Fix regression due to different dissector function called.
Change-Id: Ibf3bfc5ac1cb740e71afa89018d57808c418cdab
Reviewed-on: https://code.wireshark.org/review/37638
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As this message does not include the Handover Type IE, let's use the
dissect_target_ng_ran_container_as preference
Change-Id: If220e22ee9cfb6ef0c794ff0f1bd6d75a0fdcf88
Reviewed-on: https://code.wireshark.org/review/37636
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This feature introduced in V15.5.0 allows to have up to 15 DRBs by
adding LCID 32 to 38
Change-Id: I4442e26d115efe484eda4f2d8921483cf4278b99
Reviewed-on: https://code.wireshark.org/review/37462
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
FreeBSD defines constants such as KRB5_KU_USAGE_ACCEPTOR_SEAL
as part of the krb5_key_usage struct. Having such a defines
causes a clash that breaks the compilation. The struct needs to be
included first.
Error:
In file included from ./asn1/kerberos/packet-kerberos-template.c:413:
/usr/include/krb5.h:255:5: error: expected identifier
KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
^
./asn1/kerberos/packet-kerberos-template.h:22:41: note: expanded from macro 'KRB5_KU_USAGE_ACCEPTOR_SEAL'
#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
^
Change-Id: Ic241f2b6a2c01e7bd6c84d05e509f12e738ab2ac
Reviewed-on: https://code.wireshark.org/review/37358
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
FreeBSD shows a combination of define cases that make the function
missing_encryption_key unused. Put it in the right define scope.
Change-Id: Icf226f134ffa7624a7daf709c302c29acfffe95e
Reviewed-on: https://code.wireshark.org/review/37360
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
You are in a twisty little maze of #ifdefs, all different.
Change-Id: I4c82efe27e840919c7bf19a035abe90cd84e0fbd
Reviewed-on: https://code.wireshark.org/review/37367
Reviewed-by: Guy Harris <gharris@sonic.net>
- Some redundant assignments or tests.
- Some declarations were changed to match definitions in terms of
including _U_ for the same parameters
- Some parenthesis added/changed to made precedence more obvious
epan/color_filters.c:533: style: Variable 'name' is reassigned a value before the old one has been used.
epan/color_filters.c:534: style: Variable 'filter_exp' is reassigned a value before the old one has been used.
asn1/tcap/packet-tcap-template.c:2199: warning: Function 'dissect_tcap_ITU_ComponentPDU' argument order different: declaration '_U_, tvb, offset, _U_, tree, _U_' definition '_U_, tvb, offset, actx, tree, _U_'
epan/dissectors/packet-aim.c:2546: warning: Function 'dissect_aim_tlv_value_icq' argument order different: declaration 'ti, subtype, tvb, _U_' definition 'ti, _U_, tvb, pinfo'
epan/dissectors/packet-arp.c:1133: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1143: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1158: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1168: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-gtpv2.c:5997: warning: Function 'dissect_gtpv2_mbms_service_area' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6291: warning: Function 'dissect_gtpv2_mbms_time_to_data_xfer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6369: warning: Function 'dissect_gtpv2_epc_timer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, message_type, _U_, _U_'
epan/dissectors/packet-knxip.c:2939: style: Condition 'mac_error' is always false (just added comment)
epan/dissectors/packet-mac-lte.c:4386: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-nas_5gs.c:1828: style: Variable 'nas5gs_data->payload_container_type' is reassigned a value before the old one has been used. (noted confusing recursion)
epan/dissectors/packet-rpcrdma.c:587: warning: Identical condition 'offset>max_offset', second condition is always false
epan/dissectors/packet-rsl.c:2098: style: Assignment of function parameter has no effect outside the function.
Change-Id: Ib5c9a04cfb6e6233972bc041434601c8ef09c969
Reviewed-on: https://code.wireshark.org/review/37343
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Error:
./asn1/kerberos/packet-kerberos-template.c:109:2: error: unknown type name ‘enc_key_t’
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_EncryptionKey’:
./asn1/kerberos/kerberos.cnf:386:7: error: unused variable ‘start_offset’ [-Werror=unused-variable]
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_authenticator_subkey’:
./asn1/kerberos/kerberos.cnf:406:42: error: ‘save_Authenticator_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_authenticator_subkey’?
./asn1/kerberos/kerberos.cnf:406:42: note: each undeclared identifier is reported only once for each function it appears in
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encTicketPart_key’:
./asn1/kerberos/kerberos.cnf:445:42: error: ‘save_EncTicketPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encTicketPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encKDCRepPart_key’:
./asn1/kerberos/kerberos.cnf:435:42: error: ‘save_EncKDCRepPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encKDCRepPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encAPRepPart_subkey’:
./asn1/kerberos/kerberos.cnf:416:42: error: ‘save_EncAPRepPart_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_encAPRepPart_subkey’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_krbCredInfo_key’:
./asn1/kerberos/kerberos.cnf:455:42: error: ‘save_KrbCredInfo_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_krbCredInfo_key’?
cc1: all warnings being treated as errors
Change-Id: Ib9e38c3d745dd8a12ac8e4691918770a8b876727
Reviewed-on: https://code.wireshark.org/review/37313
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This improves the performance a lot if you have a keytab with a lot of
entries (e.g. for a whole domain).
GSSKRB5 decryption should only try the subkey of the AP-Rep.
We could further optimize this and remember the key
on the cenversation after the first success, but
that's for another day.
