Change-Id: I44cc6b70ec4dfc565934da499f46fca60a4ded93
Reviewed-on: https://code.wireshark.org/review/5524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, I don't know why it's making it FT_NONE; it's a bit of a weird data
type, with a string inside a structure.
Change-Id: I27a6d7577ef4a9f4da8ddad2cad97ad097135e90
Reviewed-on: https://code.wireshark.org/review/5685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto_tree_add_bitmask() requires that the field under which it's
putting the bitmasks be an FT_INTn or FT_UINTn, so that it can determine
the length of the field.
Arguably, proto_tree_add_bitmask() should, instead, take a length
argument, just as other proto_tree_add_ routines do, and, arguably, we
should perhaps not even have FT_UINTn and FT_INTn, just FT_UINT and
FT_INT, with the display width for hex and octal (leading zeroes)
determined by the actual length of the field or something such as that,
or as part of the field that also contains the base.
But, even with that, we might want to require an FT_UINTn or FT_INTn
anyway, at least in cases where the value of the field as a whole is
interesting.
Change-Id: I4dff8fb1686a30b7d145c089dd1be7f96ecf23e0
Reviewed-on: https://code.wireshark.org/review/5680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have separate MTP2 dissectors for:
MTP2 frames with no pseudo-header and no CRC;
MTP2 frames with a pseudo-header and no CRC;
MTP2 frames with no pseudo-header and a CRC;
and call the appropriate dissector in the appropriate places.
While we're at it, get rid of a global variable - pass the "use extended
sequence numbers" flag down through the dissection code path, rather
than having it as a global.
Change-Id: Id8da1fbe3529e3ffadd5c30646cbc922f506a01f
Reviewed-on: https://code.wireshark.org/review/5679
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and continues trough the next segment(s).
Change-Id: I8efe69361fda0c60ec6544cc6bbe28c91f07207c
Reviewed-on: https://code.wireshark.org/review/5583
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's proto_tree_add_bitmask with the ability to control the data appended to header.
Change-Id: Icce97437ba7cfc9158ec204a837da8db8138424a
Reviewed-on: https://code.wireshark.org/review/5533
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If886809d9eeb900bb94c045413ff1295519b8311
Reviewed-on: https://code.wireshark.org/review/5641
Reviewed-by: Michael Mann <mmann78@netscape.net>
It will be reused by CAPWAP dissector (* Rates Message Element)
Change-Id: I60ce12f382a35cdc2747baf23e2e3c30a305a8bd
Reviewed-on: https://code.wireshark.org/review/5640
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I396e9af7971ee8be6fc9548162ff37fe704f0289
Reviewed-on: https://code.wireshark.org/review/5651
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I68fa9650c234c0f1fb8464b464a781b54f2c728c
Reviewed-on: https://code.wireshark.org/review/5657
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6abc157368a78e1abfde672728b88a36ba6e76cc
Reviewed-on: https://code.wireshark.org/review/5656
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia0a39f7e4670d74325ddc40b34cd56ca018c0bde
Reviewed-on: https://code.wireshark.org/review/5655
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie64573f5a0b6e921a5011e487eea8e55f72b9a0b
Reviewed-on: https://code.wireshark.org/review/5653
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
different value to them
Change-Id: I719db9180b2ba5f21653086f2697ca9bac68d6b1
Reviewed-on: https://code.wireshark.org/review/5652
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Bug: 10757
Change-Id: I30054c4a75ec86ea603cf78b702be5255c35f549
Reviewed-on: https://code.wireshark.org/review/5642
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I0e8610f381e650f2c5b3f78ea927b727ec9ac62a
Reviewed-on: https://code.wireshark.org/review/5637
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
rec_type is the type of record (which isn't necessarily a packet; future
work on libwiretap will let it return non-packet data); if it's a packet
(REC_TYPE_PACKET), then pkt_encap contains the "link-layer"
encapsulation for the packet (in quotes because it may contain metadata
not transmitted over the network).
