Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reduce the minimum systemd journal block size from 212 to 35. The larger
minimum was based on the Journal Export Format file reader, but we don't
need to be as strict here.
Update some comments.
Bug: 16734
Change-Id: Iad7227f29ff22f908e2fd49be0f11c9ad03fa7b9
Reviewed-on: https://code.wireshark.org/review/38035
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 44.014, section 8.1, type of the TCH loop is
edcoded in bits 2..6, so we should exclude bits 1, 7, and 8.
Before the patch:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 0100 = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
after:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 010. = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
Change-Id: Ie8ee23c6ce0a487d6a96b27324537372449946cb
Reviewed-on: https://code.wireshark.org/review/37981
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We have two places where we want to dissect some fields as being in the
opposite byte ordere from the host on which we're running; move the
definition of ENC_ANTI_HOST_ENDIAN from packet-socketcan.c to proto.h,
and use it in packet-enc.c.
Change-Id: I1d0f9b037fe3b8ca6ed774a11063ba518a3922bf
Reviewed-on: https://code.wireshark.org/review/38023
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Change-Id: Id2b1cbc9e5416c24556c1c2f42d68e4012e29e24
Reviewed-on: https://code.wireshark.org/review/38017
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ifad2e02ef6e710c67801ea8479495736bf310d29
Reviewed-on: https://code.wireshark.org/review/38020
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the fiels that are claimed to be in "host endian byte order" are
also used for the Linux USB/IP protocol, where they're big-endian.
Change-Id: I8e17d6d6e848ba9cd3465bb3b1debe385c522392
Reviewed-on: https://code.wireshark.org/review/38022
Reviewed-by: Guy Harris <gharris@sonic.net>
We now have ENC_HOST_ENDIAN, so we can use it to add host-endian fields
with proto_tree_add_item().
Instead of fetching field values directly, use
proto_tree_add_item_ret_{}int() to get the value.
Change-Id: I96b9a55174594bf04f805af559c2521cd813e8f3
Reviewed-on: https://code.wireshark.org/review/38021
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The type for this field really can be -ve - it corresponds to errno.
Change-Id: I842664b692ffd944a0c02ad5de750b321b247dbf
Reviewed-on: https://code.wireshark.org/review/38019
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
_ret_uint() doesn't work for UNIT_BYTES and UINT_STRING. In these cases,
what was wanted was the total length in order to increment the offset.
(Note _ret_length() includes the fixed width length field; these were
written wanting only the value in the length field, not the total length.)
Change-Id: I9c7c2bc644c414d02eec3fff481e8863778f51fa
Reviewed-on: https://code.wireshark.org/review/38006
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The field does seem to be an int (kernel/srouce/drivers/usb/mon/mon_bin.c),
so item type (FT_INT32) is correct, but was using uint API.
Change-Id: I3c45785d18f890c362c96deb06120904ffea2081
Reviewed-on: https://code.wireshark.org/review/38014
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
packet-usb-audio.c:790:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:791:82: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:795:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:796:97: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
Change-Id: I1024612833ee25a10f49dbda90e9cbd6a14e055d
Reviewed-on: https://code.wireshark.org/review/38012
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(d)tls.quic.parameter.length' exists multiple times with incompatible types: FT_UINT16 and FT_UINT64
Change-Id: Id229843d1372afa371998f97c0b803b4775ad930
Reviewed-on: https://code.wireshark.org/review/38009
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
actually get info for Pegasus and Ursa, need to found for other model...
Change-Id: Icd8a89414ab7e077fa98813134ca3e9124ec5e2b
Reviewed-on: https://code.wireshark.org/review/37518
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently, if the sequence of HashedId3 is 111111222222333333, wireshark
will display the following 3 elements:
* 111111222222333333
* 222222333333
* 333333
This is wrong, as a HashedId3 is defined as a 3 byte ID.
This patch makes sure we only output 3 bytes at a time, so the output
will look like the following:
* 111111
* 222222
* 333333
Change-Id: I331ef473a452c3574bfca90fe2180ae27f93a480
Reviewed-on: https://code.wireshark.org/review/37996
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When decoding a publickey of type ecies_nistp256, increment the offset
after decoding the SymAlgo. Otherwise, the value is parsed again as part
of the EccPoint.
Change-Id: Ic93ceda7f9e8e2a1ce0bc64332c5f9cfa46634d8
Reviewed-on: https://code.wireshark.org/review/37995
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Detected by Martin Mathieson, some calls to proto_tree_.._ret_[value_type]()
were made with incorrect field types. This change fixes a few.
