dissect_opts() is used to dissect both hop-by-hop options and
destination options.
Change-Id: I2cb8716a30cf521772d9128155c87c0f92598ef6
Reviewed-on: https://code.wireshark.org/review/10459
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Copied from the RTP Analysis dialog, just like the GTK+ version.
Change-Id: I111020bc4073a3a3ba583bdace51a91ee5fef300
Reviewed-on: https://code.wireshark.org/review/10447
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also make it configurable through preferences
Bug: 11508
Change-Id: Ic2cc085376d61892996b33ed45f906e4b3ff19da
Reviewed-on: https://code.wireshark.org/review/10449
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
OptoMMP sets destination_ID to 0x0000 if MSB not set
Else makes subtree with full dest_ID and boot_ID
Change-Id: I459a8428eacd71846344b5e9f95ef471c3bb049a
Reviewed-on: https://code.wireshark.org/review/10361
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The developer may provide a given menu as parent menu for the
sub menu. If the menu does not exist, the main menu will be used.
Has been implemented for Qt as well as GTK.
Change-Id: I3f26684862fd0b08f59eeb4d6f4a24ce7dc3d428
Reviewed-on: https://code.wireshark.org/review/9939
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
AirPDCapPacketProcess() really does two different things; some of the
stuff it does in both code paths only needs to be done in one code path.
Make it so.
Change-Id: Idb231d729150781f323e88ed375c983a3afd2577
Reviewed-on: https://code.wireshark.org/review/10439
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is intended for use in expert_add_info_format or proto_tree_add_expert_format to get the "base" string to then append additional information, but I'm sure other uses can be found.
Similar to some of the proto_get_xxx APIs, but still only "create as needed".
Change-Id: Ib76e6ed557c2ae41e0a40957a9efa4bf485909da
Reviewed-on: https://code.wireshark.org/review/10420
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AES keys must be at least 128 bits; AES_unwrap returns a null pointer if
handed a too-short key, and we then just dereference that null pointer
and crash. Just give up with a too-short key.
Bug: 11507
Change-Id: Id1cf0a43c608597a11ff9df40f3654e6ff30619d
Reviewed-on: https://code.wireshark.org/review/10422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is what should be used if, for some reason, decryption can't be
performed. (And if there's a known reason why decryption can't be
performed, it should be used, so the user knows why their
802.11/SSL/whatever traffic isn't decrypted, and either doesn't have to
ask why or, at least, can give more details when they do ask why.)
(Yes, I plan to use this for the 802.11 decryption code. Work in
progress.)
Change-Id: I812e61c2a4613d2e85f9ced1f5ed6ae91ac5f7ae
Reviewed-on: https://code.wireshark.org/review/10421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
RFC 7250 has changed the format of the Certificate structure from
RFC 5246 to the following:
opaque ASN.1Cert<1..2^24-1>;
struct {
select(certificate_type) {
// certificate type defined in RFC 7250
case RawPublicKey:
opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
// X.509 certificate defined in RFC 5246
case X.509:
ASN.1Cert certificate_list<0..2^24-1>;
};
} Certificate;
Thus, ssl_dissect_hnd_cert() must parse subjectPublicKeyInfo
immediately when the message's certificate type is
SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY. Otherwise, the message will
contain a certificate_list.
This modification first determines the certificate type and then
handles both cases independently. For raw public keys, no subtree
is created to reflect the flat structure of the certificate
message.
Bug: 11480
Change-Id: I1c55eca361c4e40fcbff5bc32bfc8de3576bdfbf
Reviewed-on: https://code.wireshark.org/review/10272
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When set, this brings back the dissection code that was removed in g84a8c1d (bug 5696)
Bug: 11475
Change-Id: Iba6b0ec6490e2971a3670d13cb3b84351b69f126
Reviewed-on: https://code.wireshark.org/review/10399
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Serval is a service-centric architecture that has been ported to XIA to
allow applications to communicate using service names. This change adds
a dissector for XIP Serval, which sits between layers 3 and 4, and
also amends the XIP dissector to be able to invoke it.
Bug: 11491
Change-Id: I11299ddbd0fb9eaf8728f8b3fde2a63656963114
Reviewed-on: https://code.wireshark.org/review/10315
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by Clang 3.7
Change-Id: I3a7c41eba2ee636bb74326598a3de47f5a23126a
Reviewed-on: https://code.wireshark.org/review/10325
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of false-positive coverity issues by using a macro instead
of source code if-statement.
Bug: 11501
Change-Id: I07f478ed334931f05bdfb87cb8f614b16bbf8fa8
Reviewed-on: https://code.wireshark.org/review/10376
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
IPv6 Extension Headers compressed using IPHC should have a single Pad1
or PadN inserted at the end if necessary - the previous code just left
any padding zero-initialised (equivalent to multiple Pad1s).
This guarantees correctly-compressed packets are accurately
decompressed, including the specific option padding pattern. (The type of
padding could matter, eg for IPSec authentication - padding options are
authenticated.)
Print a warning note if a non-option header needs padding - this is
invalid.