Change-Id: I6f32b02f4466df6d7b07dbdc9d77e881830ac749
Reviewed-on: https://code.wireshark.org/review/5645
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I01f01ce51fb1c9deb857ef01696b406b97dca3a9
Reviewed-on: https://code.wireshark.org/review/5616
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id001a6c1e116fdabfd51c354832ca68f50e65e7d
Reviewed-on: https://code.wireshark.org/review/5618
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6b8fc8db006bc3b8f8f4bac019cb7e240931d3b5
Reviewed-on: https://code.wireshark.org/review/5619
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We do multiple va_start() calls using the first string in the list of
strings; do *not* use the first-string argument to iterate over all the
argument strings, as that means that only the first va_start() call will
do the right thing, use a separate variable.
Bug: 10755
Change-Id: Ic4a6c24f911e335d147883a25d30289628836875
Reviewed-on: https://code.wireshark.org/review/5630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The fact that the vtag matches the initiate tag doesn't mean much if both are 0
(uninitialized).
Also leave in some (commented-out) debug to make debugging this stuff easier
in the future.
Change-Id: Id007de8bf9d2d4e0bb18309ed3e2572fedda45f1
Reviewed-on: https://code.wireshark.org/review/5571
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Change-Id: Ic0abcf8173a690a1dc0cd250f5e8770eb92a5aa9
Reviewed-on: https://code.wireshark.org/review/5626
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I67dd6ae5dc48b297e5c04aba2fe53e3e159d2611
Reviewed-on: https://code.wireshark.org/review/5625
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
use tvb_captured_length() instead of tvb_length()
Change-Id: I7e7efd69515fc3e30c986ac5d9a56b4db1931c10
Reviewed-on: https://code.wireshark.org/review/5624
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
The exception schedule special-event disection already used matched
open-close tags and only needed to check for an unmatched close tag
to exit when used with ReadPropertyMultiple service.
Bug: 10691
Change-Id: I54f2f6f3f470138a6a88f84c62fd15b07ea74c37
Reviewed-on: https://code.wireshark.org/review/5593
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- Rename BadColor to BadColormap as the former does not exist in the X11
specs
- Parse the bad resource id field in case of the following errors:
BadColormap, BadWindow, BadPixmap, BadCursor, BadFont, BadDrawable,
BadGC and BadIDChoice
Change-Id: I5b23d32189e1a8bb291c656cf6383a85b3e89642
Reviewed-on: https://code.wireshark.org/review/5592
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Note: Use of most of these filter names could have caused a Wireshark crash.
Change-Id: I393402a25dd26d174baff77f4706f6d5f43a94ae
Reviewed-on: https://code.wireshark.org/review/5610
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Ia8fce9307bae33c44d630af403980d162afd88c2
Reviewed-on: https://code.wireshark.org/review/5597
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I4eadf2b613b7803c81593e517408631f8375ab2c
Reviewed-on: https://code.wireshark.org/review/5596
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I66c1973daa89690f6aaa10891408e93e886875ea
Reviewed-on: https://code.wireshark.org/review/5595
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
(I guess newer versions of GCC/Clang know that dissect_eh_frame() is
never called with a segment_size of 0, so the loop is traversed at least
once. NOTE: if it ever *is* called with a segment_size of 0, then
that's a genuine bug and needs to be fixed.)
Also, segment_size is used; no need to mark it as unused.
Change-Id: I63b7a580a853b55f22494de73b4c4e6f9a387647
Reviewed-on: https://code.wireshark.org/review/5591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes, matching LSB 4.1[1] and the AMD64 ABI[2]:
- Multiple CIE entries can exist after the first one. Introduce a CFI
subtree and add CIE and FDE records below it. Merge comon parsing
functionality of CIE/FDE. A CIE terminator is treated specially, and
added instead of a CFI subtree.