Change-Id: I4fb4877ad12a3bcc68ea173b806d908090921df5
Reviewed-on: https://code.wireshark.org/review/38004
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The ByteViewText widget has been refactored a few times. At one point it
was based on QHexView by Evan Teran, and had a comment saying so. A
later refactor removed the comment but didn't completely rewrite all of
the code. Put the comment back (and spell Evan's name correctly this
time around).
Change-Id: I2fe7779e1b6773a5e8b38d317ebfd26b07900272
Reviewed-on: https://code.wireshark.org/review/37989
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The heuristic used for dissection of the port ID TLV breaks in the face
of subsequent TLVs with tags starting with 0x10xx. This change fixes the
heuristic to allow these new TLVs to follow the port ID TLV without
triggering the workaround for buggy CDP senders.
Bug: 16742
Change-Id: I40c7ce790263c6de9b59ce543485cf3827f77fe7
Reviewed-on: https://code.wireshark.org/review/37985
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add a tsprec value to the wtap_dump_params structure, giving the
per-file time stamp precision.
In wtap_dump_init_dumper(), when constructing a dummy IDB for files that
don't have one, fill in the tsprecision and time_units_per_second values
based on the tsprec value in the wtap_dump_params structure.
Change-Id: I3708b144d4d0ac0dfbe32bd1c16768a75c942141
Reviewed-on: https://code.wireshark.org/review/37979
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes them work as input to a mergecap that writes pcapng files.
File types that don't have a single per-file encapsulation type need
more work, with multiple fake IDBs, one for each packet encapsulation
type seen in the file, unless we can generate real IDBs.
Change-Id: I2859e4f7fb15ec0c0f31a4044dc15638e5db7826
Reviewed-on: https://code.wireshark.org/review/37983
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
It generates a fake IDB for files that don't have interface information
and that have a per-file encapsulation type, snapshot length, and time
stamp precision, and adds it to the file's list of IDBs.
Use it for libpcap.
We will use it later for other file formats, so that code such as the
mergecap code to merge into a pcapng file can handle input files that
don't have interface information.
(We should have a way to indicate whether the IDBs are real or fake, so
that capinfos and Statistics > Capture File Properties don't report
meaningless IDB information and make it look as if it's known that the
capture was done on one interface with the properties in question.)
Change-Id: Iec124bf3c7cbd4c69ec2ac7d0dd776e5287f8576
Reviewed-on: https://code.wireshark.org/review/37982
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Link Status, Link Quality, and Linkup Time all use the same byte
due to a wrong offset. This patch is a fix for this bug.
Bug: 16738
Change-Id: I7e6eec5665e7df46446e0a729954bc531d28c42d
Reviewed-on: https://code.wireshark.org/review/37977
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
I disturbed some functionality, like highlighting TLVs etc.
Change-Id: I42e7fa560477070fe3accd35d15317d2e0d59d10
Reviewed-on: https://code.wireshark.org/review/37978
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dissect_usb_endpoint_descriptor() silently assumed that Audio Endpoint
Descriptor size is 9B. In v2.0, the last two fields are absent.
Change-Id: I5758857fd2b26e2b3430874c313769862a2a87de
Reviewed-on: https://code.wireshark.org/review/37973
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The packet information for a packet includes an interface name prefix
and an interface unit number (e.g., "en0", with a prefix of "en" and a
unit number of 0). Keep a hash table of prefixes, unit numbers, and
link-layer header types (as an interface must have only one link-layer
header type), and, for each packet, look up that information from the
packet information to get the interface ID; if that fails, construct a
new entry, with a new interface ID, and an IDB for the interface.
Change-Id: I3f2dafcc8926fe96fe4ffd6875f583397b1582b6
Reviewed-on: https://code.wireshark.org/review/37975
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Call the "iptrace X.Y" string we read in the version string, rather than
the name.
Get rid of the structures defining various parts of the file format.
Instead, have #defines for offsets.
Read the record header - the first 8 octets - first. Check the record
length, to make sure it's large enough to include the packet information
structure, before we try to read that structure.
Note that one octet in the packet information structure is the unit
number for the interface on which the packet arrived, the field that was
called the name is the prefix of the name (in the sense that, for
example, in "en0", "en" is the prefix and "0" is the unit number), and
that what was called the "description" isn't as simple as a description
of the interface on which the packet arrived.
Pass the field that was called the "description" to
fill_in_pseudo_header(), as, for ATM PDUs, it contains, among other
things, an indication of the VPI and VCI for the PDU, as well as a
direction indication.
Change-Id: I8703b046142dd41ca96bda00c2fa3d2edb66b837
Reviewed-on: https://code.wireshark.org/review/37974
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
When response without command appears, a NULL pointer is inserted into
RX command info tree. This essentially led to all further response data,
even with matching command being marked as response without command.
