When procssing BATCH statements, Wireshark did not properly handled keys with length < 0 , which actually means that no value
is sent on the wire..
This fixes it (and as a results, parses properly some result packets it failed to parse properly before).
Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
When procssing results, Wireshark did not properly handled keys with length -1, which actually means NULL.
This fixes it (and as a results, parses properly some result packets it failed to parse properly before).
Signed-off-by: Yaniv Kaul <yaniv.kaul@scylladb.com>
Make dfilter byte representation always use ':' for consistency.
Make 1 byte be represented as "XX:" with the colon suffix to
make it nonambiguous that is is a byte and not other type,
like a protocol.
The difference is can be seen in the following programs. In the
before representation it is not obvious at all that the second
"fc" value is a literal bytes value and not the value of the
protocol "fc", although it can be inferred from the lack of
a READ_TREE instruction. In the After we know that "fc:" must
be bytes and not a protocol.
Note that a leading colon is a syntactical expedient to say
"this value with any type is a literal value and not a protocol
field." A terminating colon is just a part of the dfilter
literal bytes syntax.
Before:
Filter: fc == :fc
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(fc <FT_PROTOCOL>)
1 FVALUE(fc <FT_PROTOCOL>)
Instructions:
00000 READ_TREE fc <FT_PROTOCOL> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == fc <FT_PROTOCOL>
After:
Filter: fc == :fc
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(fc <FT_PROTOCOL>)
1 FVALUE(fc: <FT_PROTOCOL>)
Instructions:
00000 READ_TREE fc <FT_PROTOCOL> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == fc: <FT_PROTOCOL>
Remove some unused historical files.
Aggressively disable warnings to keep the lemon source
pristine and avoid the maintenance burden for lemon itself.
Lemon has its own lax policy for warnings that doesn't match our
own and they won't accept external patches to remove the
warnings, so just ignore them. Lemon is just executed to generate
code for the Wireshark build and the minor code issues it has
have no influence at runtime.
For lemon generated code we selectively disable some linting
warnings.
Remove patches for lemon and lempar, they are no longer required
with these changes to silence warnings.
Constant logical expressions are tautologies and almost certainly
user error. Reject them as invalid.
Most of them were already rejected with insufficient type information
but some corner cases were still valid.
Before:
Filter: ${frame.number} == 3
Syntax tree:
0 TEST_ANY_EQ:
1 REFERENCE(frame.number <FT_UINT32>)
1 FVALUE(3 <FT_UINT32>)
Instructions:
00000 READ_REFERENCE ${frame.number <FT_UINT32>} -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == 3 <FT_UINT32>
00003 RETURN
After:
Filter: ${frame.number} == 3
dftest: Constant expression is invalid.
${frame.number} == 3
^~~~~~~~~~~~~~~~~~~~
prev needs to be advanced to ptr on an invalid character even
if there aren't any bytes to copy (because we have two invalid
characters in a row.) Fixup ba7917309aFix#18769.
For ASCII encoding, most bytes are copied directly. Count consecutive
valid bytes in an accumulator and append them all at once when we
get an invalid character with the high bit set, or at the end.
This reduces the number of reallocations and allows larger, more
optimized memcpys.
Fix the following valgrind warnings:
==15172== Conditional jump or move depends on uninitialised value(s)
==15172== at 0x78B0849: unescape_and_tvbuffify_telnet_option (epan/dissectors/packet-telnet.c:1043)
==15172== Conditional jump or move depends on uninitialised value(s)
==15172== at 0x76917C8: dissect_rohc_ir_rtp_profile_dynamic (epan/dissectors/packet-rohc.c:1667)
==15172== Conditional jump or move depends on uninitialised value(s)
==15172== at 0x70DCBF1: dissect_gsm_rlcmac_downlink (epan/dissectors/packet-gsm_rlcmac.c:9770)
==15172== Conditional jump or move depends on uninitialised value(s)
==15172== at 0x6C7958E: set_mime_hdr_flags (epan/dissectors/packet-beep.c:392)
Fixes#18742
Remove unparsed lexical type and replace it with identifier
and constant. This separation is still necessary to differentiate
names (fields and function) from literals that look like names
but it has some advantages to do it at the lexical level.