Bug: 10523
Change-Id: I66c98370862800a8fccbe02ed6a851961e2f7d1d
Reviewed-on: https://code.wireshark.org/review/10230
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
These aren't "true" shadow issues, but the script doesn't completely understand C syntax (for things like struct member names "time" and "index"). But fixing them creates less noise.
Change-Id: I5a2db1549095824530428529e86cab453c031a04
Reviewed-on: https://code.wireshark.org/review/10368
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
Replace all-caps "WIN32" referring to Windows in comments and other text
with "Windows" or "Win32". (The two are pretty much equivalent, these
days; nobody much cares about Win16, not that we ever ran on it, and
64-bit Windows is just a 64-bitified Win32.)
Change-Id: Id327bcd4b1e9baa4f27055eff08c2d9e594d6f70
Reviewed-on: https://code.wireshark.org/review/10367
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove some old cruft which compiled packet-rrc.c with '/Zd'
option for certain very old Microsoft C compilers which we no
longer support (e.g., MSVC6!).
Change-Id: I47f7ab8c92b9e495acedfe76260d607a01c2a40f
Reviewed-on: https://code.wireshark.org/review/10362
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Ib28206e9573f1dd624be1d3c265fef405f65b19a
Reviewed-on: https://code.wireshark.org/review/10351
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
890:9: warning: Access to field 'str' results in a dereference of a null pointer (loaded from variable 'token_list')
3132:4: warning: Value stored to 'str' is never read
3155:4: warning: Value stored to 'str' is never read
3166:4: warning: Value stored to 'str' is never read
3183:4: warning: Value stored to 'str' is never read
3192:4: warning: Value stored to 'str' is never read
3203:4: warning: Value stored to 'str' is never read
3220:4: warning: Value stored to 'str' is never read
Change-Id: If1a1acfc331e0648f95f6d6defe6533b6927ccaa
Reviewed-on: https://code.wireshark.org/review/10357
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I67f572129821fb00e4478a30bfd4a52287b8b1a1
Reviewed-on: https://code.wireshark.org/review/10350
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If617016f588bbf940f37699e27559dc5c59cf508
Reviewed-on: https://code.wireshark.org/review/10349
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I95edc1b40c07a4addf194df6a2056e7b61193e5a
Reviewed-on: https://code.wireshark.org/review/10348
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I22dccb2f2d71897334e11632f4060ccfbf4794ad
Reviewed-on: https://code.wireshark.org/review/10334
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert both the MTP3 statistics and summary. As with the GSM stats this
is mostly untested.
Change-Id: I7af8d5f21c8161dc95f7f2c710f32364b6f6a431
Reviewed-on: https://code.wireshark.org/review/10338
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I353b4fcb3091e731a4b2a68e1932a5abc60c6038
Reviewed-on: https://code.wireshark.org/review/10323
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This currently only works for data frames. A Fixme is in place for
managment frames.
Change-Id: I0a72a9a3e40cf8269856fbbcd97b270af422afa2
Reviewed-on: https://code.wireshark.org/review/10322
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
don't create an expert info under if (tree)
Change-Id: I2c8f90483c434d708a97b621621ca123fc505edc
Reviewed-on: https://code.wireshark.org/review/10319
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
RFC 6282 specifies special handling of the "Length" field in compressed
IPv6 extension headers. However, the Fragment Header does not have a
Length field, so this special handling does not apply - the second octet
should be treated as opaque data, and the header length is always 8
octets.
Bug: 11368
Change-Id: I28fcd66d96f58a5959bb669caf4244afaca9e67e
Reviewed-on: https://code.wireshark.org/review/10231
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
I now read 8.2.4.1.10 "Order field" in 802.11-2012 as saying that, in
management and QoS data frames, the Order bit shouldn't be set for
non-HT, non-VHT frames, so we can just test it for those frame types
without bothering to check the radio metadata to see if the frame is an
HT or VHT frame.
This handles cases where the radio metadata isn't complete, e.g. an HT
frame with a radiotap header but no MCS field.
Handle this for *all* QoS data frames when capturing.
Get rid of the "fixed-length link-layer header" stuff; it's not being
used.
Fix a case where we're appending text to a tree item without a space
separating it from the previous text.
Bug: 11351
Change-Id: I980f5b7509603b0c22c297fddc19434c08817913
Reviewed-on: https://code.wireshark.org/review/10288
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not retrieve type and code base on the info column content.
Instead store type and code in pinfo structure and retrieve them in sequence analysis tap.
Change-Id: I71cd505d7faf713c2372731495d47b45928a41f8
Reviewed-on: https://code.wireshark.org/review/10280
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Artho <pascalartho@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The GTK+ UI sequentially dissects and caches column strings for all rows
before sorting a column. Do the same in the Qt UI, which can improve
performance considerably.
Don't colorize packets when sorting in the Qt UI unless it's necessary.
When sorting in the Qt UI, let the user cancel the initial packet
dissection. Note that we'll need to replace std::sort in order to
cancel out of sorting.
Use a pre-allocated and pre-compiled GRexex when we prime columns. Note
that we probably shouldn't parse a regular expression there.
Cache the last result of proto_registrar_get_byname.
Note performance hot spots elsewhere in the code.
To do:
GeoIP in packet-ip.c is pretty slow.