Solve the issue by starting a new list if all commands in the current
list have been matched with response data.
Ping-Bug: 11743
Change-Id: Ibe1d3780f81d7bfe4542119a01fbfad254b3afae
Reviewed-on: https://code.wireshark.org/review/37971
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently we have two FTDI protocols: ftdi-ft and ftdi-mpsse. In the
future we can have more. The dash in "ftdi-" makes the name easier
to read.
Ping-Bug: 11743
Change-Id: Ia8861b8c72c0ec82faa194f25e68beaf3c5033c4
Reviewed-on: https://code.wireshark.org/review/37965
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Show the Bad Command code and from which packet it originates from when
skipping data while searching for Bad Command response.
Ping-Bug: 11743
Change-Id: I3b500a5e9f780775dfad9ce03cff911a6c1e2c41
Reviewed-on: https://code.wireshark.org/review/37954
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When bidirectional (both read and write) data shifting command is
executing, the host can start reading data even before it finishes
writing the data to be sent. Record preliminary command data structure
so the response data that starts before the packet in which the command
is reassembled can be matched with the command.
Ping-Bug: 11743
Change-Id: Id93924b25e37b0e3829efdb44cbe1db7139aa310
Reviewed-on: https://code.wireshark.org/review/37952
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the ISDN dissector take the ISDN pseudo-header through its data
argument, rather than assuming it's in pinfo->pseudo_header, so it can
be used if the link-layer type of the capture isn't ISDN.
Have it add the direction to its protocol tree, so it's there for all
ISDN packets.
Have more versions of the LAPD dissector:
one where the ISDN direction information is available through
an ISDN pseudo-header passed as its data argument;
one for use when the link-layer type *is* LAPD, where the ISDN
direction information may be available through the direction
part of the packet flags.
Pass more flags to the routine that does LAPD dissection to indicate the
direction (user->network or network->user) and whether the user or
network side is on another machine; set those appropriately in the
dissector routines that call it. To set those flags:
in the routine that handles WTAP_ENCAP_LAPD, check the direction
flags in pinfo->rec->rec_header.packet_header.pack_flags;
in the routine that handles WTAP_ENCAP_LINUX_LAPD, check the SLL
header;
in the routine that's called from the ISDN dissector and other
dissectors that can supply an ISDN pseudo-header, check the
struct isdn_phdr passed to it via the data argument;
for the routine that's to be called from L2TP pseudowire type
and SCTP dissector tables, pass nothing, as there's currently
no direction indication supplied - if that information is
available from the encapsulating protocol in some fashion, we
should make changes to supply that information.
Have the AudioCodes Trunk trace protocol dissector call the
LAPD-with-pseudoheader dissector, handing it an ISDN pseudo-header with
a direction indication from the direction field (and a channel of 0 to
indicate the D channel).
Have the Ascend text dump reader in libwiretap use WTAP_ENCAP_ASCEND for
all packets, even Ethernet and ISDN packets, and have the Ascend text
dump dissector handle that, calling the "no FCS" version of the Ethernet
dissector and calling the LAPD-with-pseudoheader dissector with a
pseudo-header filled in with the direction (and a channel of 0).
Have the Catapult DCT 2000 text dump dissector call the
LAPD-with-pseudoheader dissector with the pseudo-header supplied by
libwireshark.
Have the V5 envelope function frame get its ISDN pseudo-header from its
data argument, and call the LAPD-with-pseudoheader dissector with that
pseudo-header.
Have the ISDN dissector treat its data argument as pointing to the ISDN
pseudo-header, rather than assuming it's the one in
pinfo->pseudo_header->isdn - the latter is the one supplied by
libwiretap, but there's no guarantee that an ISDN pseudo-header was
supplied by libwiretap, as the lowest-level protocol layer might not
have been ISDN.
Change-Id: I9f702b879bbc3fb42bcb43c28f797bfc327562c6
Reviewed-on: https://code.wireshark.org/review/37953
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The uninstaller should run with elevated privileges to allow deletion
of files from protected directories.
Modifying the uninstall script to require elevation then causes the
uninstaller_installer that creates the uninstaller to also require
elevation which happens at build time so defeat that
by setting the env var __COMPAT_LAYER to "RunAsInvoker" before calling
the uninstaller_installer.
Achieving this from CMake requires a script to call to set the env var
and then calling the executable.
Change-Id: I056931bc4f9b41877b8f31d765d49fee11b54e39
Reviewed-on: https://code.wireshark.org/review/37955
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Piotr Winiarczyk
Vadim Yanitskiy