The main advantage is a much cleaner and simplified grammar,
because we only have a single token type for field names, without
any loss of generality (the same name is valid for fields and
function names for example).
The CONSTANT token type is necessary to be different from literal
to provide errors for function rules.
As proto_tree_add_bits_item does not support FT_STRING header fields
dissection of non byte aligned fields containing BCD values has been
rewritten using explicit reading of the BCD values and usage of
proto_tree_add_string
Bitfields are neither allowed to be of type FT_NONE or FT_UINT_BYTES.
This commit fixes this for padding fields (being max 7 bits of zeroes,
thus FT_UINT8) and one field currently named as FT_UINT_BYTES that can
just be represented as FT_BYTES
Underline the whole expression if the error is for the function.
Before:
Filter: frame.number == abs(1, 2)
dftest: Function abs can only accept 1 arguments.
frame.number == abs(1, 2)
^~~
After:
Filter: frame.number == abs(1, 2)
dftest: Function abs can only accept 1 arguments.
frame.number == abs(1, 2)
^~~~~~~~~
The strategy here is to delay resolving literals to values until
we have looked at the entire argument list.
Also we will try to commute the relation in a comparison if
we do not have a type for the return value of the function,
like any other constant.
Before:
Filter: max(1,_ws.ftypes.int8) == 1
dftest: Argument '1' is not valid for max()
max(1,_ws.ftypes.int8) == 1
^
After:
Filter: max(1,_ws.ftypes.int8) == 1
Syntax tree:
0 TEST_ANY_EQ:
1 FUNCTION(max#2):
2 FVALUE(1 <FT_INT8>)
2 FIELD(_ws.ftypes.int8 <FT_INT8>)
1 FVALUE(1 <FT_INT8>)
Instructions:
00000 STACK_PUSH 1 <FT_INT8>
00001 READ_TREE _ws.ftypes.int8 <FT_INT8> -> reg#1
00002 IF_FALSE_GOTO 3
00003 STACK_PUSH reg#1
00004 CALL_FUNCTION max(reg#1, 1 <FT_INT8>) -> reg#0
00005 STACK_POP 2
00006 IF_FALSE_GOTO 8
00007 ANY_EQ reg#0 == 1 <FT_INT8>
00008 RETURN
Filter: max(1,_ws.ftypes.int8) == 1
** (dftest:64938) 01:43:25.950180 [DFilter ERROR] epan/dfilter/sttype-field.c:117 -- sttype_field_ftenum(): Magic num is 0x5cf30031, but should be 0xfc2002cf
Similar to commit dbb9fe2a37, proto_item_fill_display_label
now uses address_to_display for FT_IPv4, FT_IPv6, and FT_FCWWN,
the other three address types that double as field types and which
have optional name resolution.
Add these to the list of types that, if present in a custom column,
has the GUI enable the checkbox to switch between "resolved" (names)
and not (values).
This allows adding custom columns with these field types with both
resolved and non resolved text. Note that the appropriate Name
Resolution preference settings must be enabled for the type as well.
Comparison relations should be allowed to commute but they can not
because we need type information to resolve literals to fvalues. For
that reason an expression like "1 == some.field" is invalid. Solve
that by commuting the relation if the first try did not succeed in
assigning a type to the LHS.
After the second try give up, that means we have a relation with
constants on both sides and that is not semantically valid.
Other relations like "matches" and "contains" are not symmetric and
should not commute anyway.
Before:
Filter: _ws.ftypes.int32 == 10
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(_ws.ftypes.int32 <FT_INT32>)
1 FVALUE(10 <FT_INT32>)
Instructions:
00000 READ_TREE _ws.ftypes.int32 <FT_INT32> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == 10 <FT_INT32>
00003 RETURN
Filter: 10 == _ws.ftypes.int32
dftest: Left side of "==" expression must be a field or function, not 10.
10 == _ws.ftypes.int32
^~
After:
Filter: _ws.ftypes.int32 == 10
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(_ws.ftypes.int32 <FT_INT32>)
1 FVALUE(10 <FT_INT32>)
Instructions:
00000 READ_TREE _ws.ftypes.int32 <FT_INT32> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == 10 <FT_INT32>
00003 RETURN
Filter: 10 == _ws.ftypes.int32
Syntax tree:
0 TEST_ANY_EQ:
1 FVALUE(10 <FT_INT32>)
1 FIELD(_ws.ftypes.int32 <FT_INT32>)
Instructions:
00000 READ_TREE _ws.ftypes.int32 <FT_INT32> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ 10 <FT_INT32> == reg#0
00003 RETURN
Add all the valid bytes at once when we get to the end of the
length (or hit an invalid sequence) instead of one byte or character
at a time. This makes for a considerable speedup.