- Validate the header length before using it to avoid a dissector
assert. This condition is triggered by a binary produced by a buggy
gold linker[3].
- Add two expert items: one to detect an invalid CIE length (too small
or too large) and one to detect a segment which is larger than the
CFI records (to catch the gold linker bug[3] where the segment begins
with zeroes).
- Do not overload the elf.eh_frame.length field with the value of the
Extended Length, instead use elf.eh_frame.extended_length (likewise
for FDE).
- Stop tracking the subsection size with another variable
(remaining_length), just store the end of the entry.
- Fix typos in descriptions, improved / shortened field descriptions.
Tested with the 'bad' and 'good' binary from bug 10726 as well as the
'a' binary from bug 8818 (which introduced this code). Decodes properly.
[1]: https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html
[2]: http://www.x86-64.org/documentation/abi.pdf
[3]: https://sourceware.org/bugzilla/show_bug.cgi?id=17639
Bug: 10726
Change-Id: I523600b8141bd8953ae468051a57357ab199a258
Reviewed-on: https://code.wireshark.org/review/5488
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Both exponent and 'integer N' values are limited:
* max exponent is 3 octets/24-bits
* max integer N is 8 octets/64-bit
Tested with zero value/length, integers, doubles, positive and negative numbers all using the Basic Encoding Rules (BER)
Change-Id: If92e1b3e209c42909b8cb76e6f50b8e6cd1da0da
Reviewed-on: https://code.wireshark.org/review/5527
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I3b5afb8a59f6443624708b9fecfdcbe93dad59ef
Note: Some of the filters, when/if used, could have caused Wireshark crashes.
Reviewed-on: https://code.wireshark.org/review/5575
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I7db4e67ffe99a9f3b41d0b507d9837e0237d4547
Reviewed-on: https://code.wireshark.org/review/5558
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I668b9c3dfcac83c698e83d4111af8bd19ec8076c
Reviewed-on: https://code.wireshark.org/review/5559
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Include DCP port to the list default ports
* Parse payloads for DCP commands:
* OPEN_CONNECTION
* ADD_STREAM
* STREAM_REQUEST
* Reorganize if conditions to cases
* Update list of known commands
Change-Id: Id37b5c61f0d1084628c6286fd6e4ad722e1d6d99
Reviewed-on: https://code.wireshark.org/review/5388
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix AS Path Heuristic
Issue reported by Jon
Bug: 10742
Change-Id: Ie5e4108bd93464a2d1076dcc4f322171ea8e68cb
Reviewed-on: https://code.wireshark.org/review/5564
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Details:
- Rename various "alljoyn.header..." display filter
names releated to the alljoyn "message header"
to "alljoyn.mess_header..." to distinguish
the fields from actual alljoyn "header" fields.
This also fixes the duplicate use of the display
filter name "alljoyn.header".
- Don't use FT_PROTOCOL for a field type.
Change-Id: Id4e78f36716cf6064638aecd5faf561bcbc88b46
Reviewed-on: https://code.wireshark.org/review/5561
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Joe Huffman <jhuffman@codeaurora.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The offset used for BGP community tag dissection is a wrong one.
Bug: 10746
Change-Id: I1d1d443568bb97a0b3b95a312762ac0a3102326a
Reviewed-on: https://code.wireshark.org/review/5562
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 3 of many, but this concludes the strict conversion to proto_tree_add_bitmask. Patches to follow with use proto_tree_add_bitmask_xxx (some functions still need to be written)
Change-Id: Ic2435667c6a7f1d40602124e5044954d2a296180
Reviewed-on: https://code.wireshark.org/review/5553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Two comments are added to the code to notify Coverity scan that breaks are not put in switch statement intentionally.
