: https://code.wireshark.org/review/10288
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not retrieve type and code base on the info column content.
Instead store type and code in pinfo structure and retrieve them in sequence analysis tap.
Change-Id: I71cd505d7faf713c2372731495d47b45928a41f8
Reviewed-on: https://code.wireshark.org/review/10280
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Artho <pascalartho@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The GTK+ UI sequentially dissects and caches column strings for all rows
before sorting a column. Do the same in the Qt UI, which can improve
performance considerably.
Don't colorize packets when sorting in the Qt UI unless it's necessary.
When sorting in the Qt UI, let the user cancel the initial packet
dissection. Note that we'll need to replace std::sort in order to
cancel out of sorting.
Use a pre-allocated and pre-compiled GRexex when we prime columns. Note
that we probably shouldn't parse a regular expression there.
Cache the last result of proto_registrar_get_byname.
Note performance hot spots elsewhere in the code.
To do:
GeoIP in packet-ip.c is pretty slow.
Bug: 11467
Change-Id: Ib34038fee08ef0319261faeffc4eca01e52f4bd3
Reviewed-on: https://code.wireshark.org/review/10275
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I066b70cfd58f5fb3ffbcb2e238416747d9e7dd57
Reviewed-on: https://code.wireshark.org/review/10269
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch enables validation of response authenticator messages when
the shared secret is known.
The validation can be activated in the preferences.
It implements the validation protocol described in RFC 2865 page 16: Response Authenticator.
When an authenticator is invalid, the information is added in the header information.
It adds two flags for the display filter : radius.authenticator.valid and
radius.authenticator.invalid: since verification is not always possible we use
two flags to determine if the verification has been made or not, in the same way as
udp and tcp checksum validation is implemented.
The Authenticator field becomes a tree, and the value of the flags are visible in
this tree.
Change-Id: I33a664f2265c6248e106cee7904c754089d50445
Reviewed-on: https://code.wireshark.org/review/10216
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The check for Alcatel extensions in bootp/dhcp packets is very weak,
resulting in some false positives. Then when trying to parse the
suboptions, the result is an error on the packet.
This change eliminates some false positives by adding a test that the
vendor-specific option contents match the encapsulated format described
in section 8.4 of RFC2132.
Change-Id: Ie4188ff900426c2d80a5694fbba5c88385625a61
Reviewed-on: https://code.wireshark.org/review/10267
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When parsing TDLS direct link packets the ToDS: 0 and FromDS:0
so the wireshark treats the 4th bit in QoS Control as "bit4", but it
should be treated as EOSP.
So changed the default case to EOSP and only when TODS is set
treat it as "bit4".
Change-Id: Ie2a73320dc9921aed4547e32836e6cd7d89ef109
Reviewed-on: https://code.wireshark.org/review/10250
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If you know the actual data length, use tvb_new_subset_length(); it will
use that as the *reported* length, which is how it *should* be used, and
will calculate the *captured* length for you as appropriate.
Change-Id: I86dde999f59fdfec58b118729b7b881737983033
Reviewed-on: https://code.wireshark.org/review/10260
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some other cleanup noted by the check* scripts.
Change-Id: I14d7bfa81c689fff00fc82e966d50d4ae9f0988d
Reviewed-on: https://code.wireshark.org/review/10254
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check for IP version and header size
Change-Id: I69102dda4e0e91ac1617d9a48fe9b0bab26aa9fe
Reviewed-on: https://code.wireshark.org/review/10218
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
being used to determine if we are dissecting 802.11ad in several places.
Since we now have a macro for testing that and the frequency is in the phdr
we really should use that. This also prevents problems during display filter
execution with respect to fields that are only present for 802.11ad.
Change-Id: Id04a31c15b04378b6b0f056baa1f37d94a65b71c
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10234
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Extracted from Joerg Mayer's Ixia-derived patch to 1.12 in bug 11464.
Most of the changes there are already in the trunk.
Change-Id: I90ba04e145ffb2b164810320e3510a5bed847ed4
Ping-Bug: 11464
Reviewed-on: https://code.wireshark.org/review/10243
Reviewed-by: Guy Harris <guy@alum.mit.edu>
bring up an expert info and exit
Change-Id: Icbbafb8b7187a66d3ddc9a674502ad728b7c4ffc
Reviewed-on: https://code.wireshark.org/review/10222
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
stop the dissection instead and bring up an expert info in the main function
Change-Id: I391bf821422ef8e6ae01849c88096e90e4295920
Reviewed-on: https://code.wireshark.org/review/10221
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I681b05755429fd7420c423ff88e5a4d3dc95db64
Reviewed-on: https://code.wireshark.org/review/10219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id710ab10093227b27ef5f18b0d2960e31d0b95a9
Reviewed-on: https://code.wireshark.org/review/10200
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's complaining about an "overflow in constant arithmetic". Neither
INFINITY nor NAN are specified by C90; C99 specifies that they are both
floats. Until recently, Microsoft had no interest in C99; if the
version we're using supports C99's INFINITY and NAN, it should be OK to
assign them to a variable (no "arithmetic" involved), so I'm guessing
that the "arithmetic" in question is the use of conditional operators ?
and :, so I'm writing it as an if statement instead.