When the new-value element of the change-of-discrete choice contains context
tag zero, the tag content should be decoded as a BACnetDateTime. Closes#18747.
Use a consistent style for grammar rules.
Remove a comment that is too generic. The current code should
conform to how Python operates and does not need additional error
checking.
That reduces the number of get_progfile_dir() calls, leaving only the
calls that are done either to 1) get the pathname in order to display it
or 2) get the pathname in order to reset the library path.
That makes it easier to figure out which get_progfile_dir() calls are
made to find the directory in which (non-extcap) binaries from Wireshark
are installed and which - if any - are made to figure out the directory
in which *the currently-running executable* are stored. (Currently,
get_progfile_dir() attemps to get the former, not the latter, so
extcaps in an extcap subdirectory, for example, will get the parent
directory of that subdirectory, *not* the directory in which they weere
installed.)
Different QUIC connections can be multiplexed on the same network
5-tuple. Handle this, including checking for Stateless Reset tokens
on all connections on the same 5-tuple.
Create a CONVERSATION_QUIC type using our internal QUIC connection
ID, and set the conversation elements so that subdissectors like
TLS that set conversation data only alter data for the one QUIC
connection instead of all multiplexed connections.
Various failures are expected, per RFC 9000, if zero-length connection
IDs are used when multiplexing connections on the same local IP addresses
and ports.
Fix#17099
When building using msvc implicit changes of the integer sizes in
fmt_dect_nwk_ipei are treated as error due to possible loss of
information.
This is now forecome by explicitely masking the shifted value to fit in
guint16 and by typecasting in calculation to guint16 (the maximum value
that needs to fit here is sum(x=1..x=12)(9x)=702 )
Add basic dissection of S-Format elements MULTI-DISPLAY and
MULTI-KEYPAD. The dissector now holds information regarding control
characters of the DECT charset.
The value for Escaping to proprietary algorithm was wrong and the
Boolean field Y/N was registered using the wrong base, resulting in a
failed assertion during dissection
First steps in dissection of the LCE-PAGE-RESPONSE message. Basic
dissection for S-FORMAT information elements being mandatory or
optional in this message is included.
-Changed the encoding of certain options to their appropriate value, the old values caused compilation error on some machines
-Reverted change #1 in commit c7d3335110290886f6dd56fa640c8b0ca0b7fce5 which caused a packet malformation error due to a data item being read incorrectly.
-Certain lines had a mixture of tabs and spaces which prevented compilation on certain machines
-Replaced protocol abbreviation from mpdccp.mp_* to dccp_mp_* to solve PROTOABBREV error when building
-Changed proto_tree_add_unit to proto_tree_add_item, as suggested for the dissect feature option
-Changed conditional statements to switch case in for MP_ADDADDR
-List MP_OPT as a subtree with relevant MP_SEQ, ID Address and/or subflow.
-Fixed a compilation warning due to an except statement creating subtree for an inexistent tree.
Previous implementation lacked MP_ADDADDR, MP_REMOVEADDR and had an outdated version of MP_PRIO.
Fixed a bug where the dissector had an incorrect offset of 1 byte, resulting in it incorrectly reading headers and data, something resulting in malformed packets.
Have proto_item_fill_display_label (which is used for custom
columns resolved type and packet diagrams) use address_to_display
for FT_ETHER. This is resolved when name resolution for MAC
Addresses is enabled.
Add FT_ETHER to the list of types that, if present in a custom
column, has the GUI enable the checkbox to switch between "resolved"
and "unresolved" text.
This allows FT_ETHER custom columns to be displayed as either
resolved addresses or unresolved. (Note that to be displayed
as resolved, the column resolved option must be checked and
the name resolution preference enabled.)
Fix#18665
Fix some issues regarding custom columns near the maximum size:
Fix where when near the column limit, a comma was not being added
to separate a value but the first character of the next field was,
resulting in an invalid field.
