Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
v1: TS 29.060 7.3.2: A PDP context has not been created in the GGSN if the
Cause differs from "Request accepted", "New PDP type due to network
preference" or "New PDP type due to single address bearer only"
v2: TS 29.274 8.4: Acceptance in a Response / triggered message:
"Request accepted", "Request accepted partially", "New PDN type due to
network preference" and "New PDN type due to single address bearer only"
Change-Id: I8d3b2fc3c35e4a3e3d281cf0e5c97f084616a05d
Reviewed-on: https://code.wireshark.org/review/27093
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Try to read up to 3 pcap records, making the value a #define so that we
can crank it up if necessary.
Bug: 14595
Change-Id: Ie9d62a1763fe7d1d46fdd8781691ea975770f3d7
Reviewed-on: https://code.wireshark.org/review/27111
Reviewed-by: Guy Harris <guy@alum.mit.edu>
offset has to be volatile, as it's used in a loop that involves the
setjmp/longjmp-based TRY mechanism.
Instead of passing pointers to the offset to routines that dissect
headers, have the routines take the offset as an argument and return the
updated offset, to avoid having to mark said pointers as pointing to a
volatile variable.
Update comments while we're at it.
Change-Id: I3058a4e6a736c234ad7508521c9fe9da358b6096
Reviewed-on: https://code.wireshark.org/review/27109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From compilation log:
epan/ipv4.h:19:10: fatal error: 'wsutil/inet_ipv4.h' file not found
tools/oss-fuzzshark/fuzzshark.c:27:10: fatal error: 'version_info.h' file not found
Change-Id: I3e147e014ae398ae07e64aec5a6535a8f9e357a3
Reviewed-on: https://code.wireshark.org/review/27076
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even though these are (currently) implemented in the enip dissector,
these conversations are actually for different types of CIP connections.
This changes makes it obvious to CIP users/developers what these are.
EtherNet/IP (enip) is mainly the encapsulation layer that allows CIP to
function on Ethernet.
Change-Id: I760f832026e35aec412d51d80e85a997b341e0b4
Reviewed-on: https://code.wireshark.org/review/27086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DOXYGEN_* variables which we use to create doxygen.cfg are native
paths and are not compatible with Cygwin. We could try to make them
compatible, but given that we're trying to migrate away from Cygwin set
"DOXYGEN_EXECUTABLE" to "DOXYGEN_EXECUTABLE-NOTFOUND" if "cyg" is anywhere
in its path.
Add the wsar_html* targets to "Docs" and exclude them from Visual Studio's
default build.
Change-Id: Id23a3c43a9f4f1edb2d827bbf36a3a7eb64f0212
Reviewed-on: https://code.wireshark.org/review/27100
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Strawberry Perl ships with xsltproc but no DocBook XML files, which will
break the User's and Developer's Guide targets. Set XSLTPROC_EXECUTABLE
to XSLTPROC_EXECUTABLE-NOTFOUND if "strawberry" is anywhere in its path.
Change-Id: I070eaa247a24a1a79fcdb01256dd5812aa8f6fa8
Reviewed-on: https://code.wireshark.org/review/27101
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For optional tags that act as a boolean, their presence is sufficient
and not need to set a value after them.
Change-Id: I3b4a6bbbdacf1a008e8df90a20c4eede4b0db1bd
Reviewed-on: https://code.wireshark.org/review/27095
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the calculated packet length in the header is bigger than the actual
packet length value from the header, reject the packet.
Change-Id: I86cb24c66ee0d6fd2ed6f9240d44c1adc5f0bf91
Reviewed-on: https://code.wireshark.org/review/27087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It reads better, at least to me.
Change-Id: I4b11449ea32d77e95bfbc54029b7afed7ea17c64
Reviewed-on: https://code.wireshark.org/review/27081
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit fixes the bug in the EtherCAT dissector for the FoE
mailbox type. With this commit, the dissector displays the
either foe_efw or foe_data in the ECAT_FOE_OPMODE_DATA,
and not both of them as until now.
Bug: 14613
Change-Id: I09fc569f5adc5665c64653087c475f7f1d94639a
Reviewed-on: https://code.wireshark.org/review/25336
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
On Ubuntu 16.04, and possibly other versions of Ubuntu, and on Debian
and other Debian derivatives, packages for MIT and Heimdal Kerberos can
both be installed at the same time - including developer packages.
Collisions between headers and libraries are handled by putting them in
subdirectories of the system include and library directory and having
their .pc files add -isystem flags to point to the appropriate include
directory and -L flags to point to the appropriate library directory.
CMake's pkg-config support, however, only looks for -I flags, not
-isystem flags, in pkg-config output (using --cflags-only-I), so it
doesn't get the directory in which to look for the headers, and just
uses the results of --libs-only-l to get a list of library names and
does nothing with the results of --libs-only-L, causing it not to look
for libraries in the directory in which to look for the libraries.
We fix this by:
If FindKERBEROS.cmake found Kerberos with pkg-config, have it set
KERBEROS_DEFINITIONS to the "other" compiler flags, which includes the
-isystem flag.
For all packages, adding the <PACKAGE>_DEFINITIONS values to
CMAKE_C_FLAGS and CMAKE_CXX_FLAGS so that they're used when compiling.
If FindKERBEROS.cmake found Kerberos with pkg-config, having it search
for each of the libraries in KERBEROS_LIBRARIES using find_library()
with KERBEROS_LIBDIR and KERBEROS_LIBRARY_DIRS as hints, and
re-assembling the resulting full paths into KERBEROS_LIBRARIES.
Change-Id: Ie18b56b76934f542bd12dc737631c0190026d18a
Reviewed-on: https://code.wireshark.org/review/27071
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The radiotap HE-MU header is being completely reworked and likely expanded
in size. There are likely very few captures at the moment with such radiotap
headers. Rather than ripping the code out and seeing problems in the future
I have attempted to warn people who encounter such captures that they need
to upgrade. The standard will settle out soon.
Change-Id: I69eea20e2e65197a837a48706f9bcdddbbe42a63
Reviewed-on: https://code.wireshark.org/review/26995
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those two files were used only by autotools.
Change-Id: I7ef188f1d29fb43848fe577dbd8ff8d2962eda94
Reviewed-on: https://code.wireshark.org/review/27065
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The command ID was passing the value of the cmd_id instead of the
encoding for the proto_tree_add_item. This caused an issue with the
color control cluster where it wasn't parsing the command ID properly.
Change-Id: Iee42031146e37bb96182f765e79de47f6e4b5a04
Reviewed-on: https://code.wireshark.org/review/27064
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This puts more distance between the caller and the underlying
library. At the moment we're using libjsmn, but other libraries
(like json-glib) could be used.
Change-Id: I1431424a998fc8188ad47b71d6d95afdc92a3f9e
Reviewed-on: https://code.wireshark.org/review/27055
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu
Harald Welte