Change-Id: Ie391790ee7365da56ddf0bf7b19042c9a11efddd
Reviewed-on: https://code.wireshark.org/review/5554
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Part 2 of many
Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec
Reviewed-on: https://code.wireshark.org/review/5542
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7694a6f8d8ccec3109fb86ccefee5798de57757d
Reviewed-on: https://code.wireshark.org/review/5548
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Give all routines in epan/print.c that write a particular format a name
beginning with write_{formatname}.
If routines write columns, rather than the raw protocol tree, don't give
it a name containing proto_tree.
Get rid of empty preamble/finale routines.
For CSV, the preamble routine writes out column titles, so call it
write_csv_column_titles().
For C arrays, the body routine writes out raw hex data, so call it
write_carrays_hex_data().
capture_file isn't a structure defined by libwireshark, so don't make it
an argument passed into libwireshark.
Change-Id: I5a7e04de9382cf51a59d9d9802f815b8b3558332
Reviewed-on: https://code.wireshark.org/review/5536
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Part 1 of many
Change-Id: I77a5789ac23388e6a5f8098dc398592f39638124
Reviewed-on: https://code.wireshark.org/review/5532
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
no ethertype 0x8203-0x8205 support in trunk.
0x8204 is QNX OS VER 6's qnet ethernet protocol number.
Bug:3934
Change-Id: I5f3e910876bb7fb86de2111f856d026fdf220917
Reviewed-on: https://code.wireshark.org/review/2954
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Also cleanup description of remaining preferences
See Bug 10719
Change-Id: I81faba77d8b88b24c65156f5139067233869154b
Reviewed-on: https://code.wireshark.org/review/5416
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If56209f1274245f54100d0acfaf14098c8df4582
Reviewed-on: https://code.wireshark.org/review/5520
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie46d6c201df0b0164a8bf96c02d6430734fd2948
Reviewed-on: https://code.wireshark.org/review/5518
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Displays the FDE Count as a number, not a series of bytes.
Change-Id: I60dd426cb5305a5001a8200578008b7c4a99c64e
Reviewed-on: https://code.wireshark.org/review/5489
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
This was changed in g8881f3f in an attempt to avoid throwing an exception when decoding the options field
Bug: 10514
Change-Id: Ia4b49f484d6255090c5a6e425a9716b48ccc4cb5
Reviewed-on: https://code.wireshark.org/review/5495
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also convert many of the proto_tree_add_boolean calls into proto_tree_add_bitmask.
Change-Id: I1fb2f943abed28434a2aadc48eb7e9ffb766f463
Reviewed-on: https://code.wireshark.org/review/5523
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should avoid questions like
https://ask.wireshark.org/questions/38198/what-is-enttec-in-a-pcap-file
It also splits DMX-over-UDP and DMX-over-TCP into separate dissectors,
as
1) DMX-over-TCP has only config packets, DMX-over-UDP has the
others;
2) that would let us do reassembly, if necessary, for
DMX-over-TCP.
Change-Id: I2606c814693028c7ba2bbc458e45c853372baaf3
Reviewed-on: https://code.wireshark.org/review/5522
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissection of Layer setting services (LSS) sub-protocol
according to CiA 305.
Change-Id: I24ca1827b25c30a672fb31cad390b3c1486102f4
Reviewed-on: https://code.wireshark.org/review/5516
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Since ge3a04bb data parameter is used for the media-type string
Bug: 10729
Change-Id: I3df640079a8bf57f4bd86a1baa08cbf9a3a7e1b3
Reviewed-on: https://code.wireshark.org/review/5511
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* Move sdo dissection to separate function
Added dissect_sdo() function to handle the more complex SDO dissection.
* SDO command specifier decoding
Decoding of both client and server command specifier for SDO transfers
according to CiA 301 Chaper 7.2.4.3.
Note: Fully decoding block transfer frames is more complex and not supported
yet.
* basic SDO abort code decoding
SDO abort codes as specified in CiA 301 Chapter 7.2.4.3.17 (Table 22).