Create the "result" and the "expr" (resolved and unresolved) separately
to address issue where for multifield custom columns of different
types, the "result" might be truncated without "expr" necessarily
being so. This created problems when concatenating the end of the
result to the expr for certain types later.
Avoid passing a NULL to snprintf for integer columns of BASE_NONE
of unexpected value.
Indicate when the custom column has been truncated, since after
commit e449b560c0 this string value is no longer
used to create the filter and is for display only. Also use
the label truncation function so that truncatation is on UTF-8
boundaries.
Fix#17618
==207143==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f59752e0f00 at pc 0x7f5971cd0737 bp 0x7ffe881b1ef0 sp 0x7ffe881b1ee8
READ of size 4 at 0x7f59752e0f00 thread T0
#0 0x7f5971cd0736 in setup_rlc_mac_priv epan/dissectors/packet-gsm_abis_pgsl.c:194:8
#1 0x7f5971ccfc89 in dissect_gprs_data epan/dissectors/packet-gsm_abis_pgsl.c:357:3
#2 0x7f5971ccf6ea in dissect_abis_pgsl epan/dissectors/packet-gsm_abis_pgsl.c:477:3
#3 0x7f5974483daa in call_dissector_through_handle epan/packet.c:822:9
#4 0x7f5974478c05 in call_dissector_work epan/packet.c:920:9
If a field name has been written to the json dumper for
a bytes element (Base64), then a Base64 value must be written
later, even if the value is zero length.
Move the JSON_DUMPER_FLAGS_NO_DEBUG flag to the json_dumper header,
and use it in the protobuf dissector, so that errors in the JSON
dumper state transitions do not abort the application through a
ws_error() call. Use DISSECTOR_ASSERT in that case, since it should
happen only with a dissector bug (as with the zero bytes elements
issue fixed here), not with malformed packets.
Only instantiate the json_dumper and create its output string if
we intend on displaying its output, instead of doing so whenever
we have a message type name.
Fix#18730.
Previously the length was ignored and if a Sequence contains more then
one extensions (in the ellipsis) then the value of the second was
wrongly added to the value of the previous one.
Once we have a full MCTP message, we can decode its type (including IC
field). This change adds type decode support, for the types present in
packet-mctp.h.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
This change adds support for trivially-encapsulated MCTP protocols,
starting with NCSI-over-MCTP.
We need to handle this slightly different from the existing MCTP-based
protocols (MCTP control protocol and NVMe-MI), as the inner protocol is
unaware of the type byte and (optional) checksum tailer. So, add a new
dissector table, "mctp.encap-type" for these, meaning we can just hook
into the raw NC-SI dissector.
We also add the type definition for MCTP-over-ethernet, as defined in
the NCSI-over-MCTP specification.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
We have a few hard-coded MCTP type definitions in use (for MCTP control
protocol, and NVMe-MI) already, and we're about to add a couple more.
This change adds a header for packet-mctp, just with the type
definitions, and uses it for the current types.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Naming of variables, i.e. for header fields was inconsistent (dlc_ vs
dect_dlc_). This is now changed to use the abbreviation (dect_dlc_) on
all global places.
The DECT-DLC dissector now reassembles fragments before handing them
over to the NWK layer. Most of this is done by reusing of the reassembly code
from packet-lapdm.c.
A few HS-DSCH conversations are created when calling add_hsdsch_bind,
such as when a RadioLinkReconfigurationPrepare procedure has
a id-HSDSCH-MACdFlows-to-Add element. This method should add
the CommunicationContextID to the conversation just like the
other ways of creating the conversation. This provides a UEID
for a unique key for RLC reassembly.
The notification context field was parsed as a 4-byte fixed-length field but is defined as type OcaBlob (variable length).
This fix parses the notification context as an OcaBlob parameter while maintaining the field `ocp1.context`.
Clear the object_identifier_id global at the beginning of
each QCStatement, in case the statementId BER has errors and
does not put a value in the ptr. (call_ber_oid_callback correctly
handles being passed a NULL.)
Fix#18552.
This adds BPv7 source and destination as first-class text addresses for the packet.
This fixes proto-data used for decode-as table editing outside of a layer.
