This should fix crashes on Windows, _strdup should not be mixed with
g_free. This was only uncovered in v2.3.0rc0-474-ga04b6fc, before that
ddict_free was never called.
Change-Id: I34111385c82715de70fb42fe44b99b89e132a374
Reviewed-on: https://code.wireshark.org/review/17423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The RFtap protocol is a simple metadata header designed to provide
Radio Frequency (RF) metadata about frames.
For official specifications see: https://rftap.github.io/
Signed-off-by: Jonathan Brucker <jonathan.brucke@gmail.com>
Change-Id: I0d008b2baadcc5cc9577113e9795eef2691b961a
Reviewed-on: https://code.wireshark.org/review/17355
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 5fea2b5f41.
I.e., it puts back the change; the reverted version passed the tests on which the versions with this change crashed.
Change-Id: Idcc0eb11588cf14e2fe666de1905ee63917b0fcf
Reviewed-on: https://code.wireshark.org/review/17413
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit a04b6fcb3d.
Temporary revert to see if this prevents the "tshark -G" crashes being seen on the 64-bit Windows buildbot.
Change-Id: I561439039ca2667b72d7e2319a6f3f5f97e18d15
Reviewed-on: https://code.wireshark.org/review/17412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the debugging printouts.
The changes that were committed between the last build that didn't crash
and the first build that did were:
commit 961f743d69
Author: Peter Wu <peter@lekensteyn.nl>
Date: Mon Aug 29 01:34:22 2016 +0200
xml: fix some memleaks
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit a04b6fcb3d
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 22:19:29 2016 +0200
diameter: fix 400kb leaked memory on exit
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit 14312835c6
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 19:20:59 2016 +0200
pcapng: do not leak blocks
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
*If* one of those is the cause, my guess is that it's the Diameter one,
as the crash happens before any file is read (so it's probably not the
pcapng one) and thus before any dissection is done (so it's probably not
the XML dissector one).
Change-Id: I816c1bbd6078eab251efd02ebb7c3195f6dd1483
Reviewed-on: https://code.wireshark.org/review/17411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ifb68af443c6f13dfab99e32488d86c148621a316
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17399
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I72812fa0650da0cde37ea6cbef81a3c7a9ba333d
Reviewed-on: https://code.wireshark.org/review/17373
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The OMG standard has changed in this new version. I have fixed
the implementation.
Change-Id: Ie9054ed52c66580c76096af86e0fb8e34a44e9d1
Reviewed-on: https://code.wireshark.org/review/17348
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ica9fc960946542badb64af12769e7dfa3793db82
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17397
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We register dissectors for "Decode As" for {SSL,TLS}-over-TCP, so we
should actually set up the "Decode As" stuff for it.
Change-Id: I2a738667efdec1007069df74885a4fe8fc3fcbab
Reviewed-on: https://code.wireshark.org/review/17400
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dissection and display the problem more prominetly.
Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the heuristics fail to detect a resumed session, then it must mark
the session as a normal session. This will also prevent from
applying secrets that do not apply to this renegotiated session.
Bug: 12793
Change-Id: I90f794a7bbaf7f1839e39656ac318183ecf48887
Reviewed-on: https://code.wireshark.org/review/17376
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
strdup and strcmp is a recipe for leaking.
Change-Id: I522c71964e39f671a4101df9b2b432433fc1c12e
Reviewed-on: https://code.wireshark.org/review/17363
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use same wmem_epan_scope() as "w" (tvbparse_wanted_t).
Change-Id: I73fdb1fb3b55a91b7bb0fc36e435024c6f0b3d73
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17361
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix the "Number of SPIs" field name in the Delete payload.
References: RFC 2408, RFC 7296
Change-Id: I205fb830275fc011e6605fdae53c6b9141e1628b
Reviewed-on: https://code.wireshark.org/review/17353
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A XMPP stanza may be fragmented inside a conversation, so don't
check for this only when starting a new conversation.
Change-Id: I63b987184f52645e6c72c3c4155b39b7948de828
Reviewed-on: https://code.wireshark.org/review/17344
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Search address type by name iterates over an array, but fails to find its end.
Therefore it may dereference invalid pointers, or NULL.
Add the proper check in the for loop and make sure an end condition is always
there in the array searched.
Change-Id: I60ade9d438dc394340b6483b4fcb23e5ce432000
Reviewed-on: https://code.wireshark.org/review/17337
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some type changes were not carried forwared into the conversation
debugging code. These changes allow compilation again.
Change-Id: I90dde7cc94496828cf8931d74225773c2cea42a1
Reviewed-on: https://code.wireshark.org/review/17336
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added the dissection of three parameters.
Change-Id: I07e7b655ad7fd3462625c2fb565e41593c62f897
Reviewed-on: https://code.wireshark.org/review/17346
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Pardue
Change-Id: Ic3c53fce9751a556c5f1aa30d55687a60c9c6a4d
Reviewed-on: https://code.wireshark.org/review/17345
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I4852f6bad7a4c98b345ff198b33ab560eacb5ed0
Reviewed-on: https://code.wireshark.org/review/17341
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I9c4ede6ba2fb0303aab05f1d59835e5a8b386a3e
Reviewed-on: https://code.wireshark.org/review/17340
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The created XML proto_item can be faked (if not visible and not referenced),
so ensure we store the correct item length to be used in XMPP.
This will avoid an invalid "Malformed Packet" for some XMPP packets.
Change-Id: I79d805b725dbeb93f26a38b72bdcc84187aee16f
Reviewed-on: https://code.wireshark.org/review/17324
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
RFC 6120 section 4.6.1 defines the use of a single whitespace as
"whitespace keepalive", so indicate this in the Info column.
Change-Id: I685431d91be2a37fbd66f8d1cdabe53f33092e93
Reviewed-on: https://code.wireshark.org/review/17323
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
and also use the name of spec for field (Header BLock Fragment
Change-Id: I5a3884186258dac1f243f991a3392c875403eb97
Reviewed-on: https://code.wireshark.org/review/17310
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
show expert infos and return the number of bytes we dissected
Change-Id: Ibb12372e8670380137f4fc3d012d0b0afa4cd638
Reviewed-on: https://code.wireshark.org/review/17313
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use RVALS + BASE_RANGE_STRING for range_strings. This should fix the "-G
values" failure on the Win32 buildbot.
