For now we don't dissect the details, but it's already useful,
if they are not unknown elements.
Change-Id: I38b521262b688ba0afbbb9c58b99c3b50dbd2b24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36467
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We need to dissect them differently...
Change-Id: Idb6d65800b1787b9cb6fca2630373547b9b7b1bc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36466
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I6c3d3810456d30877802fbd5d8d8ee64df2417f7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36465
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In future we could further dissect the details, but seeing
the decrypted bytes is already very useful.
Change-Id: Id03664513e66b089e2815140a061ec90b9a49232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36464
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic4f0e92847151c467f7cc5fca3495e51586d8fd8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36463
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is not yet within [MS-KILE], but I'll dochelp@microsoft.com
to document this in the next version.
Change-Id: Ie7017fe31125edc0315653c13831373ac3e67be8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36462
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic0c69dab9db66c967741a82cb25d2c9fe19137ce
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36461
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib5b000927343e091ada10caf786d7af5277455b6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36460
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I20e09b33ef7a15dd5f5faa4e224de459f0040309
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36459
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4a2ec6793f6a85f46455bcbfdbcca746d00ad883
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36458
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The new AUTHDATA-TYPE values are from RFC6113 and MS-KILE.
Change-Id: I269e498f6d0e7f707b5c45fab848114b2d57df03
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36457
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I472884ed84f7d630aede5a2bb65e87c5ad1e76a4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36456
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The new PADATA-TYPE values taken from rfc6113.txt
Change-Id: I42e50996c5694c34fc4714189b2e004bbbd501cf
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36453
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will be useful in the following commits.
In the end there will be some recursion when dissecting FAST messages
and we'll need to know if the toplevel message.
Change-Id: I20f7ea81a8328c422785a44e3647ae2f749b89cc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Let's always use kerberos_private_data_t and give it a pointer
to the optional callbacks.
Change-Id: I521bc62b98a5294ae7c307a47b64d2bd117a810e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36473
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support more of what current Linux kernels generate. We don't yet
dissect control event payloads.
While we're at it:
Opcodes are defined in the kernel source in decimal; define and show
them as decimal.
Use #defines for a bunch of enumerated values, such as opcodes
Show the opcode's numerical value in the Info column if it's not one we
know about.
Change-Id: I915981a46d1a4a544a5e036e69d9a9de8cb8cb30
Reviewed-on: https://code.wireshark.org/review/36487
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ibdcfdd675f5c1e86b15f36f9a6c28b73e13c1616
Reviewed-on: https://code.wireshark.org/review/36480
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This matches the wording in the Spec.
Change-Id: I566da78e88ff5aaa832c657dd74b5c590ee6b4aa
Reviewed-on: https://code.wireshark.org/review/36479
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is required to allow the maximum valid exponent (63) to
be used.
Bug: 16445
Change-Id: I1473cebbe74a59785f03a882e3bc1af4b881d444
Reviewed-on: https://code.wireshark.org/review/36451
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fields such as 'frame.time_delta' have no byte selection, they are added
with offset 0 and length 0, and evidently 'ws_tvb' is NULL. As
tvb_bytes_to_str expects a non-NULL tvb, explicitly check for this and
add a dummy placeholder. This is intended to be a human-readable string,
so prefer `<EMPTY>` over an empty string.
Change-Id: I32efe4cbefc6bcf0fa9fb94fcf25d7bf1628f3a7
Reviewed-on: https://code.wireshark.org/review/36440
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Most people will never generate API documentation by running the
'wsar_html' target and will not notice any feature degradation.
On Ubuntu 18.04, doxygen depends on libclang1-6.0 (and indirectly
libllvm6.0), 108M can be saved by not installing these.
Change-Id: I51b58f4106696b5475c48afcdaed256f9a97cc81
Reviewed-on: https://code.wireshark.org/review/36416
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We try to dissect the NTLMv2 blob and
verify the nthash against our keytab.
Change-Id: Ia33e91bcd89f72e7468f61756f0eafe9df92356d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36406
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
get_md4pass_list() is always available, it just returns 0
if HAVE_KERBEROS is not available.
Change-Id: I7fd8613b48c5b02f8693fa6ee15f5f38ed10643e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36447
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the attempt to fetch the list of local interfaces failed, the model
will be empty, so "model is empty" doesn't imply "no interfaces found".
First, check whether there was an error, and report the error string;
otherwise, if the list is empty, report "No interfaces found." (and fix
the capitalization while we're at it) and, otherwise, return an empty
string.
Also, if pcap support wasn't configured in at compile time, skip all
that, and just return a string indicating that.
Change-Id: I498226888272e1bdede2355cc902f8a74b0cce72
Reviewed-on: https://code.wireshark.org/review/36446
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Subclass QCPErrorBars with implementation that never accepts clicks.
This prevents a lot of square root computations in QCustomPlot
mousePressEvent handle and results in usable tcptrace graph.
An alternative solution to the poor performance problem could be using
QCP::srmCustom SelectionRectMode. I don't know how to implement graph
drag with QCP::srmCustom, and thus I went with simple subclass approach.