In the case of RDP traffic, the conversation usually starts with 3 TPKT packets
and then switch to TLS. The SSL dissector was setting the conversation dissector
without specifying any start packet which were leading to have the 3 first packets
interpreted as invalid SSL records (which they are as it's TPKT packets). This patch
fixes by specifying the first true SSL packet.
The RDPUDP protocol transports TLS or DTLS records, but as the payload of RDPUDP is small,
most of the time records are splitted over multiple RDPUDP packets. This patch adds
support for desegmentation in RDPUDP so that we interpret the results of the SSL
dissector and we can give back untreated content when dissecting the next packet.
AMD and UMD PDUs can be larger than 255 bytes, so the
offset should not be stored in a guint8. Otherwise,
the offset overflows and the last 256 bytes of the PDU
are added as an extra "fragment."
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.stopIccClk - mask has odd number of digits 0x100 expected max for FT_BOOLEAN is 8
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.nadValNot0accept - mask has odd number of digits 0x200 expected max for FT_BOOLEAN is 8
epan/dissectors/packet-usb-ccid.c filter= usbccid.dwFeatures.autoIfsd - mask has odd number of digits 0x400 expected max for FT_BOOLEAN is 8
display_extension_block is supposed to return the current offset,
not the number of bytes remaining. The number of bytes remaining
can be less than the current offset and cause an infinite loop.
In the case of an error, set lastheader and return the current
offset in order to break out of the main processing loop.
Fix#18711.
3GPP TS 25.427 and TS 25.435 both say that the Payload CRC IE
may only be present if the frame contains payload for E-DCH
frames, even where the setup of the transport bearer indicated
that the CRC would be present otherwise. So if there's no payload
and the CRC is missing, treat that as missing-but-expected rather
than marking the packet as malformed.
Take the opportunity to switch to proto_tree_add_checksum, which
handles all the various cases. Ping #8859
Set the direction based on request type in a similar manner as it done
for other URB types, i.e. set source to host on URB submit. Correctly
set bus number based on locationID upper 8 bits.
Fixes#16768
IEEE 802.11-2020, Section 12.4.7.6 says that an SAE Confirm message,
with a status code not equal to SUCCESS, shall indicate that a peer
rejects a previously sent SAE Confirm message. In this case, the Confirm
message may not carry a Send-Confirm field or a Confirm field, as
hostapd does. So we simply ignore possible fields following Status code.
Signed-off-by: Chien Wong <m@xv97.com>
Use tvb_find_guint8 and tvb_ws_mepbrk to find the
token boundaries for www-form-urlencoded. Use tvb_memcpy
to copy groups of bytes that don't have special characters
like + or %.
This is considerably more optimized (e.g. find_guint8 uses
memchr) than the naive loop, and speeds up the relevant part
by up to 10x.
Also handle cases where value is empty and there is no =
by splitting on &, instead of looking for the next =.
Together with bd1f2cc996, fix#13779.
This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
Formerly only the class specific dissectors could be registered for
bulk, control and interrupt endpoints. While this is sufficient for
major classes, there are some classes that only use one or two of
possible class/subclass/protocol triple values. Allow registering
specific triples so appropriate dissector can be automatically selected
based on CONFIGURATION DESCRIPTOR data.
Register DFU Run-Time and DFU Mode triples so user no longer needs to
manually set Decode As for USB DFU.
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
Add support for DTLS Connection ID when using Block Ciphers
with the deprecated extention type (53) from
draft-ietf-tls-dtls-connection-id-07.
Closes#18705
The loopback and unspecified addresses are repeated. Keep
only the "special purpose" field, in accordance with the
IANA registry (and unlike RFC 4291) to remove the redundancy.
Add the "Unique Local Unicast" range to address space field,
also from the IANA registry.
Unique-Local and Link-Local are still repeated in both fields.
Oh well...
Add a safeguard to limit the maximum number of iterations.
Do not allocate a new buffer for every loop iterations in a loop that
depends on the result of the decompression routine.
Either allocate the buffer once or free after use. Defensive programming
is more important than speed in this case.
UDP port 49999 is not IANA registered, so add some heuristics
to the NXP 802.15.4 sniffer so that it doesn't claim packets
from other protocols that have chosen that ephemeral port.
