ETSI TS 24.380 section 8.2.3.4 specifies that:
"The <Reject Phrase> value is a text string encoded the text string
in the SDES item CNAME as specified in IETF RFC 3550."
This does not mean that SDES tipe and length files are necessary,
only applies in the enconding of the text string.
Instead of letting the model do the filtering and having
a bunch of exceptions in cases where columns are hidden
in between other columns, the model will present all columns
all the time, and it is the job of a top-level proxy to
filter out columns not required for current display
Make the default UI layout "packet list on top, packet detail and bytes
side by side". This is more space efficient on modern displays and is
the first thing I change when using the default profile.
Set our idle dissection single-shot timer to 0, i.e. whenever the Qt
event loop can fit us in. This fixes a performance issue here with
libsinsp and doesn't appear to cause any issues otherwise.
After parsing a Topology Descriptor at the start of a request
or reply command, reset the left and right bracket counters
before going back to the top of the loop to parse the next
command, just like how done at the end of the while loop with
a normal command.
Prevents marking as malformed packets which have a Topology Descriptor
followed by a single command (e.g. Move) without any trailing
descriptors, and hence no more left brackets.
Add a numeric address type analog to StringZ for
protocols who only use numeric values as addresses
with no further handling.
e.g. IAT protocols which only enumerate the devices
Since the endpoint_by_id code uses elements and not the old
endpoint structure, it shouldn't set pinfo->use_endpoint to
TRUE when creating, and it should check if pinfo->conv_elements
is NULL, not pinfo->conv_endpoint.
When the field width was corrected by commit
b240d5baa0, the masks got messed
up. There's 4 reserved bits that don't have fields and the bits
are in Little Endian order. Fix#18132.
Don't require there to be at least two values in a packet for
a dissector table in order to have a combobox instead of a single
text box.
While perhaps having an editable combobox with only one drop down
option looks a bit funny, that is outweighed by the UI advantages
of being able to easily select the values that occur in the packet.
This makes it possible to change the dissector for the currently
selected packet's IP protocol or Ethertype when those are not the
last protocol layer without having to type it in manually, for
example.
Trying to parse LUS and LNS files if the protocol version
was "A1" led to them being marked as a malformed packets.
THis is because protocol version A1 LUS and LNS files do
not have the exception timer field. So to fix it, we check if
the protocol version is not A1, and only if it isn't do we try to
parse the exception timer field.
Some lines in Acknowledgements are mistakenly matching the regular
expression to capture authors and email addresses, resulting in
bogus authors entries.
Stop matching authors after we reach the Acknowledgements section.
This matches the structure of the AUTHORS-SHORT file and fixes the
bogus entries.
Because completed reassemblies are hashed in the reassembled_table for
all the frame numbers that contributed fragments,
fragment_get_reassembled_id() works wherever fragment_get_reassembled()
does, and also works where the fragment id is not the frame number.
However, since the reassembled_table hash key only depends on the
fragment id and the frame number, it only allows a frame to have
one reassembly with a given fragment id. Some protocols can have
more than one reassembly with a given fragment id (that differ on
addresses or other keys), such as GSM SMS, and the wrong reassembly
is retrieved on the second pass in those cases.
For this reason, we might want to add additional key elements to
reassembled_table, such as layer number. fragment_get_reassembled_id
already takes packet_info as a parameter and can accommodate that
without further changes, but fragment_get_reassembled cannot, so
remove the latter in favor of the former.
If we get into the dissect_tftp call, we must have either matched
a WRQ/RRQ at some point and created a wildcarded UDP conversation,
or we matched the TFTP port. While it is contrary to the spirit
of RFC 1350 for the server not to switch ports, it basically works
and the port is IANA assigned, so it doesn't do harm to process these.
In the heuristic dissector, of course, we don't do this.
The conversation code doesn't automatically fill in wildcarded
ports for UDP (since it's connectionless), and the wildcarded
find_conversation call in the TFTP dissector was twisted around
so it didn't actually fill in the second port before anyway.
Filling in the server port would make sense, but then the necessary
logic to find the right conversations would be more complicated.
(The default find_conversation logic prefers any conversation with
both ports to a wildcarded conversation, but the TFTP dissector would
then want the most recent conversation, whether wildcarded or with
both ports.)
These packets were handled prior to the 3.6 changes. Fix#18122
Unlike most of the FC fields, Track info participant type string file
padding is not considered in the dissector. This causes that all the FC
message dissection fails the string contains padding.
According to ETSI TS 24.380 Section 8.2.3.13:
If the length of the <Participant Type> value is not a multiple
of 4 bytes, the <Participant Type> value is padded to a
multiple of 4 bytes. The value of the padding bytes is set to zero.
The padding bytes are ignored by the receiver.
João Valverde