Bug: 11467
Change-Id: Ib34038fee08ef0319261faeffc4eca01e52f4bd3
Reviewed-on: https://code.wireshark.org/review/10275
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I066b70cfd58f5fb3ffbcb2e238416747d9e7dd57
Reviewed-on: https://code.wireshark.org/review/10269
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch enables validation of response authenticator messages when
the shared secret is known.
The validation can be activated in the preferences.
It implements the validation protocol described in RFC 2865 page 16: Response Authenticator.
When an authenticator is invalid, the information is added in the header information.
It adds two flags for the display filter : radius.authenticator.valid and
radius.authenticator.invalid: since verification is not always possible we use
two flags to determine if the verification has been made or not, in the same way as
udp and tcp checksum validation is implemented.
The Authenticator field becomes a tree, and the value of the flags are visible in
this tree.
Change-Id: I33a664f2265c6248e106cee7904c754089d50445
Reviewed-on: https://code.wireshark.org/review/10216
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The check for Alcatel extensions in bootp/dhcp packets is very weak,
resulting in some false positives. Then when trying to parse the
suboptions, the result is an error on the packet.
This change eliminates some false positives by adding a test that the
vendor-specific option contents match the encapsulated format described
in section 8.4 of RFC2132.
Change-Id: Ie4188ff900426c2d80a5694fbba5c88385625a61
Reviewed-on: https://code.wireshark.org/review/10267
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When parsing TDLS direct link packets the ToDS: 0 and FromDS:0
so the wireshark treats the 4th bit in QoS Control as "bit4", but it
should be treated as EOSP.
So changed the default case to EOSP and only when TODS is set
treat it as "bit4".
Change-Id: Ie2a73320dc9921aed4547e32836e6cd7d89ef109
Reviewed-on: https://code.wireshark.org/review/10250
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If you know the actual data length, use tvb_new_subset_length(); it will
use that as the *reported* length, which is how it *should* be used, and
will calculate the *captured* length for you as appropriate.
Change-Id: I86dde999f59fdfec58b118729b7b881737983033
Reviewed-on: https://code.wireshark.org/review/10260
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Some other cleanup noted by the check* scripts.
Change-Id: I14d7bfa81c689fff00fc82e966d50d4ae9f0988d
Reviewed-on: https://code.wireshark.org/review/10254
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check for IP version and header size
Change-Id: I69102dda4e0e91ac1617d9a48fe9b0bab26aa9fe
Reviewed-on: https://code.wireshark.org/review/10218
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
being used to determine if we are dissecting 802.11ad in several places.
Since we now have a macro for testing that and the frequency is in the phdr
we really should use that. This also prevents problems during display filter
execution with respect to fields that are only present for 802.11ad.
Change-Id: Id04a31c15b04378b6b0f056baa1f37d94a65b71c
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10234
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Extracted from Joerg Mayer's Ixia-derived patch to 1.12 in bug 11464.
Most of the changes there are already in the trunk.
Change-Id: I90ba04e145ffb2b164810320e3510a5bed847ed4
Ping-Bug: 11464
Reviewed-on: https://code.wireshark.org/review/10243
Reviewed-by: Guy Harris <guy@alum.mit.edu>
bring up an expert info and exit
Change-Id: Icbbafb8b7187a66d3ddc9a674502ad728b7c4ffc
Reviewed-on: https://code.wireshark.org/review/10222
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
stop the dissection instead and bring up an expert info in the main function
Change-Id: I391bf821422ef8e6ae01849c88096e90e4295920
Reviewed-on: https://code.wireshark.org/review/10221
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I681b05755429fd7420c423ff88e5a4d3dc95db64
Reviewed-on: https://code.wireshark.org/review/10219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id710ab10093227b27ef5f18b0d2960e31d0b95a9
Reviewed-on: https://code.wireshark.org/review/10200
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's complaining about an "overflow in constant arithmetic". Neither
INFINITY nor NAN are specified by C90; C99 specifies that they are both
floats. Until recently, Microsoft had no interest in C99; if the
version we're using supports C99's INFINITY and NAN, it should be OK to
assign them to a variable (no "arithmetic" involved), so I'm guessing
that the "arithmetic" in question is the use of conditional operators ?
and :, so I'm writing it as an if statement instead.
Change-Id: I532b9b5943be32e0897e4f03ac4e625ac41ee63b
Reviewed-on: https://code.wireshark.org/review/10215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
64-bit integers are *not* guaranteed to be longs and, in fact, are *not*
longs on ILP32 platforms such as 32-bit UN*Xes and 32-bit Windows and on
LLP64 platforms such as 64-bit Windows.
Change-Id: I6408778f638bb6cea52ffb64be39ea26c9b2ee64
Reviewed-on: https://code.wireshark.org/review/10213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Spell out "mantissa" while we're at it.
Change-Id: I47ddb9882f45ef58a6f7101818683e68bc54983b
Reviewed-on: https://code.wireshark.org/review/10211
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds a dissector Concise Binary Object Representation (CBOR) (RFC 7049).
CBOR is a binary data format designed for implementations with small
code size as used in the IoT. It uses a structure similar to JSON, but
encodes the data in binary format. This is used on top of CoAP for
example.