Change-Id: I405e41e7d90073d569fcbeec4b4188453a251000
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37323
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4d4014c6def44144461497ad4d92b9f32b4d3140
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37322
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have completely separate definitions of krb5_fast_key(); the one used if
we don't have krb5_c_fx_cf2_simple() declares *all* parameters as
unused, as it's a stub routine.
Change-Id: I828c8d8f60634fcf537c2822f1a1c5db33ea2798
Reviewed-on: https://code.wireshark.org/review/37321
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We already know about the top level message type.
So we only need an autodetection for the TGS-REP.
We could also avoid that, but that would need state to
match TGS-REQ with TGS-REP.
But if we client used FAST and we got a strengthen_key,
we're sure an authenticator subkey was used.
Windows don't use an authenticator subkey without FAST,
but heimdal does.
For now try 8 before 9 in order to avoid overhead and false
positives for the 'kerberos.missing_keytype' filter in pure
windows captures.
Change-Id: If974dda735cd2aa5b1920c26309e5e2081723e4f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37299
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28bdf176818401c1e4e6ef15cf808e502fcf4989
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already know a few details in order to avoid the autodetection.
This avoids overhead and false positives for the
'kerberos.missing_keytype' filter.
Change-Id: I8a15fa41d2a56df3fb26de046a401bf43a876b79
Reviewed-on: https://code.wireshark.org/review/37298
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's useful to see which decryption keys are missing!
The "kerberos.missing_keytype" filter can be used to find all of them.
It's also useful to see which key_map was is in used
and how many decryption attempts were tried.
This should also allow future optimizations in
order to avoid decryption attempts based on the usage
and more detailed key maps.
Change-Id: Ie0302454e29a65aa00ddac79839aac8ec63fa290
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37297
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently this is only available for MIT Kerberos, but it
should be possible to implement the same using
krb5_crypto_fx_cf2() from Heimdal.
Change-Id: Ic3327dfde770f9345485bf97e2ac6045b909b64e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36472
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This gives a useful overview.
Change-Id: I39aaa8cf5de6fa3788c674355675873f2212b78f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37292
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way we can avoid zero_private on the stack.
Change-Id: Iea7ed7e1cd6d0616b0e72aeff489549efd13e4f4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37291
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it easier to match them.
Change-Id: I29b9d69415d82a1ea7df275a89a413c2fd460b1f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37289
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For now we use kerberos_all_keys, but in future we may select the
map based on passed usage.
Change-Id: I1f29e97aa60a41be3694b75bc4353b3a5dae0eae
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37288
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will be used temporary in order to replace
enc_key_list until we maintain/use separate lists.
Note that this will use wmem_file_scope(), but it
will get the longterm keys filled in when needed.
In the long run, we'll use more detailed lists
and use optimizations depending on the key usage.
Change-Id: If654dcfbc9ec8742eadbbb82b97a23fe8403022d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37287
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Here it's enough to try longterm keys from the keytab.
Change-Id: I4d98fd7aa456c5cf2ca175cdcefc0ad1a4a8be2d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will replace enc_key_list in the long run,
but will hold only keytabb entries, as that's what
the consumers outside of packet-kerberos.c are using.
Change-Id: Iba0436a0c1754232f0363cb1e9a905ac7c22986f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37285
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the long run we'll remove enc_key_list and use a wmem_map instead.
Change-Id: I50a0a32eea4cb21bf2bcb5e97ed8eab6b847a75d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37283
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With AES-256 we need 32 bytes, there's no need to use allocated memory.
Change-Id: Ibbb99523c00f167d0b4dce95f038707855964bde
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37282
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The id is relative to the frame number, -1 means "keytab".
A key with a lower value means it was learned before
a key with a higher value.
This will make it easier to match keys, between learning and using.
Change-Id: I7b44626b4724dbd541c4702e3b9aa9350d809b08
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the MIT/Heimdal case we'll add much more details in future,
this step just passed down the required information.
Change-Id: I8c2ef732a66ca63931ee0481952014b6c460e0d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37273
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This constructs more more useful origin names.
It also allows specific handling of each key type in future.
Change-Id: Ife959a39a0e5b3ef806c6f34f66128732b64536e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37272
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It makes it easier to see what is actually decrypted.
Change-Id: I6c1378f93d32dc31cedc6d901069fa9c30438d61
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37269
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IVIM decoding fixed where RSCUnit subtype with PER visible constraint is used, e.g. RSCUnit(0..1)
Change-Id: I2c15ef70ed9d89875737dd01769f6f882215276d
Reviewed-on: https://code.wireshark.org/review/37192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove the test on tree before decoding the PDU and display the message
name
Change-Id: I2e8d9000d6da4ef812bf84539c1dc32c8ae9e2a1
Reviewed-on: https://code.wireshark.org/review/37194
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Stop including glib.h in dissectors, this will come in implicitly with
packet.h including proto.h, an essential include file for dissectors.
While at it, config.h is no longer conditional and stdio.h is usually
not needed either. Some other cleanups too.
Change-Id: I60c12f16d7ef1e6398509293031ffed7460d2c61
Reviewed-on: https://code.wireshark.org/review/36969
Reviewed-by: Orgad Shaneh <orgads@gmail.com>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
There are at least two problems with the previous implemenation:
- The odd/even indicator was not used when dissecting the digits and
an additional 0 was displayed when location number has odd number of
digits.
- For International Numbers the correct NA is 4 and not 3 (national) and
for national numbers an incorrect country code is displayed.
Change-Id: If5bb143642205eab762fbccae28f131af28d89c0
Reviewed-on: https://code.wireshark.org/review/36720
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tomas Kukosa