* Basic value ranges for object dict index parameter
Object dict ranges as specified in CiA 301 7.4.1 (Table 41)
* cs-based multiplexer and data decoding
A data width of 4 byte is valid only for expedited transfer and a
multiplex value is present only in initialisation messages.
This patch now handles also normal sdo segment data.
Reference: CiA 301, Chapter 7.2.4.3.3 and 7.2.4.3.6
Change-Id: I37005894082d62eed1ddd85e09e3676aa3af8222
Reviewed-on: https://code.wireshark.org/review/5504
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264
Reviewed-on: https://code.wireshark.org/review/5486
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
out that tvb_new_subset(tvb, tvb_sectionbegin, sectionlen, -1) causes a
problem as reported_length is set to -1, set it to sectionlen.
Change-Id: I650d3fa1390be5add66ed44d0f70929b9eb0aad6
Reviewed-on: https://code.wireshark.org/review/5505
Reviewed-by: Anders Broman <a.broman58@gmail.com>
sccp_msg_info_t* is now passed from SCCP dissector to its subdissectors through dissector data parameter.
Change-Id: Iab4aae58f8995e844f72e02e9f2de36e83589fc0
Reviewed-on: https://code.wireshark.org/review/5442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Also show Reserved/Toggle bit of NMT error control
In case of the node guarding protocol this bit is used as a toggle bit.
In case of the hearbeat protocol this bit is reserved.
Reference: CiA 301 (rev 4.2.0), Chap. 7.2.8.3.2
2. Show optional 'counter' parameter of SYNC messages if available
Reference: CiA 301 (rev 4.2.0), Chap. 7.2.5.3.1
Change-Id: I5dc0ab65e95fec4846a9c8bd8972ef2eba664ee2
Reviewed-on: https://code.wireshark.org/review/5484
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They may be accessed during the print phase, at which point packet-scope memory
has already been freed.
Bug: 10724
Change-Id: Ifcf5fc0c0857614edf85349b12dfe605abf6fef7
Reviewed-on: https://code.wireshark.org/review/5497
Reviewed-by: Evan Huus <eapache@gmail.com>
They may be accessed during the print phase, at which point packet-scope memory
has already been freed.
Bug: 10720
Change-Id: Ia2b160fd9de4ccaa3a4b8d9cb70fb9b32d4e08a0
Reviewed-on: https://code.wireshark.org/review/5496
Reviewed-by: Evan Huus <eapache@gmail.com>
It appears that Wireshark allows (and currently has) fields with the
same name with differing "strings" content.
Change-Id: Iddac5a2c9f456a97ea676f2007f43d786482eebd
Reviewed-on: https://code.wireshark.org/review/5491
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I24ab56ce7d99f8ed670f4a50453223d4e6a46983
Reviewed-on: https://code.wireshark.org/review/5463
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I82cbfed770b41404bc42cb6a4413db07d04dffdc
Reviewed-on: https://code.wireshark.org/review/5462
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the COB-ID and Type subtree also used the main ett_canopen
variable. This made control of subtree expansion impossible as both
parent and subtree nodes shared the same state.
Change-Id: I3dabf7f399e83bfcfbf78bc0e633e3696776c043
Reviewed-on: https://code.wireshark.org/review/5480
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0a0cb0b4838bc4e55a759fb6031355892c220c8e
Reviewed-on: https://code.wireshark.org/review/5461
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibb47fd1a0d498cc9791ca31ee625395905a7e999
Reviewed-on: https://code.wireshark.org/review/5464
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC draft http://www.ietf.org/id/draft-fox-tcpm-shared-memory-rdma-05.txt
used as reference for packet dissection.
A small change was made to packet-infiniband, to add the Queue Number to the
info column. This allows for easy indentification of session traffic for a
particular QP.