Change-Id: I9d7b7d4f7609c899bfc68250cdfebd5dc64e0402
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/9848
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
fragment_add does not like adding zero-length fragments, it causes a
zero-length memcpy to NULL.
According to RFC 6347, fragment_offset=0 and fragment_length=length is
an unfragmented message, so fragment>0 and fragment_length=length=0 is a
fragmented message.
An empty fragment does not extend a previous message, so ignore it.
Such fragments are produced by at least GnuTLS 3.3.7[1], so raise a
warning instead of an error.
Caught by ubsan:
epan/tvbuff.c:783:10: runtime error: null pointer passed as argument 1, which is declared to never be null
#0 0x7f5319f6ed64 in tvb_memcpy epan/tvbuff.c:783
...
#13 0x7f5319f27e2b in fragment_add epan/reassemble.c:1394
#14 0x7f531a5c70a4 in dissect_dtls_handshake epan/dissectors/packet-dtls.c:1257
[1]: http://comments.gmane.org/gmane.network.gnutls.general/3582
Change-Id: I70bf16d2fb64793d0deaabe612147e238b743b2e
Ping-Bug: 11358
Reviewed-on: https://code.wireshark.org/review/9689
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If dissector_try_heuristic() succeeds return TRUE and vice-versa.
Change-Id: I3fb2595604f2f3981468473d0a966efe7387745e
Reviewed-on: https://code.wireshark.org/review/10199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add new Const/Def for WMQ800 FP3
Improve Detection of EBCDIC String in MQCONN_REPLY
Add Value in comments
Change-Id: I695a3afa64fee7f22918f68540901c97dfd38464
Reviewed-on: https://code.wireshark.org/review/10012
Reviewed-by: Robert Grange <robionekenobi@bluewin.ch>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Yes, it *should* have been called "HT", but hindsight is always 20-20.
If you want less confusingly named information, look at what the "802.11
radio information" dissector puts into the protocol tree; the radiotap
dissection is for people debugging radiotap implementations or looking
for vendor-specific information that's not (yet) put into the generic
802.11 radio information.
Change-Id: If6e97f82595a6f11a45e34d5a52e70e9ca686d7c
Reviewed-on: https://code.wireshark.org/review/10202
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1) Introduced by me in commit c4fe7129d8
where I didn't honor the "print lsa header only" flag properly for
data highlighting
2) Introduced in 2001 with commit dd1b7eafaf
which moved offset increasing into an "if (tree)" statement with code
after the if statement continuing to work with offset.
Also make display of v2 and v3 LSAs the same again (forgot one case in
previous commit.
bug:11461
Change-Id: I1986c19842f1fa9c8a6d0a7c9a79c64939eeb9d0
Reviewed-on: https://code.wireshark.org/review/10192
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Also add support for alphabetizing stat tree items as the addition of IPv6 stats tree makes it more obvious its needed.
Change-Id: I8b319ceac805ce7e3a1fd59f92c1c6fe2a54d3de
Reviewed-on: https://code.wireshark.org/review/10062
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Show the LSA type and length in the summary line
Improve a message to make it clear when we are talking about a LLS TLV
Add an expert item for LLS bit set but data block missing
PI_MALFORMED is an error not a warning.
Change-Id: I516c2a2f0c27fcf101671527d4e4f018e17d3025
Reviewed-on: https://code.wireshark.org/review/10189
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
least Cisco sends out these packets with a TTL of 1.
Change-Id: I9ef0cd486d200a768329cfb758b87e20e3456663
Reviewed-on: https://code.wireshark.org/review/10188
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Wslua's Int64.fromhex() and UInt64.fromhex() need to check the sscanf return
value. Found by coverity (CID 1191368 &1191369).
Change-Id: I67fba027e18341d429787515f94c794573dc41c2
Reviewed-on: https://code.wireshark.org/review/10183
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add HAVE_LIBGCRYPT compilation guards.
Move gcrypt-related variables into the scope they're used.
Change-Id: I81a2c8a54514fb51de53640fa8eceeddb2bf24d9
Reviewed-on: https://code.wireshark.org/review/10118
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RADIUS configuration sometimes uses more ports - for example, one for
authentication, another one for accounting. Sometimes it uses the entire
port ranges. In case of FreeRADIUS 2.x.x server it might look like this:
...
listen {
type = auth
ipaddr = *
port = 13812
}
listen {
type = acct
ipaddr = *
port = 13813
}
...
Unfortunately we allow only one port to be redefined, not more. So it
forces a person who's analyzing a traffic from such a RADIUS server
manually select "Decode as" every time for each port.
It was requested at least once to lift this limitation:
* https://ask.wireshark.org/questions/2189/decode-multiple-ports-as-radius
So let's fix it!
With this commit it's possible to set a port ranges for RADIUS dissector
to handle. An example (default) configuration looks like (see
~/.wireshark/preferences):
radius.ports: 1645,1646,1700,1812,1813,3799
Old "alternate_port" preference is marked as obsolete. It won't be shown
to a user but it will still be used if exists (remained from a previous
installations).
*Ver. 2*:
Old alternate_port value is copied to the ports range, thus making
transition even more smooth.
