Create pseudo URB and pass the reassembled data to USB URB dissector.
Reassembly for control transfers is not problematic as the transfer
length is known. For bulk transfers assume the transfer can span across
multiple transactions, however for periodic (interrupt and isochronous)
assume the transfer never spans across multiple transactions.
Rely on USB dissector to provide endpoint maximum packet size. Actual
interface/configuration handling in USB dissector needs to be reworked
as the code assumes that there is only one configuration and alternate
interface configurations have matching endpoints.
While the reassembly bulk transfers and never reassemble periodic
transfers result in pretty good dissection, the USB class dissectors
need a mechanism to provide transfer size hints to USBLL dissector.
Such hint is not needed for software USB capture as software sniffers
essentially capture URBs and every transfer is associated with one URB.
The problem can be seen for example in Mass Storage Class where it is
common for data transfers length to be multiple of endpoint maximum
packet size. Because USBLL dissector doesn't know expected transfer
size, it combines together data and status transport.
Related to #15908
Add support for decoding instruction byte 78 (GET IDENTITY) from
TS 102 221 v15.11.0 and instruction byte CA (GET DATA) which is used to
retrieve the EID for eSIMs according to GSMA SGP.02 v4.2 available from
https://www.gsma.com/esim/esim-m2m-specifications/.
Closes#17548.
All fields with GSN address were decodes as common hf_gsn_addr. But if
ETSI order is used, it's possible to specify alternative decoder
depending on message type and field position.
Alternative decoder for GSN address was added for mandatary fields and
optional/conditional field in the case there is single GSN address in
message.
Added new function as common dissector for all addr types.
Based on the uninstall target I added to libpcap and tcpdump's CMake
files. cmake_uninstall.cmake.in is BSD-licensed, so I can use it here
and in libpcap/tcpdump without adding any GPL stuff to libpcap/tcpdump.
This patch speeds up the dissection of signal pdus, if not filtering.
With an example trace file full of signal PDUs, I gained about a 4x
speed up in opening the trace.
DCP Frames with Reserved Option dissection changed
short time ago. There isn't a predefined suboption
for Reserved option in the standard. But in this
implementation it dissected like control suboption.
This is not true and creates malformed frames in some
dcp pcaps. This implementation is reverted.
Wireshark will dissect undefined bytes as paddings
just like before.
Define dissect_http3_settings only if HAVE_LIBGCRYPT_AEAD is defined.
This should hopefully fix
```
epan/dissectors/packet-http3.c: In function 'dissect_http3_settings':
epan/dissectors/packet-http3.c:212:9: error: implicit declaration of function 'http3_is_reserved_code' [-Werror=implicit-function-declaration]
if (http3_is_reserved_code(settingsid)) {
^
epan/dissectors/packet-http3.c: At top level:
epan/dissectors/packet-http3.c:200:1: warning: 'dissect_http3_settings' defined but not used [-Wunused-function]
dissect_http3_settings(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* http3_tree, guint offset)
^
cc1: some warnings being treated as errors
```
on the CentOS 7 builds.
We occasionally get requests to fill in compliance forms and to sign
contracts. Add items for those.
Move the name change question to a historical intrest section.
If a "NT Password" value is provided by the user, the NTLMSSP decryption
should take place, whether or not Kerberos decryption option is enabled
(disabled by default).
NT Accounts may have empty passwords; this allows the dissector to try
decrypting the NTLMSSP session using an empty password (when "NT
Password" preference is left blank).
Rewrite storage and retrieval of `endpoint_guid`s to use private proto
data instead of `pinfo->private_table` which was meant solely for Lua
use.
Closes#17156
This patch allows the profile importer to recover from a file too large
to import as well as adjusts the maximum allowed config file size.
Closes: #17504
To quote the comment in plugins/epan/gryphon/packet-gryphon.c, "Note:
using external tfs strings doesn't work in a plugin", so, for plugins,
don't check to make sure that the file doesn't define a
true_false_string that's the same as one defined by tfs.c.
Small payload packets that fit into a single TSP without
fragmentation are dissected without ever being placed in
the reassembly table, so fragment_get_reassembled_id returns
NULL even on the second pass and later. Handle them (and
distinguish that case from packets not reassembled because they
were at the end of a capture.)
Add a few comments to clarify what's going on.
This should fix the cppcheck warning "The unsigned expression
'sizeof(struct _PKT_INFO)' will never be negative so it is either
pointless or an error to check if it is."
wmem_safe_mult() was only used to do an overflow-safe multiplication of
a type size and a count of elements of that type; replace it with
wmem_safe_mult_type_size(), which takes the type as the first argument,
and checks only whether the count of elements is <= 0.
379352ef7f / !3603 removed GLib from the INTERFACE_LINK_LIBRARIES and
INTERFACE_INCLUDE_DIRECTORIES properties for the epan target. This broke
external plugin development as discussed in !3891, so switch it back.
Gerald Combs