Also: infiniband: tvb_length() --> tvb_captured_length()
Bug: 10715
Change-Id: I774ceffaa5c271cb6a28ab4ed21e53cd42f2547b
Reviewed-on: https://code.wireshark.org/review/5386
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: Iadd80aab291e5de714891a9f3c79edeca19e9b93
Reviewed-on: https://code.wireshark.org/review/5458
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
enabled
tcp_analysis::base_seq could be set several times when the
TCP ISN was set to 0, thus inducing some undesired wraps such as 0-1
Bug: 10713
Change-Id: I69a0dfe677e93bf51015bf7a39ebf888631b12a4
Reviewed-on: https://code.wireshark.org/review/5387
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Second try... ;-)
Remove also double space
Change-Id: I77aa269c1abae18b4fb9daec6cc0ac862cf4ab9f
Reviewed-on: https://code.wireshark.org/review/5421
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Fix wrong length for Operator Identifier
* Display Latitude and longitude in Degrees
Bug:10712
Change-Id: Idf6ba63db3ff16710fd0de7a7fd2233148cbaf4a
Reviewed-on: https://code.wireshark.org/review/5473
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use also value_string ext
Request from Hugo van der Kooij
Bug:10723
Change-Id: I0603687215b7e82a987a4a6cde00eb996b04a77c
Reviewed-on: https://code.wireshark.org/review/5466
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done automatically for the hf entries thanks to hfinfo_format_text() function
Bug: 10536
Change-Id: I9ee56b795234a94f0e59c82a96e3e6cedf71c4e6
Reviewed-on: https://code.wireshark.org/review/5459
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Store all handshake mesages in a buffer so that we can hash them
correctly when generating the master secret.
This change does not work correctly for DTLS retransmitted packets; that
are in the handshake as they will be hashed twice; which is bad. Looking
for ideas to implement this.
Bug: 10686
Change-Id: Ied01d4cc37b4270f325070a8d1630d3123577a0d
Reviewed-on: https://code.wireshark.org/review/5168
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Don't cast a pointer-to-int into a pointer-to-pointer and pass the
resulting pointer to g_hash_table_lookup_extended() - pointers and ints
are *not* guaranteed to be the same size. Instead, just have a variable
of type gpointer, pass a pointer to *that*, and then run that result
through GPOINTER_TO_UINT().
This fixes a reproducible crash.
Change-Id: I42954f222ab59866cb909b80d9dbb1d2668d2aff
Reviewed-on: https://code.wireshark.org/review/5457
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes it easier to focus on a single section entry, collapsing all
other entries.
Change-Id: I3de72065eb279e9449496a7224508e5be85c3757
Reviewed-on: https://code.wireshark.org/review/5456
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9abdc8c3deed35131af1537733d624d5cfced182
Reviewed-on: https://code.wireshark.org/review/5443
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Convert a handful of global variables into function parameters that get passed through the dissector, so we shouldn't be dependent on pinfo->sccp_info anymore. Removal of pinfo->sccp_info will be done in a separate patch (when the dissectors that use it can be updated).
packet-sua.c may need similar treatment.
Change-Id: If0001638d666afc07e04b02aa32ef31d6223a5de
Reviewed-on: https://code.wireshark.org/review/5343
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
We should warn when decoding Geneve packets with an unknown
version number.
Change-Id: Id40b756c3bb0320b69fbd8ee98830a2b05834a48
Reviewed-on: https://code.wireshark.org/review/5420
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pass the "output only these protocols" hash table as an argument,
instead.
Change-Id: Id8540943037e7b9bbfe377120c3f60dbe54fe0f1
Reviewed-on: https://code.wireshark.org/review/5440
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have write_psml_preamble() and write_csv_preamble() take a capture_file *
as an argument, so they can print the column titles themselves, rather
than having to defer it to the routine that prints packet data.