Change-Id: Ibdd6f4f9fa1e0ac186147cec380bbfc62d509b17
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10015
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissecting client and server KEX messages requires to precisely distinguish KEX
algos. For example, Server KEX for DH_anon do not contain a signature, while
DHE_DSS and DHE_RSA do. The patch introduces KEX distinction with full
precision and fixes dissecting _anon KEX messages.
Change-Id: I0bcd5e2bf899ba9cac79476d5b7a1ffb3accf0db
Reviewed-on: https://code.wireshark.org/review/9836
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix an off by 1 error for EPB case
Change-Id: I895d82a58ec02c577dcaa67a97d456b42460b947
Reviewed-on: https://code.wireshark.org/review/10149
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Fix whitespace and replace tvb_captured_length with tvb_reported_length
Change-Id: I3952e7a1ac00b68e6f6eb1283977bc6299b0baaf
Reviewed-on: https://code.wireshark.org/review/9900
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ife5f44a333227b1df3d2377d12dbec65a4b4d5c3
Reviewed-on: https://code.wireshark.org/review/10164
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0aedefbb77899ebceac7fb08249faf47964d785b
Reviewed-on: https://code.wireshark.org/review/10163
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
up in the Expert Infos dialog.
Push the if(tree) check down into the basic type dissectors since we can't
generate/fill the label (which won't be used anyway) when we're not building
the tree (since the proto_item will be faked/NULL).
Change-Id: Ie4f1f6856cfad0dabc7c58cdee2c16c8fc032c6d
Reviewed-on: https://code.wireshark.org/review/10001
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provides better readability, the dissector table is only used for IPv6
extension headers.
Change-Id: I87d877a89c6465d4475f2f0a40636ccd1b6cdd92
Reviewed-on: https://code.wireshark.org/review/10174
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Instead of splitting the stats into two lists as with the GTK+ UI, add
everything to an expandable tree. This allows viewing nodes on more than
one network.
Rename the top-level Bluetooth menu item to Wireless and put the WLAN
stats dialog there.
The Qt UI matches SSIDs (WlanNetworkTreeWidgetItem::isMatch) a bit
differently than the GTK+ UI. Try to make the logic as plain as possible
since we'll likely have to update it in the future.
The addition of a custom BSSID address types means that we can't assume
that everything is AT_ETHER. Add routines for checking for broadcast
BSSIDs and comparing only the data portions of addresses.
Move PercentBarDelegate into its own module. Use it in
WlanStatisticsDialog.
Change-Id: Ie4214eb00671a890871380c4a07213ebfb7585c6
Reviewed-on: https://code.wireshark.org/review/10171
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If we run into an error when trying to register a tap listener, return
instead of tapping packets. This should fix some (but likely not all)
double frees found by Stig. For now close each statistics dialog if we
find an error. Note that we might want to keep them open instead.
Add checks and cleanups to some of the stats table free routines.
Call fillTree once in TapParameterDialog's constructor instead of each
time it's shown. Make fillTree a slot which lets us use a delay timer so
that the dialog is visible when we retap packets.
Change-Id: Id49f2f2a99bc8e5b1d32990024986b3c8b1abe24
Reviewed-on: https://code.wireshark.org/review/10153
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Ifa6170622bc8331097bc3fe9c567c97ce826c340
Reviewed-on: https://code.wireshark.org/review/10140
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise dissection will fail when analyzing a capture with a snap length set
Change-Id: If6714364efffdd1fbf88c947743929a71f75c663
Reviewed-on: https://code.wireshark.org/review/10135
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise dissection will fail when analyzing a capture with a snap length set
Change-Id: I764f48c624d0cc411b04ee62f8ecccaf6abb6f0c
Reviewed-on: https://code.wireshark.org/review/10134
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found also by Coverity (CID 1316607)
Change-Id: Ib6a4437fd24b51a8aa87d4bcdb5ee2a1dc43dae3
Reviewed-on: https://code.wireshark.org/review/10124
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
When fields have changed the compiled display filter may be invalid
or need a recompile to be valid.
Filters which are not valid after a recompile is set to a filter
matching no packets (frame.number == 0) to indicate that this does
no longer match anything. We should probably have a better filter
matching no packet for this purpose.
Change-Id: Id27efa9f46e77e20df50d7366f26d5cada186f93
Reviewed-on: https://code.wireshark.org/review/10123
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Use common code for all time stamps, so it's handled the same for the
Packet Block, Enhanced Packet Block, and Interface Statistics Block.
Show the high and low parts of the time stamp as fields; file dissectors
should show the raw file details. Mark the calculated time stamp as
generated, as it's not the raw file data.
Get the 64-bit time stamp by shifting the high part left 32 bits and
ORing in the low part; no need to play games with unions and byte order
Change-Id: I19b2c3227a3ca1e93ec653f279136aa18687581f
Reviewed-on: https://code.wireshark.org/review/10116
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"secs" in an nstime_t is a time_t; cast the calculated seconds portion
to time_t.
Change-Id: Ieaad4c18bb21384a5781f50eadd3a537b414a369
Reviewed-on: https://code.wireshark.org/review/10113
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found compiling with gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04).
Change-Id: I21bd3a5ab3365f0065c919aba7d6bd00b878d041
Reviewed-on: https://code.wireshark.org/review/10105
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Show next layers of each packet.