Change-Id: I532b9b5943be32e0897e4f03ac4e625ac41ee63b
Reviewed-on: https://code.wireshark.org/review/10215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
64-bit integers are *not* guaranteed to be longs and, in fact, are *not*
longs on ILP32 platforms such as 32-bit UN*Xes and 32-bit Windows and on
LLP64 platforms such as 64-bit Windows.
Change-Id: I6408778f638bb6cea52ffb64be39ea26c9b2ee64
Reviewed-on: https://code.wireshark.org/review/10213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Spell out "mantissa" while we're at it.
Change-Id: I47ddb9882f45ef58a6f7101818683e68bc54983b
Reviewed-on: https://code.wireshark.org/review/10211
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds a dissector Concise Binary Object Representation (CBOR) (RFC 7049).
CBOR is a binary data format designed for implementations with small
code size as used in the IoT. It uses a structure similar to JSON, but
encodes the data in binary format. This is used on top of CoAP for
example.
Change-Id: I9d7b7d4f7609c899bfc68250cdfebd5dc64e0402
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/9848
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
fragment_add does not like adding zero-length fragments, it causes a
zero-length memcpy to NULL.
According to RFC 6347, fragment_offset=0 and fragment_length=length is
an unfragmented message, so fragment>0 and fragment_length=length=0 is a
fragmented message.
An empty fragment does not extend a previous message, so ignore it.
Such fragments are produced by at least GnuTLS 3.3.7[1], so raise a
warning instead of an error.
Caught by ubsan:
epan/tvbuff.c:783:10: runtime error: null pointer passed as argument 1, which is declared to never be null
#0 0x7f5319f6ed64 in tvb_memcpy epan/tvbuff.c:783
...
#13 0x7f5319f27e2b in fragment_add epan/reassemble.c:1394
#14 0x7f531a5c70a4 in dissect_dtls_handshake epan/dissectors/packet-dtls.c:1257
[1]: http://comments.gmane.org/gmane.network.gnutls.general/3582
Change-Id: I70bf16d2fb64793d0deaabe612147e238b743b2e
Ping-Bug: 11358
Reviewed-on: https://code.wireshark.org/review/9689
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If dissector_try_heuristic() succeeds return TRUE and vice-versa.
Change-Id: I3fb2595604f2f3981468473d0a966efe7387745e
Reviewed-on: https://code.wireshark.org/review/10199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add new Const/Def for WMQ800 FP3
Improve Detection of EBCDIC String in MQCONN_REPLY
Add Value in comments
Change-Id: I695a3afa64fee7f22918f68540901c97dfd38464
Reviewed-on: https://code.wireshark.org/review/10012
Reviewed-by: Robert Grange <robionekenobi@bluewin.ch>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Yes, it *should* have been called "HT", but hindsight is always 20-20.
If you want less confusingly named information, look at what the "802.11
radio information" dissector puts into the protocol tree; the radiotap
dissection is for people debugging radiotap implementations or looking
for vendor-specific information that's not (yet) put into the generic
802.11 radio information.
Change-Id: If6e97f82595a6f11a45e34d5a52e70e9ca686d7c
Reviewed-on: https://code.wireshark.org/review/10202
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1) Introduced by me in commit c4fe7129d8
where I didn't honor the "print lsa header only" flag properly for
data highlighting
2) Introduced in 2001 with commit dd1b7eafaf
which moved offset increasing into an "if (tree)" statement with code
after the if statement continuing to work with offset.
Also make display of v2 and v3 LSAs the same again (forgot one case in
previous commit.
bug:11461
Change-Id: I1986c19842f1fa9c8a6d0a7c9a79c64939eeb9d0
Reviewed-on: https://code.wireshark.org/review/10192
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Also add support for alphabetizing stat tree items as the addition of IPv6 stats tree makes it more obvious its needed.
Change-Id: I8b319ceac805ce7e3a1fd59f92c1c6fe2a54d3de
Reviewed-on: https://code.wireshark.org/review/10062
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Show the LSA type and length in the summary line
Improve a message to make it clear when we are talking about a LLS TLV
Add an expert item for LLS bit set but data block missing
PI_MALFORMED is an error not a warning.
Change-Id: I516c2a2f0c27fcf101671527d4e4f018e17d3025
Reviewed-on: https://code.wireshark.org/review/10189
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
least Cisco sends out these packets with a TTL of 1.