Change-Id: I9a42b66a22b615d3de9c04b485adc7b9aa2cc154
Reviewed-on: https://code.wireshark.org/review/17309
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This can happen for example is the heuristics changed between the Wireshark
version used to export PDUs, and the one used to open the file.
Instead, call data dissector.
Change-Id: I29f7754f883fd710c3557a610583ef988ca13e43
Reviewed-on: https://code.wireshark.org/review/17280
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Sharon Samuel Enoch
Bug:12780
Change-Id: I94ad5355cdfa4d8cd3915c9e261931ff56dc765b
Reviewed-on: https://code.wireshark.org/review/17272
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Read 4 bytes from the packet instead of 1 because that is the
correct size of the DOI field.
Reference: RFC 2408
Change-Id: I5745363811bb46af307a925d688ec36cfb29984b
Reviewed-on: https://code.wireshark.org/review/17271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Problem is that not all fields of UAT are updated on change (only those
defined in UAT definition with ikev2_uat_flds, specifically pointers to
encr_spec and auth_spec in ike2_decr_data_t were set to NULL.
Fixed by re-setting pointers after update table callback was called.
Also fixed memory leaks after UAT modification.
Bug was partially resolved with change
Ibdab979b5959eb561635cbcb446e17138baca87b
https://code.wireshark.org/review/17078
which eliminated crash, but decryption still didn't work after UAT
modification (DISSECTOR BUG was displayed).
Bug: 12748
Change-Id: I8209edd8e214d62e34b641fdd2e046b9ff4c95eb
Reviewed-on: https://code.wireshark.org/review/17249
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They follow the same dissection as normal 'Analog Change Report' Responses (FC0)
Change-Id: I854084f43fd0cc52ba02b6f1e760a63033ab48dd
Reviewed-on: https://code.wireshark.org/review/17270
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
We now check much earlier for an invalid message length; remove the
check done afterwards.
Also, note that dissect_netlink_error() should also check the message
length, to make sure it doesn't run past the end of the message, and
indicate why we are assuming an "integer" is 4 bytes (it's because the
RFC is vague here).
Change-Id: Ie0b5074acc852cdeaa008fee1125130a6c8771a1
Reviewed-on: https://code.wireshark.org/review/17279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
0 would cause an infinite loop. and any value < 16 is clearly wrong, so
if we see such a packet, just show the header's length field and stop
dissecting.
Bug: 12776
Change-Id: Iefc56b26b83ff5424968d065bdb9fa84a7a65481
Reviewed-on: https://code.wireshark.org/review/17277
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Msg3 PUSCH narrowband index parameter depends on the UL bandwidth
Change-Id: Ib57c85ffbd4c108e9c8f3d14fa53a48f0df1b0e6
Reviewed-on: https://code.wireshark.org/review/17274
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch shows the Information Elements (IE) defined by the
IEEE802.15.4. It dissects the information of those IE which are used
by the IETF WG 6tisch and announces the others. Here the list of the
fully dissected ones:
- For the header IEs:
- Time Correction.
- Header Termination 1.
- Header Termination 2.
- For the payload IEs:
- MLME:
- Nested Shorts:
- TSCH Synchronization IE.
- TSCH Timeslot IE.
- TSCH Slotframe and Link IE.
- Nested Longs:
- Channel Hopping IE.
- Payload Termination IE.
For the rest of the IEs defined in the standart, this patch shows them
but does not analyze their inner fields.
References:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal/
IEEE Standard for Low-Rate Wireless Personal Area Networks (WPANs).
Change-Id: I45292315fa532f08be6a218eb5756284a22eeee4
Reviewed-on: https://code.wireshark.org/review/16671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN with WIRESHARK_DEBUG_WMEM_OVERRIDE=simple set.
Manually inspection of all type casts to decrypt_data_t and
ikev2_decrypt_data_t showed no other users that do not check
isakmp_version first.
Change-Id: If889afff85a20e31222d33cbea8db3a91a77f389
Reviewed-on: https://code.wireshark.org/review/17246
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michał Skalski <mskalski13@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Return a value length of 0 if there's no parameter value.
(And don't return anything if the pointers through which we return them
are null.)
If no value is present, return NULL from ws_find_media_type_parameter().
Change-Id: I32b57623d7651bcf065af5b81f2390a600988b21
Reviewed-on: https://code.wireshark.org/review/17255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Backslash, in a quoted-string, escapes quotes (and any other characters,
although the only ones that *need* escaping are a double-quote and a
backslash).
This means that the value of a parameter isn't just the raw characters
from the parameters string; for a quoted string, it needs to be
un-escaped, and for a *non*-quoted string, it has to stop at the first
non-token character (you can put comments in). So
ws_find_media_type_parameter() must return an allocated string with the
actual value.
Get rid of index_of_char(); it doesn't do anything that strchr() does.
Change-Id: I36328ea71c28fe6ac4918a8e73c281a25f6be844
Reviewed-on: https://code.wireshark.org/review/17251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The symbols exported from libs should use less generic. preferably
prefixed names to avoid name collisions with other shared library
symbols.
Change-Id: I8323b3e194a7ee4d61baec0c007342fab6cbde84
Reviewed-on: https://code.wireshark.org/review/17229
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variable "channels_per_frame" could have caused a division by 0.
This is now changed, by stopping dissection in this case. A warning is
shown for this case.
Change-Id: I6d4dcb91b833a7d7f0759e28f56950b94ab1ed7e
Reviewed-on: https://code.wireshark.org/review/17228
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iea7c8d24f52cf8bd11e13a53853e11ec1ecdcd36
Reviewed-on: https://code.wireshark.org/review/17058
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The array is an array of guint8 *'s that point to strings;
wmem_array_index() doesn't return a pointer to the string, it returns a
pointer to a pointer to the string, and you have to dereference the
result of the wmem_array_index() call to get a pointer to the string.
Change-Id: I8c7b3320f0979b01383ad255419c21cdeb7df4c7
Reviewed-on: https://code.wireshark.org/review/17221
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Looking up "text/xml" in the "media_type" dissector is somewhat of a
long-way-around way of finding the XML dissector; just look for it by
name.
Change-Id: Ifafeabc563bf7bfa529bc44ba31bf6ae376a09c8
Reviewed-on: https://code.wireshark.org/review/17219
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This gets complicated, because those subdissectors might be called by
other dissectors as well. We need a better way of passing that sort of
out-of-bound information.
Pull some routines used for processing Content-Type parameters into
common code; we can't guarantee that the media parameters passed in
would be writable (passing it as *the* data hid that; passing a
structure with that *and* the HTTP message type revealed it), so don't
convert it to lower-case in place.
Use that information, if available, to determine whether an IPP message
is a requet or a response.
Change-Id: I4bccc9f05cd0b14ad445be7ab37b3d884d841325
Reviewed-on: https://code.wireshark.org/review/17216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ping-Bug:12674
Change-Id: If67920246a9122dc693a71a4afcea212fb7f84ab
Reviewed-on: https://code.wireshark.org/review/17108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There already is "ModbusRTU over UDP", this is the Modbus/TCP format over UDP.
Bug: 12768
Change-Id: I883aa8e88f8a1640459115434be84354e22bb361
Reviewed-on: https://code.wireshark.org/review/17215
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 12770
Change-Id: I5f71072231a752ce6cdedf6f22ce8931a61c39c7
Reviewed-on: https://code.wireshark.org/review/17214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allows me to see the interface indices in a column.
Change-Id: I0dd31d7ec06eb860e7c80a4273779ec9034ee42d
Reviewed-on: https://code.wireshark.org/review/17193
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I84e3157a9303572dcd3d9ff5df6802c42553e62f
Reviewed-on: https://code.wireshark.org/review/17197
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add OP_COMMAND (2010) and OP_COMMANDREPLY (2011)
Bug:12723
Change-Id: Ib66e7136c7a6589286bbea11db2cff76d689db35
Reviewed-on: https://code.wireshark.org/review/17166
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
See net/netfilter/nfnetlink_log.c, that is the only place that sets
NFULA_PACKET_HDR to struct nfulnl_msg_packet_hdr.
Tested with nflog-ebtables.pcapng from SampleCaptures wiki.
Change-Id: I7e21f8f584f3911b3aa7d0d027ff9624886bef73
Reviewed-on: https://code.wireshark.org/review/17191
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Check if tvb remaining length is greater than expected length.
Bug: 12767
Change-Id: Ia04b559432af417db519cfcfbec06e6010b496bf
Reviewed-on: https://code.wireshark.org/review/17208
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Iac0ef122062f8dc3160e112d76c35a256f8d8c2a
Reviewed-on: https://code.wireshark.org/review/17201
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These constants are mostly overlapping, except for NFPROTO_ARP. A manual
study of the Linux v4.7 code shows which fields to use and also reveal
that nflog.family can never be NFPROTO_ARP because (1) bridge traffic
use NFPROTO_BRIDGE and (2) arptables has no ULOG/NFLOG target.
This patch affects how some family fields are displayed but do not
affect subdissector calls.
Change-Id: I7cc73a8dcf73fe68c7ccaaa0f3b329fe484c8bfe
Reviewed-on: https://code.wireshark.org/review/17190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Added specific dissector for ROS Clock messages
- Added dissector heuristics
- Improve ROS traffic detection
Problems to resolve:
- Some topics are mistaken for Clock messages. These includes the wheel encoder topic.
- ROS Services are not detected.
- Ideally, the TF topic should be dissected as it is a very common topic
Bug: 12749
Change-Id: I14255cbb42ae36b7e39f64dc1a5c6efffe19c8b1
Reviewed-on: https://code.wireshark.org/review/17086/
Reviewed-on: https://code.wireshark.org/review/17086
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Even when the token length is 0.
Bug: 12771
Change-Id: I0d77f0411fe90a6702d1f23ba9cd4b61433a5995
Reviewed-on: https://code.wireshark.org/review/17194
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
[1] stats "A hardware type of 0 (zero) should be used when the value field
contains an identifier other than a hardware address (e.g. a fully
qualified domain name)."
This commit displays these other identifier.
[1] https://tools.ietf.org/html/rfc2132#section-9.14
Bug: 12766
Change-Id: I3d991164641b41fb95891b2f78411d2e98a22e0d
Reviewed-on: https://code.wireshark.org/review/17180
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
stream_id = 1 is reserved for QUIC handshake/crypto...
stream_id = 3 is reserved for H2 HEADERS (PUSH_PROMISE..) (and call H2 dissector for dissection)
Thanks for Lucas for pcap
Change-Id: I563c44af88c3e72476f8637d8b7c5ba4d8a4a995
Reviewed-on: https://code.wireshark.org/review/17134
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can be useful when dealing with 1) captures from versions of
libpcap without the bug fix to use DLT_CAN_SOCKETCAN_HOSTENDIAN when
appropriate and 2) DLT_CAN_SOCKETCAN_HOSTENDIAN captures if processed by
a machine with a different byte order from the capturing machine with
software that doesn't properly put the field into host byte order when
reading and writing.
Change-Id: Ia206e5c51aecccf2508cca01cff65a4feb379ac8
Reviewed-on: https://code.wireshark.org/review/17187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The second parameter is the state, not the status as seen in C702 doc, page 159
Bug: 12764
Change-Id: I0a91a0e586c7663ace7c4c6b1044cafc1c0975ac
Reviewed-on: https://code.wireshark.org/review/17178
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Flags are not in network byte order, use given encoding instead.
Show both flags fields for GET and NEW requests since the netlink
dissector cannot yet determine whether a request is for GET, NEW or
something else. This has no effect for the sockdiag dissector but it
will influence the route and netfilter netlink subdissectors.
Change-Id: I472ff9e0498debbbceef657a14408c4e6a9df75b
Reviewed-on: https://code.wireshark.org/review/17118
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for decryption of IKEv2 packets encrypted with PAED or CTR
cipher mode.
Verification of integrity requires libgcrypt 1.6.0 or later. If it is
not the case, only decryption is performed
Can easily be extended to other ciphers supported by libgcrypt.
NOTE: There is long-term bug in handling UAT for IKEv2 - any change
resulting in change count of IKEv2 UAT entries causes crash when
matching key from UAT is found.
Crash does not occur when UAT is read from user prefs file.
I observed this bug also on stock 1.10.6 version from Ubuntu 14.04 LTS
I have no knowledge, how to fix it.
Change-Id: Ibdab979b5959eb561635cbcb446e17138baca87b
Reviewed-on: https://code.wireshark.org/review/17078
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This makes the user avoid to click twice in order to see the info.
Change-Id: Ib983c78634b1309f12ab29d673abc1195088f55c
Reviewed-on: https://code.wireshark.org/review/17146
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Unfortunately, only one libpcap code path puts the CAN ID in the
SocketCAN header in network byte order; the others leave it in host byte
order. Therefore, a new LINKTYPE_/DLT_ value was introduced, and
libpcap was changed to use that for the cases where the CAN ID is in
host byte order. Support them both.
This means we need to, when reading pcap and pcapng files, fix up the
CAN ID if the host that wrote the file has a different byte order from
ours (as libpcap also now does). This includes Linux "cooked" captures,
which can include CAN packets.
Change-Id: I75ff2d68d1fbdb42753ce85d18f04166f21736dd
Reviewed-on: https://code.wireshark.org/review/17155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I71e6e2f569524642a24778ceef81c03fdc0f54c5
Reviewed-on: https://code.wireshark.org/review/17149
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The definition was found in the Linux kernel source code.
Change-Id: I41d1435497042bc5905efc7e1af3941b9e8808e2
Ping-Bug: 12759
Reviewed-on: https://code.wireshark.org/review/17148
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- The proto_tree_add_subtree call was previously using the length of the full tvb,
instead of len-2 like all other calls. This typo did not previously cause an issue,
but in newer versions of Wireshark it causes an assert.
- When I created the selfm dissector 4-5 years ago, I used packet-synphasor.c
as a template and there was an 'if (tree)' wrapper around several initial GUI calls
including col_*** info column clear/set functions. It looks like in recent years
this layout has been removed (for example, https://code.wireshark.org/review/#/c/6725/ ).
I'm not sure of the exact reasoning behind this, but in Wireshark 2.x (QT), there are
several conditions where in the SEL protocol dissector the info column will be
cleared and not repopulate - I can only assume because col_clear has been called
with no col_add's. Removal of this 'if' condition does correct the issue with no immediate ill effects..
Change-Id: I4c619cb320cd2152e1d4d1b76c809b1498dfda61
Reviewed-on: https://code.wireshark.org/review/17147
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Some debug tools don't use the standard 443
Change-Id: I5826de69afe343e4c112ecb78ffa1e26bd35b242
Reviewed-on: https://code.wireshark.org/review/17069
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I259f457868f4b8cde7e188d88d3d55f97070ee3b
Reviewed-on: https://code.wireshark.org/review/17145
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
it is only Offset not Offset Length
Issue reported by Lucas
Change-Id: I3129d62a0601b896fd0d44d5ce4d32864afdd96e
Reviewed-on: https://code.wireshark.org/review/17138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
for used on another dissector...
Change-Id: I7c27517ee26ee9f9384e22a83e547550863093d8
Reviewed-on: https://code.wireshark.org/review/17133
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This makes CID 1317251 obsolete.
Change-Id: Id342b996268ac0734a52e93c02ae368960ee2294
Reviewed-on: https://code.wireshark.org/review/17027
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also update link to source code
Change-Id: I9afb72e477d11e3427cb43d574b2949bb8d777f9
Reviewed-on: https://code.wireshark.org/review/17091
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:12601
Change-Id: I555ee8097ea81e1afa8f2f5b2aba8fce60742016
Reviewed-on: https://code.wireshark.org/review/17107
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I53691344f22f7313242f31e0abce9af5a5dbf8be
Reviewed-on: https://code.wireshark.org/review/17117
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Based on Linux 4.7 headers, this decodes many interesting fields like
the setname, IP address and more. Many attributes are not fully
dissected, but at least the attribute names are visible now.
Tested with netlink-ipset.pcap, posted on the SampleCaptures wiki.
Change-Id: Ibd430e9d0f177d5f21753ac1206541b4e50329f2
Reviewed-on: https://code.wireshark.org/review/17031
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do as we do with other Bluetooth fields that, when multiplied by 1.25,
give time amounts in milliseconds.
Change-Id: I89c599e68f91c134b216c495dabdbf77db10def3
Reviewed-on: https://code.wireshark.org/review/17099
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rather han checking everywhere that the RLC and MAC info are present in pinfo,
allocate a temporary structure that will be dropped once packet dissection is
over.
Bug: 12751
Change-Id: I890430dd0c0b56d641777c15eedbf07fef082904
Reviewed-on: https://code.wireshark.org/review/17094
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
It is described in Personal Health Devices Transcoding White Paper v1.6
at Bluetooth.org. It is not detailed implementation, because
white paper is not specification for this, but it is really
"giant leap for mankind".
Change-Id: I476b242a67c7c0b24e450ad347216c708cc12879
Reviewed-on: https://code.wireshark.org/review/17079
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
gcp_analyze_msg() is called with a NULL tvb, remove h248_tvb and use tvb
instead.
Change-Id: I2cb4c3577817bbaa4ec50b2a5ef0ef296059e683
Reviewed-on: https://code.wireshark.org/review/17082
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also update link to source code
Change-Id: I6512920927de76226137eb7451cceceb37230aa5
Reviewed-on: https://code.wireshark.org/review/17070
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Added in support for Analog Group Change & Assignment codes (FC 2 and 35)
- Modified RTU Configuration function code to support multiple chassis responses
Change-Id: I64f14fa3c9b1bdfa3d815eb8756de80fb4c716b4
Reviewed-on: https://code.wireshark.org/review/17076
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way, the payload is displayed even if the sub dissector triggers an exception
Change-Id: Ife062f59035776c4eb9e550eb202a5e40afc4b60
Reviewed-on: https://code.wireshark.org/review/17063
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
While we are at it, let's remove dead code
Change-Id: I3a001f07b9becc885d544551a1fa578642517d08
Reviewed-on: https://code.wireshark.org/review/17061
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This module implements a dissector for the main table in a SCTE-35 message, a
splice_info_section. This payload is carried in a MPEG Section Table with a
table ID of 0xFC. PIDs carrying this sort of table are also noted in the PMT
with a stream type of 0x86, and a registration descriptor with fourcc 'CUEI'.
The various splice command types are implemented in separate modules, and are
linked to this dissector through the field scte35.splice_command_type. Field
names follow the conventions documented in the SCTE35 specification.
This dissector does not support encrypted SCTE35 messages, other than
indication through the scte35.encrypted_packet flag.
The SCTE-35 protocol is described by the Society of Cable Telecommunications
Engineers at <https://www.scte.org/documents/pdf/Standards/Top%20Ten/ANSI_SCTE%2035%202013.pdf>.
Bug: 12521
Change-Id: I3113e6e61a4e7f1a4a932a0128ca2846c7ce6e6f
Reviewed-on: https://code.wireshark.org/review/15562
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I552d8be0fdf3f0949d469e66c27be37ec82c5ccf
Reviewed-on: https://code.wireshark.org/review/16584
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and trcdbg records.
bug: 12685
Change-Id: I5e224c38c52d7b6635fba1334d9e310ce1eaea23
Reviewed-on: https://code.wireshark.org/review/16338
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12720
Change-Id: Ib9c9eb2e60c35b23b4c6b4898b036bcdc442fc84
Reviewed-on: https://code.wireshark.org/review/17041
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That doesn't seem to affect the performance negatively (or
positively...) to any noticeable degree with my simple "run tshark under
the time command with an empty file" tests, and it does appear to reduce
the amount of memory that valgrind thinks is leaked.
All the other maps were already allocated with epan scope, so do that
with these as well.
Change-Id: Ib5ee85c8cf025e53455564a67cd1adbf28b47f78
Ping-Bug: 12656
Reviewed-on: https://code.wireshark.org/review/17040
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check already present in line 1226.
Change-Id: I2b3cd15a1d35b334a690afd3ce1a9b8b1f32e188
Reviewed-on: https://code.wireshark.org/review/17029
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
NLA types consist of a type and two flags, add new fields for this.
Add a new parameter to restrict the data consumed by the
dissect_netlink_attributes function, this is needed when implementing
nested attributes using another call to this function. This also avoids
adding padding to the payload and matches the comment in
include/uapi/linux/netlink.h (Linux 4.7).
Change-Id: I34dbfa466081b6c6c4580941aff568bd120b4210
Reviewed-on: https://code.wireshark.org/review/17030
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The LLDP dissector is using oui_vals to resolve OUIs for hf_org_spc_oui.
Therefore it currently shows "Unknown" for OUI 0x000142.
Change-Id: Ie5f926a183dc42a957fb05c5a38d677a2064ff28
Reviewed-on: https://code.wireshark.org/review/17036
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
afi can take only one of the 2 above values, according to the
check at the beginning of the function.
Change-Id: I6652a5c64b4fbc8d2e907afb3b4f66d187ff9745
Reviewed-on: https://code.wireshark.org/review/17011
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Show elements in correct order.
Show TxAdd and RxAdd values as "Random" or "Public".
Change-Id: Ie75716d05d2aadf3d573a9dc078f32e6f981a691
Reviewed-on: https://code.wireshark.org/review/17012
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't usually use expert info when checksum is correct.
Change-Id: Ifc0e020ea86d69330df8cdb625672fbc9b4269ae
Reviewed-on: https://code.wireshark.org/review/17013
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Generate initialization vectors during Wireshark's first pass,
in order to improve reliability and efficiency. (bug #12699)
Remove a dissection shortcut in first pass to allow early analysis
of the transform payloads, which is needed to find out the crypto
algorithms.
Introduce a hash table to store an IV per message ID. (bug #12610)
Fix handling of the initial phase 1 IV. (bug #12620)
Cache IVs as per-packet data instead of a list.
Use the wmem allocator to avoid memory leaks.
Ensure libgcrypt resource cleanup on error paths.
Rely only on IKE attributes to find the decryption algorithm,
do not consider the length of the user-configured secret at this point.
Split code into small functions.
Ping-Bug: 12610
Ping-Bug: 12620
Ping-Bug: 12699
Change-Id: I7137943da42d54816808312cd1716a7e05478cbb
Reviewed-on: https://code.wireshark.org/review/16846
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The ATSC A/52 specification introduces a new PMT stream type, as
well as a new descriptor if the A/52 stream contains AC-3 audio.
Add dissection for both.
Change-Id: I859c76cc4fc6550c72711f00582e6bfa12607fa2
Reviewed-on: https://code.wireshark.org/review/16679
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See http://uftp-multicast.sourceforge.net/ for the original publication
of these dissectors. Both v3 and v4 protocols are dissected.
Bug: 12718
Change-Id: If691a573b9440c7cbe3b35711231b628cf3c8604
Reviewed-on: https://code.wireshark.org/review/16936
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds parsing to some missing LE commands
Change-Id: Ia22197a7855505e96021536a333b401a45480145
Reviewed-on: https://code.wireshark.org/review/16995
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The MAC address is binary data, do not use tvb_get_string_enc since it
substituted some bytes by a Unicode replacement character. Use FT_ETHER
instead of FT_STRING to fix the display.
Bug: 11850
Change-Id: I3f02cfa13e8fccc18a199e4e293580c183eeddd1
Reviewed-on: https://code.wireshark.org/review/16965
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The ACK Frame is different after Q034
Change-Id: Ib7a14ea20c37743c5af029b2bc38abc2377cc0e7
Ping-Bug:12590
Reviewed-on: https://code.wireshark.org/review/16960
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The already used terminology is L2CAP fragments.
Change-Id: I900f5fed479e53c3a23154caa3b8a569c58dbb20
Reviewed-on: https://code.wireshark.org/review/16984
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The payload in L2CAP is called SDU (Service Data Unit).