Change-Id: Ifd1b7a13062be8ad46846315976922a752778153
Reviewed-on: https://code.wireshark.org/review/5438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Put the low-level print stream code from epan/print.c into
epan/print_stream.c, leaving the higher-level stuff in print.c
Change-Id: Iae961f168ec655a29f434257b1af0937fca9f025
Reviewed-on: https://code.wireshark.org/review/5436
Reviewed-by: Guy Harris <guy@alum.mit.edu>
1. Fixed endianess in CANopen dissector.
According to CiA 301, 7.1.1. (p. 26):
"For numerical data types the encoding is little endian style."
2. Fixed NMT type string in CANopen dissector
NMT function code should not display 'EMERGENCY'
3. Fixed time stamp decoding
* Offset increment was too low for data type size
* Decoding of time_stamp_days must equal time_stamp_msec and thus be letohs instead of ntohs. CANopen data is little-endian encoded.
4. Fix: Use correct description string for NMT error control state bits
canopen.nmt_guard.state was faulty named "Node-ID". This was changed to "State".
5. Fix nmt_guard_state value_string array
CiA 301 desribes only 4 valid values. All other were deleted.
0x00 was renamed from 'Initalisation' to 'Boot-up' following CiA301.
6. Shortened EMERGENCY to EMCY
The term EMCY is the standard abbreviation used in CiA standard for Emergency service.
7. Fix: Allow SYNC and NMT error frames without any payload
NMT node guard remote requests do note have a payload,
SYNC frames only have an optional payload (counter)
If item length is set to -1, decode will cause a 'Malformed Packet' error.
8. Rename MT_NMT_GUARD to MT_NMT_ERR_CTRL which better reflects its scope
Change-Id: I676f9b5f2e4efd8e7c9528fe289e7510c4d43235
Reviewed-on: https://code.wireshark.org/review/5425
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
To avoid further duplication of work and bugfixing,
move regex strings to wiretap/logcat_text.h and include
this file in epan/dissectors/packet-logcat-text.c
Change-Id: I82773cda0e3240844139b104c68738ec82788014
Reviewed-on: https://code.wireshark.org/review/5410
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Wrap the declaration for C++ while we're at it.
Change-Id: Ifcc1b47bab139f5fb8da8c3dd4f20b1ebb99739e
Reviewed-on: https://code.wireshark.org/review/5418
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib160211198ca02f7eacf29d04568628c11f208a5
Reviewed-on: https://code.wireshark.org/review/5407
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Specifically:
- Use the proper code for testing strtol() result;
- Also: Values greater than 32-bits treated as an error
(on LP64 architectures);
Change-Id: I56e8e734fbb9a22dbd9ed4112e24327ffd7ee3c0
Reviewed-on: https://code.wireshark.org/review/5394
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In L, in line "-- beginning of /<buffer>" the "/" was removed.
This commit accomodates text logcat to that change.
Change-Id: I4cbfadf5a8169589f2848ce1a5793cea593ba459
Reviewed-on: https://code.wireshark.org/review/5405
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
* Add subtype Geo Location (2) and Operator Identifier (3)
* Use also offset to calculate the length
* Remove proto_tree_add_text
Issue reported by Ravindranath K M
Bug:10712
Change-Id: I9ad81ece856df134f3a706ad774d34e638cb5c94
Reviewed-on: https://code.wireshark.org/review/5397
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add support for PAD chunks as defined in RFC 4820.
Change-Id: I66a83d5d133429154fe40ccef26687c8350463cf
Reviewed-on: https://code.wireshark.org/review/5393
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
The length reported as value length for unknown chunks
was actually the chunk length. Therefore it was off by 4.
Change-Id: Ieea79d2c51b4729fc139395174625d1f362d1ee5
Reviewed-on: https://code.wireshark.org/review/5392
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
Change-Id: If618b0c3dc0502f5a31dcc580b9116daacb40239
Reviewed-on: https://code.wireshark.org/review/5389
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I40d351e3317ff7e207e5c68a39aaedb73faf54f9
Reviewed-on: https://code.wireshark.org/review/5281
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pascal Quantin