Since the use of 'Decode as' can result in another port number than the
default port (7) being the service port, this should be checked against.
Change-Id: I93383613115595fff621e2fb9ab7959cd448c01e
Reviewed-on: https://code.wireshark.org/review/18991
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display length fields in decimal, just as they are displayed by the
RDMA RETH dissector.
Display version fields in decimal, just as they are displayed by the
RPC dissector.
RDMA offset fields are left in hexadecimal since they are
essentially addresses, and at least the Linux RPC-over-RDMA
implementation has debugging messages that display these as
hexadecimal values.
Change-Id: I7206970675ca0ca486b3a2837b6dbb1c4d764091
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19028
Reviewed-by: Michael Mann <mmann78@netscape.net>
On an RDMA transport, RPC protocol never appears in a frame by
itself. If RPC-over-RDMA is not present, then RPC is by definition
not present as an InfiniBand data payload.
Bug: 13195
Change-Id: Icaea9d4936477af32adc73140c67539e977a7a9a
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19024
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also adjust the smb2_info_t structure that handles the value.
Bug: 12915
Change-Id: Ia314b8dc840b9d26d2c1d185f06ef93f242a3a7b
Reviewed-on: https://code.wireshark.org/review/19019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A new "--export-object <protocol>,<destdir>" option is added to tshark.
This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)
Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Apply the same value checks to the vendor generic suboption dissection
as is done for the Cable lab and ADSL forum ones.
See https://ask.wireshark.org/questions/57695 for an example issue.
Change-Id: I4fe07d07cf0a93f4693e5ff54dd70c008701cf41
Reviewed-on: https://code.wireshark.org/review/18999
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib1e2b4e57832e94b94d34102c0079f820b18f350
Reviewed-on: https://code.wireshark.org/review/19000
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When registering preferences, make sure our titles and descriptions are
valid UTF-8. Make sure our titles are short and only contain printable
characters.
Fix problematic titles and descriptions.
Change-Id: I20d3f93438f2b3c30266f934297feb79897f2ee5
Reviewed-on: https://code.wireshark.org/review/18998
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
add expert info if this is exceeded. Spotted in the wild via
https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid
Tested with a synthetic pcap having length 2^14+1 using Python:
from scapy.all import IP, TCP, UDP, wrpcap
len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
wrpcap('bad-record-length.pcap', [
IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
])
Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
Reviewed-on: https://code.wireshark.org/review/18959
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
As stated in 3GPP 23.003:
"the APN has, after encoding as defined in the paragraph below,
a maximum length of 100 octets"
Change-Id: Iae23117f44ea5b668f6cb23dbd0e726e4e56ce41
Reviewed-on: https://code.wireshark.org/review/18972
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Apparently, it was forgotten ;)
Bug: 12614
Change-Id: Id1a2d98e3ea2b381c5fa60faeb342256d4c7d9f8
Reviewed-on: https://code.wireshark.org/review/18955
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
wmem_file_scope() was used too many times when wmem_packet_scope() will do.
Also, use the wmem string functions to only allocate enough space to
handle a string instead of using MAX_BUF_LEN.
Change-Id: I3031d3aef34b7105264b17dc83e3b1f4cfb4b3d4
Reviewed-on: https://code.wireshark.org/review/18910
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iaa554ac94d248c67c635ac180ea2d1c1e3775b6a
Reviewed-on: https://code.wireshark.org/review/18915
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
They don't work on Windows, and we support Windows, so....
Change-Id: Icdbdfcfd930ae13aba6d8fb018d7e2af55b76fa1
Reviewed-on: https://code.wireshark.org/review/18943
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This dissector allows Snort to process all of the
packets passed to Wireshark, and for the alerts to
be shown in the protocol tree. It is also possible
to set the source of alerts to be packet comments.
Change-Id: I6e0a50d3418001cbac2d185639adda2553a40de8
Reviewed-on: https://code.wireshark.org/review/18848
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This allows dissectors to not need to know about the internal preference structure.