Don't return 0 after already adding things to the tree; do that
check in the heuristics.
Fix#18695
tvb_uncompress initially allocates an output buffer of twice the
input size. It is typical to have a compression ratio of 2:1 or
5:1, but in the extreme case (lots of all identical bytes), 1030:1
is possible.
When extending the output buffer, instead of always malloc'ing
a new buffer and memcpy'ing the old buffer into it, call realloc,
which at least some (most?) of the time will extend the current
buffer in place instead. This should reduce the time to unzip
from always O(N^2) (where N is the compression ratio) to something
average case more like O(N) or O(N log N), depending on how often
it actually copies the data. It only really affects pathological
cases.
Related to #13779.
This parameter was introduced as a safeguard for bugs
that generate an unbounded string but its utility for
that purpose is doubtful and the way it is being used
creates problems with invalid truncation of UTF-8
strings.
Rename wmem_strbuf_sized_new() with a better name.
GSMTAP has had support for various other ISDN related protocols as
sub-types of the GSMTAP_TYPE_E1T1 type. We've recently started to work
on V5 (ITU-T G.964/G.965) and introduced a new sub-type for this.
Let's add the related dispatch from packet-gsmtap.c to packet-v5ef.c
The ofp_stats struct length field includes the fixed 4 bytes.
If the length is smaller than that, report the length error
and break out. In particular, a value of zero can cause
infinite loops if this isn't done.
There's no point in trying to decompress a message with
length zero, and some of the third party decompression
libraries (e.g. zstd) can give unexpected results that
lead to infinite loops if we do so. A message length zero
is almost surely a file with errors.
Currently the autocompletion engine always suggests a protocol
field completion, even in places where it isn't syntactically
valid.
Fix that by compiling the preamble to the token under the cursor
and checking the returned error. If it is DF_ERROR_UNEXPECTED_END
that indicates a field or literal value was expected. Otherwise
a field replacement is not valid in this position.
Fixes#12811.
Store pointer to first gap to reduce number of full list traversals
needed when linking new fragments. When all captured fragments are in
order, the first gap is effectively pointing to list tail. The best case
scenario, where the list traversals are completely eliminated, happens
every time for protocols that always have the fragments ordered (most
notably USBLL Full-Speed capture containing Bulk OUT transfers with
a lot of retransmissions).
The memory usage is increased by a single pointer and 32-bit contiguous
length counter per fragment head. The additional CPU usage is constant
per insertion, i.e. does not increase with the number of fragments in
the list.
Fixes#17311
display_extension_block is supposed to return the current offset,
not the number of bytes remaining, which can be less than the current
offset and cause an infinite loop. In the case of errors, set
lastheader and return the current offset to break out of loops.
Adds missing NULL-termination in headerfield list in
dissect_dect_mitel_eth_mac_con_ind and removes handover to general data
dissector as this is path is no longer reached due to handling the
different message types within this dissector.
Only dissectors are using this function and there is no use case,
as far as I know, that requires its use. Any limitation of length
is imposed transparently by the UI backend.
This function is problematic because it is not Unicode aware and
will truncate a string on an arbitrary byte boundary for multibyte
strings.
Replace its use with a normal strbuf without a length limite and
remove the function because it is not useful and the ITEM_LABEL_LENGTH
parameter does not belong in wmem anyway.
CitrixAGBasic Authentication has Base64 encoded values. The result of
Base64 decoding is not guaranteed to be valid UTF-8 (or ASCII), so
verify it.
Also add the username and password to the credentials tap.
Fix#18677.
The dynamic hf entries for HTTP2 read from the UAT should be
changed when the UAT is changed or reset, not on each file
load and file close. If a field is added as a column, coloring
rule, or filter, and the capture file is changed, deregistering
the field and reregistering it can cause a crash.
Use the same approach as with HTTP and SIP, slightly modified
because in HTTP2 the header fields hash contains the static
headers as well, to prevent adding duplicate entries via the UAT.
Fix#14768
When CIMD indicates that a message was sent in the 7 bit GSM alphabet,
each character has been converted to ASCII or ISO-8559-1 with the
use of combining escape sequences for characters not present in
the destination encoding. Properly convert back to GSM 7 bit encoding
and then to UTF-8 for display.
Fix#18676.
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.