When desegmenting, don't add [TCP segment of a reassembled PDU] to
the INFO column if we've already dissected a complete PDU in this
frame. This is for the same reasons that we set a fence in the INFO
column and set the PROTOCOL column to be not writable. It's not
of particular interest that this frame also contains the start of
a new PDU when the INFO column has information about a complete
higher level PDU. The information about the other PDU is contained
in the tcp tree elements.
Fix#15494
In the case where the beginning of a TCP segment does not continue
a higher-level PDU, but the end of the segment is the beginning of
another PDU, we don't need to create the MSP for the second PDU
after the first time we visit the packet. However, we do want to
retrieve that MSP for determining in which frame the second PDU
was reassembled.
Make "Reassembled PDU in frame:" messages be added in that case
like it already is for other frames with MSPs.
TCP can contain multiple PDUs of the next layer protocol, and the
subdissector (or further subdissectors called from it) can change
the addresses and ports. However, the addresses and ports are used
for the desegmentation tables at the TCP level, as well as for
various purposes in encapsulated protocols.
Restore the addresses and ports values of packet_info before each PDU,
and in desegment_tcp after returning from a subdissector. When leaving
desegment_tcp ensure that the addresses and ports are set to whatever
they were after the last subdissector call that successfully
desegmented a PDU.
Fix#2345. Fix#9782.
The test for "old_len" with a reassembled MSP has never been accurate
for out of order reassembly, where it caused additional data requested
to be taken from the end of the current frame instead of from the
correct portion of the reassembled MSP, which could be from an
out of order frame (later in sequence, but arrived earlier.)
The test is unnecessary - the other case, where we need more data
but there's more in the current frame is already handled by looping again.
This fixes reassembly where TCP is out of order and those out of order
segments don't align on PDU boundaries. Fix#13317.
Also fix a minor issue in the same situation where the length of the
current segment was indicated incorrectly for out of order frames
contributing to multiple MSPs.
The warning is harmless and we want to keep upstream code
as pristine as possible (unless there is a real issue in
the code of course) so disable the warning.
Add the de facto standard Lua regex API to Wireshark. Upstream
code is copied verbatim and the module opened in the "rex" table.
This is just a user convenience and developer quality of life improvement
over the GRegex Lua API because it has always been possible to
load lrexlib-pcre2 as a Lua module from Wireshark.
This code has been unmaintained and does not pass the lrexlib test
suite. GRegex itself has been obsolescent for some time, although GNOME
has recently restarted trying to move it to PCRE2.
Remove it in preparation for a move to lrexlib-pcre2.
When processing segments out of order in TCP, it is possible to
get new segments that fill a sequence gap and be able to dissect
at least one PDU but need more data for additional PDUs (that have
data from the contiguous stream bytes.) We can only determine this
after passing the reassembled segments to the subdissector first.
To keep dissection and layer numbers consistent between passes,
split the multisegment PDU, keeping the already dissect PDU(s) in
the current reassembly and creating a new MSP for the parts not yet
dissected.
Update the dissection test to enable the currently skipped test that
require MSP splitting and remove test_tcp_out_of_order_twopass_with_bug
Introduce Wireshark specific enum to facilitate USB speed specific
dissection. Any similarity of actual enum values with any protocol
is coincidence and should not be relied upon.
Rename speed defines in USBIP dissector to not collide with Wireshark
USB speed enum. The values used in USBIP are implementation specific.
Allow user to set capture speed in USBLL dissector preferences. Use the
selected speed in USB dissector to sanitize endpoint maximum packet size
value based on speed specfic requirements from USB 2.0 specification.
Close#18062
Switch the non-endpoint *_by_id conversation routines to use element
lists. Change the ID type from guint32 to guint64. None of them used the
address+port option flag arguments, so remove them.
Field infos have a length property that was not stored with the
field value so when using a negative index the end was computed
from the captured length of the frame tvbuff, leading to incorrect
results. The documentation in wireshark-filter(5) describes how
this was supposed to work but as far as I can tell it never worked
properly.
We now store the length and use that (when it is different from -1)
to locate the end of the protocol data in the tvbuff. An extra wrinkle
is that sometimes the length is set after the field value is created.
This is the most common case as the majority of protocols have a
variable length and dissection generally proceeds with a TVB subset from
the current layer (with offset zero) through all remaining layers to the
end of the captured length. For that reason we must use an expedient to allow
changing the protocol length of an existing protocol fvalue, whenever
proto_item_set_len() is called.
Fixes#17772.
Rename conversation_lookup_hashtable to conversation_lookup_addr_port.
Add a new conversation_lookup_hashtable that consolidates some duplicate
code and takes a general set of arguments similar to the other
conversation_*_hashtable routines.
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
The new TECMP release renames as follows:
- Capture Module -> Device
- Channel -> Interface
Header fields (incl. filters) and Config UATs are affected.
This patch updates the TECMP dissector with 1.6 and 1.7 changes.
Changes:
- Multiple new flags for CAN, CAN-FD, FlexRay, LIN, Analog, etc.
- Reordering of flags
- Additional data units for Analog
- New Header CRC and Frame CRC for FlexRay (1.6 change)
- New CRCs for CAN and CAN-FD (1.6 change)
- Deprecated the removed Analog Threshold Undershot/Exceeded flags,
since they were removed
This patch does not include the renaming to Device and Interface.
packet-smc.c:722:4: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-smc.c:887:4: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-catapult-dct2000.c:1099:13: warning: Value stored to 'tag' is never read [deadcode.DeadStores]
packet-catapult-dct2000.c:1100:13: warning: Value stored to 'len' is never read [deadcode.DeadStores]
packet-catapult-dct2000.c:3076:21: warning: Value stored to 'sub_dissector_result' is never read [deadcode.DeadStores]
Extract Method for multiple message of SDP Media Attribute to simplify things and Make processes clearer.
dissect_sdp_media_attribute_rtpmap
dissect_sdp_media_attribute_fmtp
dissect_sdp_media_attribute_path
dissect_sdp_media_attribute_h248_item
dissect_sdp_media_attribute_crypto
The original function remain unchanged.
Gerald Combs