We have to use dedicated runners for Windows builds, so create a
separate "if-merged" rule for them which includes only the
wireshark/wireshark repository.
Functions clock_gettime() and timespec_get() cover all the platforms
we support with sub-second resolution in a a portable manner. Fallback
to using time().
Pass a struct timespec to the log writer callback for maximum
flexibility.
Consistently use pcapng_compute_XXX_option_size() for routines to
compute the size of an option of type XXX and pcapng_write_XXX_option()
for routins to write out an option of type XXX.
Sort the routines by the order in which their option type values are
defined.
Have common routines that iterate over all the options, processing
comment and custom options in common code (as they're defined
independently of particular block types), with callbacks to handle the
options for particular block types.
Replace all instances of "Nordic BLE Sniffer" with
"nRF Sniffer for Bluetooth LE" which is the name used by
nordic semiconductor for the development tool on the homepage.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that the packet has an S101 header, before setting the protocol name
with col_set_str(). Otherwise, all TCP packets on port 9000 may be
misidentified as S101 packets.
At least on my Mac, if I start up Wireshark, start a capture
(non-monitor-mode) on the Wi-Fi adapter, add a comment to the SHB and
the first packet while it's capturing, stop the capture, and try to save
it, it warns that the wireless timeline hash table pointer is null.
Allocate it in the constructor.
At least according to the Single UNIX Standard, it merely has to be big
enough to hold a value in the range [-1, 1000000], and there must be
*an* environment in which it's no *larger* than a long.
Just cast it to long, and continue to print the result of dividing it by
1000 with %03ld.
AEAD ciphers should behave in the same way as the classical
cipher+hmac methods: the ICV should be calculated and verified
if the user has enabled the authentication check in the ESP
protocol options.
This commit fixes the alignment check for the encrypted payload data
which prevented the decryption of ESP packets for 'stream ciphers'
like AES-GCM and AES-CTR, and adds an error indicator to the dissection
tree in case the check fails. The encrypted payload data needs to satisfy
the following two conditions:
- The ciphertext length needs to be a multiple of the cipher block size.
- the ciphertext needs to terminate on a 4-byte boundary.
(RFC 2406, section 2.4)
Calling GLib functions inside the log writer is not safe,
it might infinitely recurse or abort if g_date_time_* logs
warnings because we registered our log handler for GLib itself.
Have the routine it calls return a Boolean value, with "true" meaning
"keep going" and "false" meaning "stop iterating and return a failure
indication". If the callback routine never returns "false", the routine
returns "true" as a success indication.
g618661b22e introduced a free for a so called memory leak (which wasn't
a real leak due to the pinfo->pool garbage collector) but used the wrong
free function. Let's keep the explicit free but use the right function.
Closes#17462
This includes as little as possible in the assertion header, so
that it can be included globally in every file without pulling
any unwanted definitions. In particular pulling stdlib.h is
avoided because that can have side effects if it wants to
include non-portable extensions.
It is possible to have side-effects from include glib.h too, for
example because of G_LOG_DOMAIN.
These side-effects are usually avoidable with careful ordering
of pre-processor directives but with multiple levels of indirections
it can be hard to track. Better to make it robust to these kinds
of failures in the first place.
Also integrate with our logger for a cohesive experience (but
keep it a private dependency).
Minimizing the dependencies on other wsutil and GLib functions
reduces the chance that we will have a weird recursion pattern
in wslog and makes the code easier to analyze.
I'm not sure in what OSes we'd get the really old name for strchr(),
index(), defined, causing compiler whining about a local variable
shadowing a function declaration, but the source checking script
complains about it, so use the name offset instead (that's the name
typically used for offsets into a tvbuff).
Fix parsing of extended advertising when the extended advertising header
is empty. The flag field is excluded when none of the fields are present
and the extended header length field is 0.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing of the CTE Info field in the extended advertising header.
The bit-mask of the different fields was wrongly placed.
The text of the different fields all said "CTE Info".
The CTE Time field was added twice.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
On macOS with Homebrew, the version is included with the library path.
On updates, the old MAXMINDDB_LIBRARY is invalidated. However
ws_find_package only checks MaxMindDB_LIBRARY. Windows has a similar
problem. Make sure to clear the stale value such that newer versions can
be found, fixing the build.
Fixes#17069
In the fairly rare case where we have multiple MP2T streams in
opposite directions on the same UDP (or other) conversation, keep
their analysis stats and assigned fragment IDs separate. Otherwise
the fragment IDs will be incremented at the wrong time and reassembly
will fail in edge cases.