Change-Id: I9ef0cd486d200a768329cfb758b87e20e3456663
Reviewed-on: https://code.wireshark.org/review/10188
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Wslua's Int64.fromhex() and UInt64.fromhex() need to check the sscanf return
value. Found by coverity (CID 1191368 &1191369).
Change-Id: I67fba027e18341d429787515f94c794573dc41c2
Reviewed-on: https://code.wireshark.org/review/10183
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add HAVE_LIBGCRYPT compilation guards.
Move gcrypt-related variables into the scope they're used.
Change-Id: I81a2c8a54514fb51de53640fa8eceeddb2bf24d9
Reviewed-on: https://code.wireshark.org/review/10118
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RADIUS configuration sometimes uses more ports - for example, one for
authentication, another one for accounting. Sometimes it uses the entire
port ranges. In case of FreeRADIUS 2.x.x server it might look like this:
...
listen {
type = auth
ipaddr = *
port = 13812
}
listen {
type = acct
ipaddr = *
port = 13813
}
...
Unfortunately we allow only one port to be redefined, not more. So it
forces a person who's analyzing a traffic from such a RADIUS server
manually select "Decode as" every time for each port.
It was requested at least once to lift this limitation:
* https://ask.wireshark.org/questions/2189/decode-multiple-ports-as-radius
So let's fix it!
With this commit it's possible to set a port ranges for RADIUS dissector
to handle. An example (default) configuration looks like (see
~/.wireshark/preferences):
radius.ports: 1645,1646,1700,1812,1813,3799
Old "alternate_port" preference is marked as obsolete. It won't be shown
to a user but it will still be used if exists (remained from a previous
installations).
*Ver. 2*:
Old alternate_port value is copied to the ports range, thus making
transition even more smooth.
Change-Id: Ibdd6f4f9fa1e0ac186147cec380bbfc62d509b17
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10015
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissecting client and server KEX messages requires to precisely distinguish KEX
algos. For example, Server KEX for DH_anon do not contain a signature, while
DHE_DSS and DHE_RSA do. The patch introduces KEX distinction with full
precision and fixes dissecting _anon KEX messages.
Change-Id: I0bcd5e2bf899ba9cac79476d5b7a1ffb3accf0db
Reviewed-on: https://code.wireshark.org/review/9836
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix an off by 1 error for EPB case
Change-Id: I895d82a58ec02c577dcaa67a97d456b42460b947
Reviewed-on: https://code.wireshark.org/review/10149
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fix whitespace and replace tvb_captured_length with tvb_reported_length
Change-Id: I3952e7a1ac00b68e6f6eb1283977bc6299b0baaf
Reviewed-on: https://code.wireshark.org/review/9900
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ife5f44a333227b1df3d2377d12dbec65a4b4d5c3
Reviewed-on: https://code.wireshark.org/review/10164
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0aedefbb77899ebceac7fb08249faf47964d785b
Reviewed-on: https://code.wireshark.org/review/10163
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
up in the Expert Infos dialog.
Push the if(tree) check down into the basic type dissectors since we can't
generate/fill the label (which won't be used anyway) when we're not building
the tree (since the proto_item will be faked/NULL).
Change-Id: Ie4f1f6856cfad0dabc7c58cdee2c16c8fc032c6d
Reviewed-on: https://code.wireshark.org/review/10001
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provides better readability, the dissector table is only used for IPv6
extension headers.
Change-Id: I87d877a89c6465d4475f2f0a40636ccd1b6cdd92
Reviewed-on: https://code.wireshark.org/review/10174
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Instead of splitting the stats into two lists as with the GTK+ UI, add
everything to an expandable tree. This allows viewing nodes on more than
one network.
Rename the top-level Bluetooth menu item to Wireless and put the WLAN
stats dialog there.
The Qt UI matches SSIDs (WlanNetworkTreeWidgetItem::isMatch) a bit
differently than the GTK+ UI. Try to make the logic as plain as possible
since we'll likely have to update it in the future.
The addition of a custom BSSID address types means that we can't assume
that everything is AT_ETHER. Add routines for checking for broadcast
BSSIDs and comparing only the data portions of addresses.
Move PercentBarDelegate into its own module. Use it in
WlanStatisticsDialog.
Change-Id: Ie4214eb00671a890871380c4a07213ebfb7585c6
Reviewed-on: https://code.wireshark.org/review/10171
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If we run into an error when trying to register a tap listener, return
instead of tapping packets. This should fix some (but likely not all)
double frees found by Stig. For now close each statistics dialog if we
find an error. Note that we might want to keep them open instead.
Add checks and cleanups to some of the stats table free routines.
Call fillTree once in TapParameterDialog's constructor instead of each
time it's shown. Make fillTree a slot which lets us use a delay timer so
that the dialog is visible when we retap packets.
Change-Id: Id49f2f2a99bc8e5b1d32990024986b3c8b1abe24
Reviewed-on: https://code.wireshark.org/review/10153
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs