Make Protobuf fields that are not serialized on the wire (missing in
capture files) to be displayed with default values by setting the new
'add_default_value' preference. The default values might be explicitly
declared in 'proto2' files, or false for bools, first value for enums,
zero for numeric types.
Default values are generated in epan/protobuf_lang_tree.c during the
nodes of fields are created. The default_value_xxx() methods of field
descriptor are added into epan/protobuf-helper.c/h and
epan/protobuf_lang_tree.c/h files.
close#17000
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
Each peer in a get_peers response has its own entry in the list, unlike
the way nodes are represented, so if we see a string_len we don't
recognize (like 18 for IPv6 peers) treating it as several IPv4 peers
doesn't make sense.
When due to limited capture length the tailing part of the SRTCP packet
is missing it might be impossible to know the encryption status of this
packet. Before retrieving that information make sure that's even possible,
otherwise continue as if not encrypted.
This is roughly 10% of tshark startup time.
- Enterprise string does not need to be trimmed at the beginning
- No need to call g_hash_table_replace() as keys are just guint32
Many of the Kafka dissector's type dissection routines either returned
an offset or -1 in the event of an error. We don't appear to check for
errors anywhere, so ensure that those routines always return a valid
offset.
Make those routines always initialize their type offset and length
variables. Fixes#16985.
It's easy to create systemd blocks with a missing or invalid
__REALTIME_TIMESTAMP= field when fuzz testing. If that's the case, leave
WTAP_HAS_TS unset instead of returning an error. Fixes#16965.
Without a default swich case Coverity flags a possible
divide by zero error.
While at it remove unneeded initializers because it is a symptom
of the same issue.
Added dissection for Dynamic Access Control (DAC) specific ACEs.
These are Conditional ACEs, System Resource Attribute ACEs and System
Scoped Policy ID ACEs.
A Condition ACE must be one of the following types:
ACE_TYPE_ACCESS_ALLOWED_CALLBACK
ACE_TYPE_ACCESS_DENIED_CALLBACK
ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT
ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT
ACE_TYPE_SYSTEM_AUDIT_CALLBACK
ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT
Such an ACE may include a conditional expression (that will, if
present, be evaluated to determine whether or not the ACE allows or
denies access). If a conditional expression is present the ACE data
will start with the string "artx". The remainder of the ACE data will
be the conditional expression which is simply a list of tokens
(see MS-DTYP for details of each token type). With this change,
filter "nt.ace.cond" can be used to find packets containing one or
more Conditional ACEs and their details are dissected.
A System Resource Attribute ACE has a name, value type and a list of
values. The value types are: INT64, UINT64, STRING, SID, BOOLEAN and
OCTET_STRING (i.e. binary data). With this change, filter "nt.ace.sra"
can be used to find packets containing one or more System Resource
Attribute ACEs and their details are dissected.
System Scoped Policy ID is simply a new ACE type and it does not
require any new dissection. The SID associated with a System Scoped
Policy ID ACE will start with S-1-17 and identifies the "Central
Access Policy" that should be used.
Re-enable Fedora build and add CentOS 8 and OpenSUSE 15.2 builds.
Fedora 33 does out of build tree cmake builds and needs spec file changes.
CentOS 8 has some changes with cmake and other packages that are similar to
older Fedora, and needs extra repositories enabled to get -devel packages
(still missing -devel for some optional libraries). OpenSUSE Leap 15.2 also
has some changes needed to build. Note that OpenSUSE Leap 15.1 is EOL
at the end of November 2020. Fixes#16971
Declare padding_item outside the while loop and initialize it, as we
want the value from the previous loop iteration when using it for
expert_info. Fixes clang build warnings.
Change PT_DECIMALLIT, PT_OCTALLIT and PT_HEXLIT tokens to uint64
type, and make PT_IDENT excluding '-' numbers which will be parsed
in protobuf_lang.y. That negative enum number and number type of
constant can be correctly parsed.
Note, intLit is uint32 for parsing fieldNumber and enumNumber,
but might be uint64 as constant.
close#16988
PEP 394[1] says,
"In cases where the script is expected to be executed outside virtual
environments, developers will need to be aware of the following
discrepancies across platforms and installation methods:
* Older Linux distributions will provide a python command that refers
to Python 2, and will likely not provide a python2 command.
* Some newer Linux distributions will provide a python command that
refers to Python 3.
* Some Linux distributions will not provide a python command at all by
default, but will provide a python3 command by default."
Debian has forced the issue by choosing the third option[2]:
"NOTE: Debian testing (bullseye) has removed the "python" package and
the '/usr/bin/python' symlink due to the deprecation of Python 2."
Switch our shebang from "#!/usr/bin/env python" to "#!/usr/bin/env
python3" in some places. Remove some 2/3 version checks if we know we're
running under Python 3. Remove the "coding: utf-8" in a bunch of places
since that's the default in Python 3.
[1]https://www.python.org/dev/peps/pep-0394/#for-python-script-publishers
[2]https://wiki.debian.org/Python
Return nil from Dissector.get() and DissectorTable.get() when the
reference is not found. This can be used to check for existence of
a dissector or dissector table before use.
We already do this for DissectorTable.get_dissector().
RFC 3550, Section 6.4.1 describes that the padding flag may only be set
on the last packet in a compound RTCP packet. Add an expert item if that
is not the case.
You can't use packet scope if you're not dissecting a packet;
read_IOR_strings_from_file() is called from giop_init(), which is called
when a file is opened, not when dissecting a packet.
Use NULL as the scope, which just does a regular allocation, and free
the buffer when we're done.
Expand a comment to indicate that using dissection routines is *also* a
bad idea in code that's not used when dissecting packets.
Fixes#16984.
This patch makes the parsing of length fields consistent by moving them
below their parent element and adjusting the length of the parent
element. And it fixes some problems by doing this.
Problems fixed by this:
- Bytes skipped after dynamic length arrays. This resolves#16951
- A byte was ignored before unparsed payload.
- Unions not marking the correct byte range.
- String having the length field twice.
Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
STUN heuristic over TCP (added in 770872790d) doesn't handle multiple
STUN messages in the same TCP payload.
While at it, added a comment (forgotten in 354bbbe7cb) about different
TURN channel support among STUN versions
This saves around 3% time (profiling a small capture file) at startup.
parse_ether_address_fast() was returning FALSE in some cases
where it shouldn't have, i.e.
- the test for the having hex chars incorrectly discarded any case where the
msb of any address octet is set, i.e. any value from 80 to f0.
- it now allows ':' and '-' as a separator (so that many of the wka entries
also match).
A nettrace 3gpp capture contains the 'beginTime' in ISO 8601 format.
This patch corrects the conversion for the following steps:
- the UTC offset must be subtracted from the given time,
- given time must be converted to UTC time when an offset is provided (localtime otherwise)
- sub-seconds conversion fixed (i.e. .0012 was converted to .12).
Closes#16888