The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prefer:
- html (rather than txt)
- https
Also includes the script check_dissector_urls.py,
that can be used to find links in code and test them.
Change-Id: Iafd8bb8948674a38ad5232bf5b5432ffb2b1251b
Reviewed-on: https://code.wireshark.org/review/36821
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This codepoint was not registered in RFC 7858, but requested later by
Jon Reed at 2019-12-12, in "[dns-privacy] ALPN protocol ID for DoT":
Tne primary use case we have is supporting both DoT and DoH on port
443, when port 853 is blocked between clients and the servers (this
is by mutual agreement, as discussed in RFC 7858 § 3.1).
Change-Id: Ic993023eedf6f40565a208033703aa1575710c17
Reviewed-on: https://code.wireshark.org/review/36151
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Following commit c397adda8a there was some missing change
* Some `cur_offset += name_len` instead of `cur_offset += used_bytes`
* Some missing format_text
I took a look at the code after observing a bug with RRSIG record.
The signature in RRSIG was dissecting with some strange offset.
You can easily generate some pcap with those commands
delv @1.1.1.1 A www.cloudflare.com
and/or
dig @1.1.1.1 +dnssec www.cloudflare.com
Change-Id: Ibd6a6248b7497b8409d7797dc320035c8c2d1ed8
Reviewed-on: https://code.wireshark.org/review/36080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use same format for "Time to live" as for other ttl values by
appending the time_secs_to_str() output to the number of seconds.
Ping-Bug: 16263
Change-Id: Ie55bbf27bf9c44554d391b395d23c478ad401d98
Reviewed-on: https://code.wireshark.org/review/35358
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Display time to live as formatted by unsigned_time_secs_to_str().
This was removed in g42c52d8612 but the commit message for that change
was "Add more filterable fields around EDNS(0)", with no indication
of this change.
Bug: 16263
Change-Id: Ic21f4a4b18d15efbd770c708e37d6e0c15eee6ce
Reviewed-on: https://code.wireshark.org/review/35355
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See RFC 2181, section 8 (and RFC 1035 erratum 2130, which notes that
section 3.2.1 says the TTL is signed but section 4.1.3 says it's
unsigned); RFC 2181 section 8 says "unsigned, but avoid sending values
that have the uppermost bit set, and treat values with the uppermost bit
set as a value of 0". (STD 13 = RFC 1034, the "concepts and facilities"
DNS RFC, plus RFC 1035, the "implementation and specification" DNS RFC.)
Change-Id: I9be6ac4f190f62dafbc45d1923a95f8f21306a7d
Reviewed-on: https://code.wireshark.org/review/35343
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those generated fields are linked to the dns.qry.name field, so highlight
the same bytes.
Bug: 15999
Change-Id: Ia989b79a9ec14140472b79fdf7acea6e67baee68
Reviewed-on: https://code.wireshark.org/review/34299
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Items as SSIG, NSEC and DNSKEY had no descriptive. Add these.
Bug: 15970
Change-Id: I95916e628505c227338346c7aca8ae2dd5050f95
Reviewed-on: https://code.wireshark.org/review/34256
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This keeps it in the same resolution as the dns.time field.
Ping-Bug: 15382
Change-Id: Ibacf8761819c0fac2e87fa147f7381336ce5cb39
Reviewed-on: https://code.wireshark.org/review/31223
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4234
Change-Id: Ibd59809b2dd9890a7851eb57ef7af384e280a74b
Reviewed-on: https://code.wireshark.org/review/31222
Reviewed-by: Michael Mann <mmann78@netscape.net>
The stat tree API only supports 32-bit integers and if nanosecond resolution
is used correctly it's easy to hit integer overflow issues on even a fairly
small capture file trying to sum up response times.
Bug: 15382
Change-Id: I15d2cfbdbec7b0bef2bcfe1afe4f6eb6fc1d2456
Reviewed-on: https://code.wireshark.org/review/31217
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Handle DoH messages specially, use the HTTP/2 Stream ID for matching
requests with responses. Fixes misleading "retransmission" expert infos
and properly link (successive) requests with (out-of-order) responses.