Bug: 16281
Change-Id: Id4178e59bdbd2222db4669d0635ff741ebde839f
Reviewed-on: https://code.wireshark.org/review/36413
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The error message is included in parentheses as part of a larger error
message, so you don't want a newline at the end.
Change-Id: Iabff74941972504770c45b94b124e25d124b512c
Reviewed-on: https://code.wireshark.org/review/36441
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the Service Response Time section of the User's Guide. The sample
captures page had a nice SMB2 capture file, so use that for the example.
Use title case for "Diameter" to match the RFCs.
Change-Id: Icff510dbe2d77db9cd42548ad58439d17282e851
Reviewed-on: https://code.wireshark.org/review/36421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From version 1.5.0 of libgcrypt there's support for AES unwrap. Use the
libcrypt function when available.
While at it also make AES_unwrap a static function of dot11decrypt.c
Change-Id: I4f69a766df3ea19ce25122e8d2fd1086f440995b
Reviewed-on: https://code.wireshark.org/review/36431
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set capture file for model and header before columnsChanged() is called
to prevent skipping model reset in PacketListModel::resetColumns() due
to cap_file_ being NULL.
Do not strech last section in packet list header. This prevents
QHeaderViewPrivate::resizeSections() from messing up the column sizes
via resize events. For some reason (unknown to me) underlying
QHeaderView implementation has different idea about the number of
visible columns than our code.
Ping-Bug: 16063
Change-Id: I482c1080adb418b7922ee99d357d4962dc086026
Reviewed-on: https://code.wireshark.org/review/36120
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
That is the rule of UN*X, engraved on stone by Ken and Dennis, and
there's plenty of software used to display and edit Wireshark source
that hardwires the tab stops there.(including Boring Old cat And more).
Pick any indent you want, but do *not* put tab stops every 4 spaces,
even if putting them every 8 spaces requires you to hit your IDE over
the head to accept that.
Change-Id: I58f7c459ce2d72096f67e650afe74f2637f38649
Reviewed-on: https://code.wireshark.org/review/36434
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove duplication of code.
Change-Id: I7cd1bd73ee9eda962a37468cadb72de291f1ec6a
Reviewed-on: https://code.wireshark.org/review/36432
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That check is required for remote capture just as it's required for
local capture.
Change-Id: I9341ef4aeeef706db9728c8abb8531bec8306bdc
Reviewed-on: https://code.wireshark.org/review/36430
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Iaac5f85e75e93278e2c485bd2e52756ac23f6e9a
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36390
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The dissector for Distributed Interactive Simulation reports malformed packets
for Entity State Update PDUs because the offset for the Number of Variable
Records field is off-by-one. The Padding field dissection is also off-by-one.
This change fixes the problem by not incrementing the offset returned by the
parseField_Entity function which is already past the Entity ID field. The
offset must be incremented after dissecting the Number of Variable Records
field to get to the start of the Entity Linear Velocity.
Change-Id: I942123be7a1d4e4e4fc587f757cb030a3daf8ef2
Reviewed-on: https://code.wireshark.org/review/36420
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We always use pcap_findalldevs(), as we now require it.
Change-Id: Ia0897ccd80c836dbb8b5f1d9890cf8d4aef05c14
Reviewed-on: https://code.wireshark.org/review/36425
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wpcap.dll now won't load if pcap_findalldevs() or pcap_freealldevs() are
missing, so if it's loaded, we know they were found.
Change-Id: I981816561c1213a4c5c60fae90bd05dbbb9d2f1d
Reviewed-on: https://code.wireshark.org/review/36424
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We require libpcap 0.8 or later, so somebody's *really* have to go out
of their way to get a version of Wireshark running with a pre-0.6
libpcap.
Change-Id: I329b3a37cd37ca5d9e76db447daabfe1dc47e75d
Reviewed-on: https://code.wireshark.org/review/36422
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's good to see where the session key for decryption was learned.
Change-Id: I2c18c6367eb60796744a3a4d4330244493c29688
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36405
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's useful to see which keys where used, if we have a keytab to
verify things!
Change-Id: I77d887cd28b8ebe57c6c897797b0ab320a390699
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36404
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
By passing a real int version to
netlogon_dissect_netrserverauthenticate023_reply() it can also
handle NetrServerAuthenticate instead of only
NetrServerAuthenticate2 and NetrServerAuthenticate3.
Change-Id: Icb3aa3aee52a844b3c34c4bce8b7b3a65f0bdae7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36403
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I65a99a31524bcf96e434f4313a3fa0663bd31801
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36412
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CCMP-256 decryption support is only available with libgcrypt >= 1.6 so
skip corresponding test if lib is too old.
Fixes: v3.3.0rc0-733-geed31f13be ("ieee80211: Add CCMP-256 decryption support")
Change-Id: I6145f2ec49e19d1356915b9b1d8da54332a4a16a
Reviewed-on: https://code.wireshark.org/review/36414
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stefan Metzmacher