I002/070 dissection is broken in two ways
- According to spec the name is "Plot Count Values"
- The bitfield for IDENT is interpreted incorrectly
Bug: 16663
Change-Id: I224a53bcecf11a3cbc98bfaa3533caf51bea21ec
Reviewed-on: https://code.wireshark.org/review/37615
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also simplify some boolean logic in packet-dcerpc.c.
All reported by cppcheck.
Change-Id: I2075f2ec10dc777ad7635da4ef056d17fc5b0be0
Reviewed-on: https://code.wireshark.org/review/37609
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Remove an "if(tree)" test in order to ensure that our offset always
advances.
Bug: 16029
Change-Id: I5bb38f2eccfbf3c44a06682a17aafcba9d8fa0c6
Reviewed-on: https://code.wireshark.org/review/37611
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace a couple of REPORT_DISSECTOR_BUG instances with
proto_tree_add_expert_format. This should hopefully keep the fuzz
builder from complaining.
Bug: 16597
Change-Id: I0ec281bf69244f339cdcbbe49632130f17124419
Reviewed-on: https://code.wireshark.org/review/37600
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pass Length=0 to proto_tree_add_item will cause get_uint_value
to throw error of 'Trying to fetch an unsigned integer with length 0'.
Change-Id: I0fb457d175b719517419291adaedef5cacc9544a
Reviewed-on: https://code.wireshark.org/review/37614
Reviewed-by: Zhenhua Hu <fattiger1102@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting response values with a non-zero status, the length
calculation was incorrectly using the entire bodylen and not the
actual value_len. This is likely due to an error in adding support for
flex_frame_extras, before which bodylen == valuelen.
Change-Id: I1d622bea582abcfafc5e97881d94fd7a7db6c80a
Reviewed-on: https://code.wireshark.org/review/37598
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Both of these opcodes can have XATTRs present in the binary
encoding. Add them to the set of opcodes for which we decode XATTRs.
Change-Id: Iee09c720dc4306b8e9c4ebb07673b2709f079a24
Reviewed-on: https://code.wireshark.org/review/37597
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding the CreateAsDeleted flag for subdocument
doc_flag.
Also add some Hello feature flags which were missing (VAttr and
Point-in-Time Recovery).
Change-Id: I7ae1b6e787ee038b5d0f1dbd416f3675eb3be697
Reviewed-on: https://code.wireshark.org/review/37593
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Accept changes in the Decode As dialog on Save and Ok even when the
Field or Current combox box still has focus.
Change-Id: I9d6277ff57714679b574756cbc6d4c4dcb06f8e2
Reviewed-on: https://code.wireshark.org/review/37580
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Always call decode_clear_all() when loading decode_as entries because
this function will create decode_build_reset_list based on entries that
has been changed from its original state.
Ping-Bug: 16635
Change-Id: Ib589d4bc863b680146063ad682398f6180125a38
Reviewed-on: https://code.wireshark.org/review/37582
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The decode_as_list is built at startup and contains all protocols
registered for "decode as". Do not clear this list on profile change,
only on exit.
Bug: 16635
Change-Id: I832a042327603ae0f01b10ab620fccc03d4fd3a3
Reviewed-on: https://code.wireshark.org/review/37579
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Allows using "netmon_802_11" in the DLT User table
Change-Id: I4e50751cb0daedbb351d7e668a9d55cecc409565
Reviewed-on: https://code.wireshark.org/review/37599
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Without this (particularly '.'), for some files it macro definitions cannot
be found the whole file is basically skipped.
Will make overall scan take quite a bit longer.
Change-Id: I7498b23ad9b27edd3a815c7fc51ef8501fa5a56a
Reviewed-on: https://code.wireshark.org/review/37567
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Undocumented data shitfing commands that operate in bitmode, MSB first,
and have both Write TMS and Read TDO bits set, do not seem to consume
the data payload. Do not dissect the data byte for these commands.
Treat MCU Host mode commands as Bad Command when in MPSSE mode. MCU Host
mode commands are recognized only in MCU Host mode. Add preliminary
support for MCU Host mode dissection.
Ping-Bug: 11743
Change-Id: I3046aab92f69e2e141cb5a23c68e844b24b6c2ca
Reviewed-on: https://code.wireshark.org/review/37566
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Cause specific fields belong to the 'Cause IE', so they should be
correctly displayed in the tree hierarchy.
Before this change:
0111 111. = Message discriminator: ip.access Vendor Specific messages (63)
.... ...0 = T bit: Not considered transparent by BTS
.111 0110 = Message type: ip.access DLCX INDication (0x76)
Channel number IE
Element identifier: Channel Number (0x01)
0000 1... = C-bits: Bm + ACCH (1)
.... .010 = Time slot number (TN): 2
Cause IE
Element identifier: Cause (0x1a)
Length: 1
0... .... = Extension: No Extension
.000 .... = Class: Normal event (0)
.000 1111 = Cause Value: normal event, unspecified (15)
After:
0111 111. = Message discriminator: ip.access Vendor Specific messages (63)
.... ...0 = T bit: Not considered transparent by BTS
.111 0110 = Message type: ip.access DLCX INDication (0x76)
Channel number IE
Element identifier: Channel Number (0x01)
0000 1... = C-bits: Bm + ACCH (1)
.... .010 = Time slot number (TN): 2
Cause IE
Element identifier: Cause (0x1a)
Length: 1
0... .... = Extension: No Extension
.000 .... = Class: Normal event (0)
.000 1111 = Cause Value: normal event, unspecified (15)
Change-Id: I9dc3a35dff19fc824b69f66ef137f0346247af3a
Signed-off-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-on: https://code.wireshark.org/review/37565
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Any private or vendor-specific options are not invalid, so mark them
as unknown. Move expert info to option entry. Add the unknown option
number to the item.