Change-Id: Ie18c6ef4a68f44a4099db518c50f6f9774470476
Reviewed-on: https://code.wireshark.org/review/16983
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It allows to have more info on the version used (for ex 5.2.4 instead of 5.2)
Change-Id: I24a5b83f0a7a72fbb131e9ddc3e735ffea689ee6
Reviewed-on: https://code.wireshark.org/review/16977
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Save the RTP payload type and codec and add a dynamic payload. This allows AMR
streams to be correctly analyzed. Together with the AMR codec support you can
listen to the AMR stream as well.
Sponsored-by: On-Waves ehf
Change-Id: If859fd3707b5aa1c9743830f903abe8e1f12ff95
Reviewed-on: https://code.wireshark.org/review/16352
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
We avoid compiling clusapi_PROPERTY_LIST using pidl.
This struct contains inline arrays and is not strictly needed by clusapi
therefor disable it.
Change-Id: I86efa0c725667083cb252e5df3bfc69118df3059
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/16719
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Code was removed in 975b02f879 but is still needed.
This fixes CID 1250810.
Change-Id: Ic0df5043c4486417e93d431898ff1493eb027b1c
Reviewed-on: https://code.wireshark.org/review/16950
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update fields to Linux 4.7, add dissection for most important NFQUEUE
structures and attributes. The shared Netfilter header is also dissected
here (except when the NFLOG subdissector is called). Based on the source
code of Linux and libnl, it seems that most (all?) fields are big
endian.
Tested with netlink.pcap and netlink-nflog.pcap from the SampleCaptures
wiki page.
Change-Id: I93bb8e528fdd2575acdae31a17b9b62aaa90fdbc
Reviewed-on: https://code.wireshark.org/review/16933
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Print "Protocol-specific" instead of "Unknown (0x0016)" for the type
since its interpretation depend on the subprotocol.
Dissect struct nlmsgerr (refactor and reuse the header dissection code).
Dissect Dump interrupted and Dump filtered flags.
Adjust field descriptions and value_string based on the netlink(7)
manual and linux/netlink.h. Display Flags as hex instead of decimal.
Expanded inline tabs, renamed netlink.hdr_flags.match_all to
netlink.hdr_flags.match for consistency.
Change-Id: If2b5c8d2b68fd94e70d1d8b98e63171b42b0d65c
Reviewed-on: https://code.wireshark.org/review/16932
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The gui.column module is somehow special, it has no name since it is
part of the gui module. This causes a crash when trying to invoke
`strcmp(module->name /* NULL */, "mgcp")`.
Always look up prefs inside gui_column_module when the given prefs
module is "column" instead of matching two specific names.
Change-Id: I47e354d11b6fd01818b0627a249b506a8f9510cc
Reviewed-on: https://code.wireshark.org/review/16937
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Based on inspection of the Linux 4.7 source code. Replaced tabs by
spaces in enums and value_strings for consistency.
Change-Id: I78b5de53b53dc3f2a7c807a72d8d94880f6406d5
Reviewed-on: https://code.wireshark.org/review/16931
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Iea69b5ef533b9b524a624b96bf82e178fd428ce9
Reviewed-on: https://code.wireshark.org/review/16934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5626cfa0487cc88eb65cc349c05ae1762bc953f4
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/16720
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I013549978743740b04b89b5592e63edae5ff3fe4
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/16717
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ibc43b1976d5827e8c40252a5200852fbcd00b70c
Reviewed-on: https://code.wireshark.org/review/16763
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: Ie2495b6333b021de53c674ca8bdad0712228a7c1
Reviewed-on: https://code.wireshark.org/review/16820
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "Attribute ID" IE is used by the RBS to indicate which particular
setting has caused it to reject a given request by the BSC.
Change-Id: I05621831f70fb53b5b752afceed9337f6cd0edb7
Reviewed-on: https://code.wireshark.org/review/16819
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I64fc582bb9330402c18aeeadea52c968032ccb2c
Reviewed-on: https://code.wireshark.org/review/16895
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icc9b6c6bcaac1f3056fa83a4ae9ef66e1537b1a5
Reviewed-on: https://code.wireshark.org/review/16492
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
By including ../Makefile.inc (like all other ASN1 based dissectors)
assure the symbols are setup correctly for all make related actions,
including packaging the files for distribution.
Bug: 12703
Change-Id: Ia7279fcc30bb08e749f35b6d893136b053f3544c
Reviewed-on: https://code.wireshark.org/review/16893
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by valgrind.
==23399== 209 (40 direct, 169 indirect) bytes in 1 blocks are definitely lost in loss record 2,431 of 2,696
==23399== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23399== by 0xAAA2780: g_malloc0 (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==23399== by 0xAAB0760: g_regex_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==23399== by 0x6B03162: proto_register_logcat_text (packet-logcat-text.c:373)
==23399== by 0x71BA16D: register_all_protocols (register.c:2881)
==23399== by 0x7296E67: proto_init (proto.c:529)
==23399== by 0x7272A76: epan_init (epan.c:128)
==23399== by 0x1160F2: main (tshark.c:804)
Change-Id: Ia47a4371a62eaadcdc8613d35030792d57e7f9dc
Reviewed-on: https://code.wireshark.org/review/16881
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by valgrind:
==21035== 12 bytes in 1 blocks are definitely lost in loss record 279 of 2,696
==21035== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21035== by 0xAAA2728: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==21035== by 0x72A361F: range_convert_str_work.part.0 (range.c:109)
==21035== by 0x6AACBEC: proto_register_kafka (packet-kafka.c:1459)
==21035== by 0x71BA055: register_all_protocols (register.c:2769)
==21035== by 0x7296E67: proto_init (proto.c:529)
==21035== by 0x7272A76: epan_init (epan.c:128)
==21035== by 0x1160F2: main (tshark.c:804)
==21035==
Change-Id: I3249925acd3ed26d40be992fd228447d1b381b66
Reviewed-on: https://code.wireshark.org/review/16880
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This leads to too many false-negatives in certain traces
Change-Id: Ia081dc802b6f55926beec2383a864173cae6eb51
Reviewed-on: https://code.wireshark.org/review/16883
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Bug: 12657
Change-Id: Ib0d9e18b31c1252f63025b10f7a67de6a5e4462c
Reviewed-on: https://code.wireshark.org/review/16491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This also fixes some cases where we wouldn't report the path in a read
error message, as we'd already freed the path up and set the path string
pointer to null.