Change the "Protocol" column to "DoH" while at it.
Change-Id: I42b22c5c8560ee029051dcb3561e188572a4245f
Ping-Bug: 14433
Reviewed-on: https://code.wireshark.org/review/29889
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is required for the latest version. The message type "dns/message"
was briefly used in draft -06, but it was changed in the next version.
Change-Id: If26e367b71b7e270cad2f61eaee76041f530273c
Ping-Bug: 14433
Reviewed-on: https://code.wireshark.org/review/29887
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"maxname" is the size of the buffer which also includes the "null
label" (represented by the NUL byte). Do not write this past the end.
Bug: 14955
Change-Id: I51e2237741807aded7ffb82c178d7d7ce5123f78
Fixes: v2.9.0rc0-1142-g53e04b621c ("DNS: fix in expand_dns_name")
Reviewed-on: https://code.wireshark.org/review/28657
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Erika Szelleová <szelleerika@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).
Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.
Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC1035 there are limitations on the maximum length of DNS
names. The maximum length in the code was defined as 1025, this commit
changes it to 255. Also a new macro is introduced which holds the
minimum length of a DNS name.
Bug: 14041
Change-Id: Ic63b332b2a357e33728df183c05ab0e222faf13f
Reviewed-on: https://code.wireshark.org/review/28309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Per RFC 2782, the name should follow the "_Service._Proto.Name" format.
If a malformed packet does not adhere to this and provides a zero-length
name, then wmem_strsplit returns NULL.
Bug: 14681
Change-Id: I7b9935238a9800a1526c8b694fd2c63d3b488d0b
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7416
Reviewed-on: https://code.wireshark.org/review/27499
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The expand_dns_name() function is not used outside of the DNS dissector
(any more?). Remove the function declaration from the public header
file, make the function internal.
Change-Id: Ibba81fa68a0dfd195ca3bbfca3eca20c39cc01f4
Reviewed-on: https://code.wireshark.org/review/26698
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should squelch a warning from Visual Studio Code Analyzer.
Change-Id: Ie66e45276458a6f880c9b020ff541b7d2a71433a
Reviewed-on: https://code.wireshark.org/review/26184
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for POST requests, and GET and POST responses containing a
DNS (UDP) payload. GET requests are still unsupported.
(DOH is sent over HTTP2/TLS/TCP which means that a special check is
needed in dissect_dns to avoid matching DNS over TCP).
Change-Id: I82bfcda068baf6f06c5a0159d73e6d40d1d9a758
Ping-Bug: 14433
Reviewed-on: https://code.wireshark.org/review/25806
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This means we don't lose alignment information that causes spurious
compiler warnings.
Change-Id: I721f180c137bcffbcf7edf88cf8caf52c33fa545
Reviewed-on: https://code.wireshark.org/review/25842
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a preference to the DNS dissector to specify how many seconds can
elapse before a DNS query is considered a retransmission because the
transaction ID is shared with a previous request.
If retransmission is found, add expert info and hf_ field linking to
the original request.
If a retransmission of a response is found, add expert info and hf_ field
linking to the original response.
Bug: 14178
Bug: 13313
Change-Id: Idd77ab7f7638f5056d5690633c787a4d52285aee
Reviewed-on: https://code.wireshark.org/review/24525
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It avoids leaking memory in case an exception is thrown during
dissection
Change-Id: Iab72bcb4cc1ac56e7ce5ff2693e3111aead03e7d
Reviewed-on: https://code.wireshark.org/review/23464
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1bb25125d9bd7b62b5784bd43d933dc5ff13987c
Reviewed-on: https://code.wireshark.org/review/23005
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for draft-bellis-dnsop-xpf to the DNS dissector:
- Parse the XPF additional RR (currently using a temp value of 65422)
Bug: 13928
Change-Id: I2d4fa23a8d3828db483bc41fafe6cbd8885514dc
Reviewed-on: https://code.wireshark.org/review/22803
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>