Change-Id: I567c397787d4afddffdca407a8c2e39db828ab83
Reviewed-on: https://code.wireshark.org/review/37562
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The matched entry is bubbled to the head of the list for
faster future search.
Change-Id: I47375515f43387adbe0652556c03f0979a8dbe85
Reviewed-on: https://code.wireshark.org/review/37395
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The LUA API provides the "set_color_filter_slot" function, but without
a corresponding "get_" function, it's very hard for two LUA dissectors
to co-exist without one overwriting any color filters set by the other.
It also looks like the documentation comment for
"set_color_filter_slot" had an off-by-one error, which I've corrected
as I was adding almost identical documentation for the new API.
Change-Id: Ic54d23be555ec12e1830bbe6f84a1b04d04fd4f0
Reviewed-on: https://code.wireshark.org/review/37511
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This item is different from USAGE_PAGE, the correct name is USAGE.
Change-Id: I22552391dc564184e5abf14456a94d06a6e7a908
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37556
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC8365 and draft-ietf-idr-tunnel-encaps-15 defines to use the
MPLS Label field to carry the VNI in the presence of a Tunnel
Encapsulation Extended Community specifying the use of a VNI.
This is the case for VXLAN and VXLAN-GPE tunnel types.
Bug: 16643
Change-Id: I4ffc8b024c2102b7fab4d7cb3dd1a5d69c569c12
Reviewed-on: https://code.wireshark.org/review/37551
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Libgcrypt enables decryption for so many protocols, be sure to warn
users when their Wireshark build is constrained due to an old version.
Previously a user on Ubuntu 16.04 was surprised that QUIC decryption did
not work even though the "minimum required" version was satisfied:
Found GCRYPT: /usr/lib/x86_64-linux-gnu/libgcrypt.so (found suitable
version "1.6.4", minimum required is "1.4.2")
Change-Id: Ief927b8892a6be9f994bdc65619a1236ca2f4fa7
Reviewed-on: https://code.wireshark.org/review/37552
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Relative sequence numbers work only with tcp.analyze_sequence_numbers
is enabled. Therefore we should also show relative seq numbers only
when both options are enabled.
Expert info for TFO works also only when tcp_analyze_seq is enabled.
Bug: 16604
Change-Id: I0a535c3c8b07a7a7d2c42761df49b5e8ac5b7563
Reviewed-on: https://code.wireshark.org/review/37469
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add EVPN to the set of SAFI's of the L2VPN AFI to dissect the
Net hop network address for.
Bug: 16644
Change-Id: Ib335e765907d72945a5e58e6e992f84b92f9f261
Reviewed-on: https://code.wireshark.org/review/37536
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Change-Id: I0571fde7704570b60c9cbd5d94826365ff35abe0
Reviewed-on: https://code.wireshark.org/review/37546
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Also, remove a comment leftover from an earlier uncommitted version of
these changes.
Change-Id: I0990a186bc280e11a6d0fda05748f5871fb227f1
Reviewed-on: https://code.wireshark.org/review/37542
Reviewed-by: Guy Harris <gharris@sonic.net>
Add to the GUID type a bitmask that indicates which fields have been
filled in; start it out as 0, and then set bits in it as fields get
filled in.
Do not add a type mapping object to the hash table unless the GUID is
completely filled in, and don't look for a type mapping object in the
hash table with a GUID that hasn't been completely filled in as a key.
Bug: 16642
Change-Id: I31db92238adcb2ec2d70b2650e41b14d99001908
Reviewed-on: https://code.wireshark.org/review/37537
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Update the text in the Code Requirements section. Switch to a
description list. Add a list of allowed licenses.
Change-Id: Ic9bf88bee7122684f5e3b80185be37a7e4e7b011
Reviewed-on: https://code.wireshark.org/review/37417
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: Ieda68cc1518325c64c8862a77f16cee5de7def8b
Reviewed-on: https://code.wireshark.org/review/37519
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support to read/write the new EPB options, epb_packetid,
epb_queue and epb_verdict, from/to pcap files.
In addition, it updates the packet-frame dissector to dissect
these new fields.
More details on the options can be found in the PcapNG
specification: https://github.com/pcapng/pcapng
An application using these new fields can be found here:
https://github.com/chaudron/xdp-tools/tree/dev/pcapngII/xdp-dump
Change-Id: I761b8114b437fe573dd2c750e35586ad88494938
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-on: https://code.wireshark.org/review/37412
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Call exit_msg(), not just print().
Change-Id: I3ca59b262285222e5f54045244b6eeaa31fa363e
Reviewed-on: https://code.wireshark.org/review/37530
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Catch particular exceptions and print a more detailed error.
Change-Id: Ied98c6d0bc0410eb8b9cb2a98f7264e980c2bb28
Reviewed-on: https://code.wireshark.org/review/37529
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Change-Id: I790f6ecb2d9616ff1ae9ca47364e1d5443e36ace
Reviewed-on: https://code.wireshark.org/review/37528
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Change-Id: I2089ca390308da50d182f6bdad5be530f7e7cc71
Reviewed-on: https://code.wireshark.org/review/37527
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Don't take the address of an hf_ field and then, in the called routine,
dereference the pointer; just pass the hf_ field value. In the cases
where we're passing a member of an array of pointers, dereference the
pointer at the call site.
Change-Id: I022ce46c196621088e093f9a43d57b4653c957f7
Reviewed-on: https://code.wireshark.org/review/37526
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Jaap Keuter
Vadim Yanitskiy