Change-Id: Ia0e1ca0bf4880075bfa1957b0778a177de1a824f
Reviewed-on: https://code.wireshark.org/review/16868
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Implementing proper return value check, as done for other gnutls function
calls, catches (unlikely) errors and allows C++ compatible build.
Change-Id: Idf5bd3fe6e68d006a469fe72663dea1c7e2d17f7
Reviewed-on: https://code.wireshark.org/review/16865
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is being done, to prevent false-positives which can
not be filtered out using the heuristics, but have to be
caught using additional check measurements
Change-Id: I2ff2c97decf8a93d43f8f5b54e4d147552970b3f
Reviewed-on: https://code.wireshark.org/review/16843
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
That doesn't work - you could be writing into the string from which
you're reading.
Bug: 12700
Change-Id: I70f3ce6048dea582ec5e08c24c99e9a553b352df
Reviewed-on: https://code.wireshark.org/review/16850
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rather than trying to swap fields to be big-endian, just make everything
little-endian.
Bug: 12697
Change-Id: I07e7fd651c4a32dba764d111b34acdf32958c195
Reviewed-on: https://code.wireshark.org/review/16836
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-Added description to Emergency error code
-Added bitmask dissector to Emergency register
-Added descriptions to object dictionary SDO related index
All these changes were found inside the CiA CANopen norm, and were useful
in my work while debugging CANopen frames
Change-Id: I76bc1eab9f75fc242eaf3200af81593f65570658
Reviewed-on: https://code.wireshark.org/review/16823
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Another legitimate use, so use ws_debug_printf.
Change-Id: I9bebe01e80987caf8e18a59b93a48f9a2d6ee397
Reviewed-on: https://code.wireshark.org/review/16835
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The previous change removed code that did that.
Change-Id: If297018f5902af7a2d9cacb0cc9a5f1ffe1e1d00
Reviewed-on: https://code.wireshark.org/review/16834
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This allows for much easier anonymized captures for protocols running
atop TCP/UDP.
Added support for "TCP dissector data" tag within export PDU (34) so that
the tcpinfo struct that TCP dissector normally passes to its subdissectors
can be saved.
Change-Id: Icd63c049162332e5bcb2720159e5cf8aac893788
Reviewed-on: https://code.wireshark.org/review/16285
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I21a50015dd382c62aa2dc84d90bbb4b86ea8b1dc
Reviewed-on: https://code.wireshark.org/review/16825
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
printf and g_warning are not allowed in epan or its subdirectories
Change-Id: I4c07a7258f4c9566384bef93af35c350b5c88758
Reviewed-on: https://code.wireshark.org/review/16801
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guenther
Change-Id: I457f50dcf86f6e7c74afd9ff773aaf8bfdb52426
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/16722
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7606ee55be4428909e255496c0344fffe5847f02
Reviewed-on: https://code.wireshark.org/review/16804
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adds various clock configuration related tags.
Uses ptp_v2 value strings exported from packet-ptp.
Refactor out common ERF_TYPE_META bitfield code.
Also clean up field registration a bit.
Add flow_hash_mode enum, other minor wording cleanup.
Manually display relative timestamps as nanoseconds for <1ms.
Fix ns_host_* tag subtree summary field name duplication.
Ping-Bug: 12303
Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93
Reviewed-on: https://code.wireshark.org/review/16782
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Motivation was to clean up the use of offsetof() as the structure definitions
aren't necessary for Wireshark.
Change-Id: I6fadce0d4823842270be89bbed6081d37254ff2b
Reviewed-on: https://code.wireshark.org/review/16791
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12693
Change-Id: Ic0b226d2ba9518f9a1efe85527678daa5302cc3f
Reviewed-on: https://code.wireshark.org/review/16792
Reviewed-by: Michael Mann <mmann78@netscape.net>
The build is done in epan/wmem, so libwsutil.la is in ../../wsutil.
Change-Id: I053f6b925829e9c5e9ded014fbc716abc527b46a
Reviewed-on: https://code.wireshark.org/review/16790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also, fix identation - tab stops are set every 8 spaces, not every 4
spaces, in UN*X, which is why the mode lines specify that.
Change-Id: If7cfc2cdae26feb2d5c13e31a32ed950354fb15b
Reviewed-on: https://code.wireshark.org/review/16789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC 5420 Section 3.1 the MSB is bit zero.
Reported by Alexander Okonnikov.
Bug: 12652
Change-Id: I9b414464b05ab0724a6560aa441c3f5324130fdb
Reviewed-on: https://code.wireshark.org/review/16611
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also rename ptp_v2 value strings in packet-ptp for better consistency.
TODO: could also be used and combined with definitions in packet-cip.
Change-Id: I84a9ae566ae6abdd95910cb5709bb63c2b7c26b8
Reviewed-on: https://code.wireshark.org/review/16781
Reviewed-by: Michael Mann <mmann78@netscape.net>
The system, GLib, and wmem string functions can perform differently,
particularly on Windows. Start adding performance tests to wmem_test so
that we can see the differences.
With this change applied "wmem_test --verbose" prints out the following
on a Windows 7 x64 VM here. wmem_test is linked against GLib 2.4.20.
(MINPERF:g_printf_string_upper_bound (via g_snprintf) 1 string: u 327.602 ms s 0
.000 ms)
(MINPERF:g_printf_string_upper_bound (via g_snprintf) 5 strings: u 1419.609 ms s
0.000 ms)
(MINPERF:g_printf_string_upper_bound (via g_snprintf) mixed args: u 1606.810 ms
s 0.000 ms)
(MINPERF:_snprintf_s upper bound 1 string: u 124.801 ms s 0.000 ms)
(MINPERF:_snprintf_s upper bound 5 strings: u 140.401 ms s 0.000 ms)
(MINPERF:_snprintf_s upper bound mixed args: u 124.801 ms s 0.000 ms)
(MINPERF:g_strdup_printf 2 strings: u 702.005 ms s 0.156 ms)
(MINPERF:g_strconcat 2 strings: u 78.000 ms s 0.000 ms)
(MINPERF:g_strdup_printf 5 strings: u 1419.609 ms s 0.156 ms)
(MINPERF:g_strconcat 5 strings: u 93.601 ms s 0.156 ms)
(MINPERF:wmem_strdup_printf 2 strings: u 343.202 ms s 0.312 ms)
(MINPERF:wmem_strconcat 2 strings: u 93.601 ms s 0.468 ms)
(MINPERF:wmem_strdup_printf 5 strings: u 327.602 ms s 8.268 ms)
(MINPERF:wmem_strconcat 5 strings: u 62.400 ms s 3.432 ms)
Change-Id: Id9b23918829db1719d141e7f830b9eba6245a25b
Reviewed-on: https://code.wireshark.org/review/14857
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most distros provide GeoIP database packages that install to /usr/share/GeoIP.