Change-Id: I8c56eab969fef9a0a712b479dc2cdef6cc1578ae
Reviewed-on: https://code.wireshark.org/review/221
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They have educational values and can be used to debugging some issues.
Now Wireshark can open three files (BTSNOOP, PCAP, PCAPNG)
in two modes: Capture (Traditional) and File-Format.
Change-Id: I833b2464d11864f170923dc989a1925d3d217943
Reviewed-on: https://code.wireshark.org/review/10089
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It works similar to tcp_dissect_pdus, but only works on a single packet. Intended for protocols that go over TCP and UDP so that they can have a common dissection function.
Will of course, also work on UDP-only protocols with a fixed length header and size.
Used DNP3 as a guinea pig since "multiple PDU support" over UDP was just added.
Change-Id: Ib7af8eaf7102c96b4f8b5c1b891ae2d8f0886f9d
Reviewed-on: https://code.wireshark.org/review/10083
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
+18 ATT attributes to be implemented (IPS 1.0 - 19 May 2015, etc.)
Change-Id: Ib30ea20fe9b32a4be842f01ad5b8e8ee081a14ff
Reviewed-on: https://code.wireshark.org/review/10095
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 14 attributes (not as easy as the previous),
there are still 19 + 3 (no idea for now [Valid Range, Report, IEEE 11073-20601
Regulatory Certification Data List]) attributes to be implemented (soon).
Change-Id: Iee5cde4673b62f93084923a592b11824c0683605
Reviewed-on: https://code.wireshark.org/review/10094
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* use the offset variable to keep track of where we are,
remove the position variable
(previously, offset remained 0 all the time...)
* use proto_tree_add_item()
* highlight the correct bytes for each field
* define a block type and block length instead of
naming these fields differently for each block
* indent by 4 spaces
Change-Id: Ie0995e5fe6364605fd30020f171e51458844fa59
Reviewed-on: https://code.wireshark.org/review/10080
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I32fdf085ef484d147d9f0b27c56efba41bb827bf
Reviewed-on: https://code.wireshark.org/review/10086
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
leaving the parsing loop should be enough in this case...
Change-Id: Ic250961aeb4d3cfcd74ee8caacb59657c32444de
Reviewed-on: https://code.wireshark.org/review/10078
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Bug: 10783
Change-Id: Id598838f036b1f312791d9dddbf3767dcbfd1aee
Reviewed-on: https://code.wireshark.org/review/9937
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Required introducing packet_info* to xml_frame_t structure.
Change-Id: Ie777fe3bc8c7ea052d3441dd31e0631ce47324cb
Reviewed-on: https://code.wireshark.org/review/10063
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 11435
Change-Id: I1f3006a4276e8a95d028294ebb9635f71be0f75e
Reviewed-on: https://code.wireshark.org/review/10013
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1 millisecond = 1000000 nanoseconds, not 1000 nanoseconds, and
nstime->nsecs is nanoseconds, not microseconds.
Change-Id: I6925ff80f6443015f83ca00bad2a347d10eadd7c
Reviewed-on: https://code.wireshark.org/review/10060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-amqp.c:10660: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-amqp.c:10661: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: Ic1c19edf10432dccb5fc4f3ea07defd45b9eef17
Reviewed-on: https://code.wireshark.org/review/10054
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
draft-ietf-pce-segment-routing has been issued. Reference:
https://mailarchive.ietf.org/arch/msg/pce/Zdsc0HHl1SLvpANRWhpLvIzJQyI
There are implementations out there that are using 5 as SR-ERO subobject
identifier (instead of 36 that will be assigned by IANA) and 27 as the
PATH-SETUP-TYPE TLV identifier (instead of 28 that will be assigned by
IANA). This patch decodes both 5/36 as SR-ERO subobject and 27/28 as
PATH-SETUP-TYPE. It is unlikely that IANA will re-assign code points 5
and 27 in the near future.
Change-Id: Ie2efa869344e4c1121f19f1ee3a71711d566a037
Signed-off-by: ff <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10057
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
The CMake dumpbabi targets collectively copy over 800 files. Do
that when when we build the actual targets instead of at configure
time. Hopefully this will speed up initial CMake runs.
Change-Id: I6e4d691e24c73ea05d638a0f897f570541c84e38
Reviewed-on: https://code.wireshark.org/review/10052
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Timestamps are currently dissected as integer numbers; two aspects need to
be recatored to correctly dissect timestamps:
- the add_1_0_proto_item() function
- protocol fields (hf_xxx) and the get_amqp_1_0_value_formatter()
(1)
The AMQP 1.0 dissector rely on the proto_tree_add_item. There is only one
invocation common for all datatypes (in add_1_0_proto_item), which cannot
pass any type-specific ENC_xxx specifiers and it cannot handle custom
datatypes like AMQP timestamp.
I propose to replace the add_1_0_proto_item() by type-specific dissectors that
will correctly set the ENC_xxx specifiers and handle exceptional cases like
the AMQP timestamp or the zero-length true/false datatypes.