Change-Id: I1ae67248cd0b0132aefc225ea0a9befaf9afdde2
Reviewed-on: https://code.wireshark.org/review/18864
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- support draft-ietf-6tisch-6top-protocol-03
- rename variables and constants to reflect the protocol hierarchy
- show 6P specific information in the "Protocol" and "Info" column
- cleanup
Bug: 13136
Change-Id: I83ca8a55d59225e0cce64f3463100b3750a58b8f
Reviewed-on: https://code.wireshark.org/review/18824
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If838db823dd1c7614fcfdfc2774952bf70da3c6e
Reviewed-on: https://code.wireshark.org/review/18919
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Use tvb_get_guintXX with encoding parameter rather than have an "is_little_endian" flag
2. Replace proto_tree_add_xxx_format with proto_tree_add_xxx_format_value or proto_tree_add_item
3. Create some value_strings in favor of functions.
Change-Id: If4b8e8992662bda768b39ba5f1932272760eef65
Reviewed-on: https://code.wireshark.org/review/18909
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'bthci_evt.pending_response_delta' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_DOUBLE
Change-Id: I7665ea0c007ef089c6986c102f2358d08d4628df
Reviewed-on: https://code.wireshark.org/review/18889
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: Ic4e6fe7978382854b4f36eebc8372eb3cd8e7551
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/18895
Reviewed-by: Michael Mann <mmann78@netscape.net>
'uds.tp.suppress_reply' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
Change-Id: I8f6035c79c7b6481dd2915cfcfc99963fef7fc23
Reviewed-on: https://code.wireshark.org/review/18884
Reviewed-by: Michael Mann <mmann78@netscape.net>
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_BYTES
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_INT64 and FT_STRING
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_INT8 and FT_INT64
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_DOUBLE and FT_INT32
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_FLOAT
'hsms.data.item.value' exists multiple times with NOT compatible types: FT_UINT8 and FT_UINT64
Change-Id: I83697e72ebfa4e164178141d789c4ca2d9d09db0
Reviewed-on: https://code.wireshark.org/review/18887
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Benjamin Parzella <bparzella@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It can be not FALSE
Change-Id: I938011296b40013a1dad813c3196e899b1b90347
Reviewed-on: https://code.wireshark.org/review/18883
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'uftp4.announce.publicmcast' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'uftp4.announce.privatemcast' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'uftp4.fileinfo.tstamp' exists multiple times with NOT compatible types: FT_ABSOLUTE_TIME and FT_UINT32
Change-Id: I94b235e9ba8ebe8a036620f9537eb674f418f1e5
Reviewed-on: https://code.wireshark.org/review/18882
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'radiotap.present.flags' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT32
Change-Id: Ib53eb43c2103b24bd02bd41fd20030b7e7ae321b
Reviewed-on: https://code.wireshark.org/review/18886
Reviewed-by: Michael Mann <mmann78@netscape.net>
'vxlan.flags_reserved' exists multiple times with NOT compatible types: FT_UINT8 and FT_BOOLEAN
Change-Id: I98d296393796defc5741c41a496432eb8f927be2
Reviewed-on: https://code.wireshark.org/review/18881
Reviewed-by: Michael Mann <mmann78@netscape.net>
A Attribute Identifier List can have more than one AT element. Therefore
we have to loop through the elements list.
Bug: 13077
Change-Id: I3adaa5ba50a1ad01e7c5bacd05118c65afcf4442
Reviewed-on: https://code.wireshark.org/review/18825
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Calculated Checksum tree item prints the checksum from the
tvb, instead of the computed one (the "should be 0x...." tree
item above it _does_ print the computed one). As such, in a packet
with bad checksum, the Calculated Checksum is incorrect. Fix the value.
This seems to have been introduced in ad6fc87d ("Add
proto_tree_add_checksum.")
Change-Id: Ia20d5addc40956713a944102e79d25317b969a0e
Reviewed-on: https://code.wireshark.org/review/18859
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Details:
- update supported api keys
- add api key ApiVersions
- change api key names according to documentation
- add pcapng files for supported api keys
- add new documentation link
- add declaration of lz4 message codec
Change-Id: I943dc31144890dcd3dd333981a86754668c2bec4
Reviewed-on: https://code.wireshark.org/review/18861
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>