Use this as a system default.
Change-Id: I2b4ddf7e2467263491b18a97e908a247db0ac9a3
Reviewed-on: https://code.wireshark.org/review/16767
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Issue reported by Padmaja Reddy
Bug:12675
Change-Id: I17323a70fdbe6f52c350a875c467c233877f4505
Reviewed-on: https://code.wireshark.org/review/16761
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We may want to add expert infos for IPv6 extension headers over IPv4 (TODO).
Any side-effects that don't make sense (e.g: IPv6 Routing over IPv4) are
ignored.
The IPv6 Next Header decode as is replaced by IP Proto decode as. It
didn't fit a conceptual model well and it also was not working very well
in practice (for multiple extension headers).
We now support decoding any IP Protocol number as an extension header.
Bug: 12673
Change-Id: Icbde019aba8990cc556ef2bd832f64cba76c24b6
Reviewed-on: https://code.wireshark.org/review/16681
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
When processing the colorfilters file, keep and disable unknown coloring
rules instead of skipping over and discarding them. This should
hopefully keep people from losing the standard "Checksum Errors" rule
(and it's less rude in general).
Change-Id: I21796c25045d9dbf7612238ce3d27b613f1ec75f
Reviewed-on: https://code.wireshark.org/review/16673
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Enable airpdcap debugging with explicitly with AIRPDCAP_DEBUG instead
of _DEBUG. _DEBUG might be defined automatically by Visual C++ depending
on your build type and the extra output breaks the decryption tests.
Change-Id: If6d918beb4d91233b07a3bc7b6f2f7e1849171f0
Reviewed-on: https://code.wireshark.org/review/16755
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Both display as zero in the UI. We shouldn't have null values for
decode as, but we do for IPv6, and the user (also the developer) can't
tell them apart from an IPv6 Hop-by-hop Option extension header.
NULL values are represented as IP Protocol 255 (Reserved) in the UI,
intead of IP Protocol 0 (Hop-By-Hop extension header).
Change-Id: I840db99df212a3bee03027b91fdec9c01886004d
Reviewed-on: https://code.wireshark.org/review/16746
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Having no matching in sscanf is a valid use case as the object is already initialized
Bug: 12671
Change-Id: Iee7185290ea72968437159c344a376defe464dd4
Reviewed-on: https://code.wireshark.org/review/16711
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When the cipher suite for the current decryption session is changed via
a Server Hello, it should not change the cipher suite field of the
decoder. Otherwise there is a mismatch between the cipher suite and the
capabilities of the decoder.
Fix this issue by making the decoder hold a pointer to the (constant)
SslCipherSuite structure rather than making a copy (and have the decoder
point to that data).
I also considered resetting the decoder once the cipher suite changes in
the Server Hello, but that breaks renegotiation.
Bug: 12665
Change-Id: Ieff38a535cd111d95933ec383378643b6fbab7bf
Reviewed-on: https://code.wireshark.org/review/16674
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The patch adds support for parsing the 4 types of ERSPAN III platform
specific sub-header, if presented.
Change-Id: I1719fceb71ed40918e6b16f25a6355d78840f6c6
Signed-off-by: William Tu <u9012063@gmail.com>
Reviewed-on: https://code.wireshark.org/review/16702
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fill in the "gaps" so that all dissectors that verify checksums have both a
status and expert info field.
Also address comments from original proto_tree_add_checksum patch that didn't make it.
Ping-Bug: 8859
Change-Id: I2e6640108fd6bb218cb959fe9e4ba98a13e43a2f
Reviewed-on: https://code.wireshark.org/review/16590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It saves a little on file pollution and the g_warning call isn't
bothered in the header file.
Change-Id: Ia9bdd96d9d93bbba6811769c4e6e1ed9124c2e5a
Reviewed-on: https://code.wireshark.org/review/16698
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also remove code dependency on ip6_hdr pointer. It is used solely for the
"ipv6" tap now.
Change-Id: I07150bfae8bf94bf3c585f20c27b60db78688a7b
Reviewed-on: https://code.wireshark.org/review/16655
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Some search/replace of printf, g_warning and GTK APIs were changed to use a
ws_ prefix
Change-Id: I9beb763a975530a4006d1afbcad079a7d8d4ebf9
Reviewed-on: https://code.wireshark.org/review/16704
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The g_warning calls seem legitimate, so "hide" them from checkAPIs.pl.
Change-Id: I6d25b08e22aeeb0244e07836385f2b67d6261546
Reviewed-on: https://code.wireshark.org/review/16703
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add link to ERSPAN protocol spec, remove obsolete comments, and
remove unnecessary 'if(tree)' check.
Change-Id: I1b4950777c84d62301c322afdfc876949db0d4ed
Signed-off-by: William Tu <u9012063@gmail.com>
Reviewed-on: https://code.wireshark.org/review/16675
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Create ws_g_warning for legitimate uses of g_warning
2. Use proto_tree_add_debug_text
3. Comment some out
Change-Id: Ida044bf40286b955fdd529c4f9907c8e09b3d7c5
Reviewed-on: https://code.wireshark.org/review/16678
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Route type 5 do have optional fields that was not properly decoded (MPLS labels)
Bug: 12631
Change-Id: I12d61ef170d4e0f6e6d2c7bf25f149db84c186d7
Reviewed-on: https://code.wireshark.org/review/16576
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f4878d7b730d626d75ac5ed57a00acc8ec34990
Reviewed-on: https://code.wireshark.org/review/16658
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>