(2)
The get_amqp_1_0_value_formatter implements a table-driven magic to select
alternate hf_xxx field based on the actual datatype. This however
- defines alternate fields where the standard permits only one datatype
- does not support fields that can contain any datatype ("*")
- does not support FT_TIMESTAMP
I propose to make this mechanism less table-driven (more explicit and more
flexible) and allow all alternates permitted by the standard.
Change-Id: Ib2cbda632d4c81ec3e6b81f539fe77bb913afc1c
Reviewed-on: https://code.wireshark.org/review/9528
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6505ce34de84bfe46d5bc7b4d6a3c6044f3fb4b5
Reviewed-on: https://code.wireshark.org/review/10041
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Callers may need to know information like retransmissions, etc which will be lost.
Change-Id: I3f8b6b0aeb308701eb34ae6f6f735af6995ed441
Reviewed-on: https://code.wireshark.org/review/9940
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we try and reassemble a fragment whose end does not line up exactly with the
start of the following fragment, abort or else we will leave uninitialized gaps
in the resulting buffer.
Bug: 11436
Change-Id: I4cd05c1a9ac4404bf70a3945f80b12f7bf5f74ee
Reviewed-on: https://code.wireshark.org/review/9983
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Icea1659395d7bc16e367b74a695586926b33149b
Reviewed-on: https://code.wireshark.org/review/9968
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I36a3d15a4fa86847a83d1dbea40111d36d7cfd61
Reviewed-on: https://code.wireshark.org/review/10036
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes some issues with use-after-free when reload Lua plugins.
Change-Id: I63f3fd9ebe8a19008f560e72067f2078f5eaf759
Reviewed-on: https://code.wireshark.org/review/10026
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Fix heuristic checks to handle sliced packets correctly. "Correctly"
means "fail the heuristic", as the heuristic checks every single byte of
the putative Ixia trailer, as one thing it does is check the checksum,
which is in the last 2 bytes of the trailer and checks everything before
it. So just return 0 if the full trailer isn't part of the captured
data.
Try to handle being handed a tvbuff that contains an FCS by looking at
the putative "magic number" locations where it would be if the tvbuff
didn't include the FCS and, if that doesn't match, where it would be if
it *did* include the FCS. If the former doesn't match but the latter
does, assume that means it does include the FCS, and do all other
processing under that assumption.
Clean up some comments.
Fix an hf_ variable name to match the field name, and put the tvbuff
value fields in the order of their types.
Don't fail if the field length is 0 - it's a value length, so it could
in theory be 0. Rely on the length checks for individual types to catch
problems.
Change-Id: Idc834aa6637cfbbafd6499060a007e720378154e
Reviewed-on: https://code.wireshark.org/review/10024
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Ixia trailer is a variable-length sequence of TLVs followed by some
fixed-length fields. Describe it as such.
Realign some #defines while we're at it.
Change-Id: I5fc45a1d44978f1dc1f13e7098c3f797838db7b3
Reviewed-on: https://code.wireshark.org/review/10022
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Protocol is TLV protocol and with this change I add one more field to it.
It is entire backward compatible.
Format is as follow:
Fields Trailer Length 0xAF12(Signature) Trailer Checksum
The fields portion of the trailer is a series of 2-byte fields followed by variable
length data. The first byte indicates the field type, the 2nd byte indicates the
field length. The values supported are listed below:
1 Reserved (Original Packet Size)
3 Timestamp (From Local Timebase)
4 Timestamp (From NTP source)
5 Timestamp (From GPS)
6 Timestamp (From 1588)
7 Timestamp (From Holdover)
Change-Id: I0a3b31cfbc5b6273e1f5326d9841e449735967fe
Reviewed-on: https://code.wireshark.org/review/9854
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Change-Id: I1e6bf52fad1b1fffefc174a557ff836f400e8fd7
Reviewed-on: https://code.wireshark.org/review/9996
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Essentially: Do the version checks at compile time using
#if statements (even though the compiler
probably optimized out the run time checks).
Change-Id: I4879b39729ba5bd6b1c478ac43c107cb9fb445b3
Reviewed-on: https://code.wireshark.org/review/10006
Reviewed-by: Bill Meier <wmeier@newsguy.com>
[...]\packet-pdc.c(205) : fatal error C1001: An internal error has occurred in the compiler.
(compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 246)
To work around this problem, try simplifying or changing the program near the locations listed above.
Please choose the Technical Support command on the Visual C++
Help menu, or open the Technical Support help file for more information
INTERNAL COMPILER ERROR in 'C:\Program Files\Microsoft Visual Studio 14.0\VC\BIN\cl.EXE'
Please choose the Technical Support command on the Visual C++
Help menu, or open the Technical Support help file for more information
Change-Id: I505898d0c76244a56d75af1a1c5bf30554dd9a2b
Reviewed-on: https://code.wireshark.org/review/10005
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Add RpcServiceResponseTimeDialog, which handles DCE-RPC and ONC-RPC
service response time statistics. Try to make it as lightweight as
possible, since we might want to pull this into the RPC dissectors
similar to the other SRT statistics.
Allow program names on the command line in place of numbers or UUIDs. Make
matches case-insensitive. E.g. the following are equivalent:
-z rpc,srt,100003,3
-z rpc,srt,nfs,3
-z rpc,srt,NFS,3
as are the following:
-z dcerpc,srt,f5cc5a18-4264-101a-8c59-08002b2f8426,56
-z dcerpc,srt,nspi,56
-z dcerpc,srt,NSPI,56
Change-Id: Ie451c64bf6fbc776f27d81e3bc248435c5cbc9e4
Reviewed-on: https://code.wireshark.org/review/9981
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is functions used when redissecting after a Lua plugins reload.
Change-Id: Ida14526faec1992006938a6732ee894ac83c2d12
Reviewed-on: https://code.wireshark.org/review/9995
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I7a7778802c442b254626a7676cb74ca2855fa65e
Reviewed-on: https://code.wireshark.org/review/9977
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always set is_removed when insert data in a node.
Change-Id: I8fb50932a369e3f4fe8a1f743462683fff705cc2
Reviewed-on: https://code.wireshark.org/review/9978
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This will allow integer value 0 again.
Change-Id: Ibfa4249ea8b887971d3b3214ad9e4d095d20d155
Reviewed-on: https://code.wireshark.org/review/9973
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
to 0.
Change-Id: I837bf8ac9d5724dd485f0bc62f3fe32bedd3eb0e
Reviewed-on: https://code.wireshark.org/review/9970
Reviewed-by: Anders Broman <a.broman58@gmail.com>
==5932== 33 (32 direct, 1 indirect) bytes in 1 blocks are definitely lost in loss record 2,124 of 4,121
==5932== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==5932== by 0xA024F30: g_malloc (gmem.c:159)
==5932== by 0xA03A9E5: g_memdup (gstrfuncs.c:384)
==5932== by 0x70754D2: gp_init_zbee_security (packet-zbee-nwk-gp.c:1459)
==5932== by 0xA03A78C: g_slist_foreach (gslist.c:840)
==5932== by 0x67E867C: init_dissection (packet.c:249)
==5932== by 0x67DC202: epan_new (epan.c:160)
==5932== by 0x414B16: cf_open (tshark.c:2464)
==5932== by 0x40CF8A: main (tshark.c:2169)
Change-Id: I7c0ce0717957525ca18eb4888ed3389debc89a49
Reviewed-on: https://code.wireshark.org/review/9967
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I81b46ec7d9d919ff2779d1005063e9ef6c92e097
Reviewed-on: https://code.wireshark.org/review/9966
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ib0f4cc47ede7b840cba38ecad04bd17bb6bccd55
Reviewed-on: https://code.wireshark.org/review/9965
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It's not clear that the decryption code can handle an incomplete
payload. If it can, please fix this (bear in mind that you won't have
all the MIC, and may not have *any* of the MIC, so...).
Bug: 11389
Change-Id: Ie863ddc5c4aa7fbf6cde317823a413d226a41c0d
Reviewed-on: https://code.wireshark.org/review/9954
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the captured length to know how much data to decrypt. Use the
reported length to determine whether we have a null payload and to se
the reported length of the decrypted payload and of tvbuffs for the
un-decrypted payload.
Bug: 11389
Change-Id: I4395c5a48c16110fcf31b611b99749c61000d489
Reviewed-on: https://code.wireshark.org/review/9953
Reviewed-by: Guy Harris <guy@alum.mit.edu>
==17992== 4 bytes in 1 blocks are definitely lost in loss record 68 of 4,102
==17992== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==17992== by 0x9FB2F30: g_malloc (gmem.c:159)
==17992== by 0x9FC89E5: g_memdup (gstrfuncs.c:384)
==17992== by 0x703F977: dissect_zbee_aps (packet-zbee-aps.c:1300)
==17992== by 0x67B4F1E: call_dissector_through_handle (packet.c:618)
==17992== 8 bytes in 1 blocks are definitely lost in loss record 580 of 4,102
==17992== at 0x4C272B8: calloc (vg_replace_malloc.c:566)
==17992== by 0x9FB2F88: g_malloc0 (gmem.c:189)
==17992== by 0x703F962: dissect_zbee_aps (packet-zbee-aps.c:1299)
==17992== by 0x67B4F1E: call_dissector_through_handle (packet.c:618)
second version that uses glib memory routines and does not mix
g_hash_table and wmem
remove an obsolete comment and an unnecessary return; while at it
Change-Id: I2e92db0613f01b6c3009e8ad82ceb65a87cba12e
Reviewed-on: https://code.wireshark.org/review/9830
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While I was at it, some (mostly) duplicate functionality allowed rearranging of functions to eliminate most forward declarations.
Change-Id: I2d7027d336c391d81dfe81c7a1ebf0d56c0826b2
Reviewed-on: https://code.wireshark.org/review/9951
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
this length is used for allocating a buffer and for crypto calculations
we should use the bytes that were actually captured, not the reported
length
the capture in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389
has one packet with a stupidly large reported length and a reasonable
capture length (and one completely bogus packet) - this fix ensures that
the decryption does not break for the former packet
also, tvb_reported_length_remaining() does not return values < 0 any
more, remove the check for this
Bug: 11389
Change-Id: I42cb4526483160416b51e3cb72442148b5fac4f3
Reviewed-on: https://code.wireshark.org/review/9950
Reviewed-by: Anders Broman <a.broman58@gmail.com>