Improve the ESP NULL autodetection, and get it closer to the
heuristics in RFC 5879:
Detect multiple ICV lengths - 12, 16, 24, and 32
Check padding length validity
Check padding values
Reject if the subdissector rejects the packet
Still does not attempt to properly detect ENCR_NULL_AUTH_AES_GMAC,
which has a nonzero IV.
Fix#13730.
The signal attached "currentIndexChanged" takes only int as argument,
the correct signal is "currentTextChanged". This also fixes a crash
whenever you changed the visible/nonvisible setting for an interface
_WIN32 is defined by the compiler, and is arguably a more reliable
test that WIN32. Switch to checking for _WIN32 in a couple of places in
the code.
Remove a WIN32 definition from config.h. It was added for the WinPcap
developer pack but we no longer use that.
The flag of unsigned fields is either 0x0 for signed integer fields or
0x80 (128) for unsigned integer fields.
The code expected 0x0 for signed and 0x1 for unsigned to match the right
dissector for the field, causing no match to be found.
Example client code:
```c
int main(int argc, char **argv) {
MYSQL *con = mysql_init(NULL);
if (mysql_real_connect(con, "127.0.0.1", "root", NULL, NULL, 4000, NULL, 0) ==
NULL) {
printf("%s\n", mysql_error(con));
mysql_close(con);
exit(1);
}
MYSQL_STMT *stmt = mysql_stmt_init(con);
mysql_stmt_prepare(stmt, "DO ?", 4);
MYSQL_BIND bind[1];
int my_int = 1;
bind[0].buffer_type = MYSQL_TYPE_TINY;
bind[0].buffer = (void *)&my_int;
bind[0].is_unsigned = 1;
bind[0].is_null = 0;
mysql_stmt_bind_param(stmt, bind);
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
}
```
The port pref value is used in a callback, so convert that to
retrieving a range. Also, remove the old preference (it was
converted to use an auto preference some time ago but the
duplicate preference wasn't removed.)
Ping #14319
Update the dns_pkt_addr_resolution, use_external_name_resolver, and
use_custom_dns_servers names to be more consistent. Make it more clear
that use_external_name_resolver uses you're system's DNS settings.
When a single port is added to a dissector along with an auto
preference, make it create a range preference (defaulting to
that single value.) This converts the rest of the auto port
preferences to ranges.
Ping #14319. Still to do are converting other non-auto port
preferences to auto preferences (e.g., sctp ports), and maybe
some minor cleanups.
Libpcap assumes that packet length is greater or equal to captured data
length. However, due to a bug in libpcap, it was possible for libpcap to
generate isochronous URB packets (WTAP_ENCAP_USB_LINUX_MMAPPED) with
captured data length greater than packet length. The discrepancy comes
from slightly different semantics in Linux kernel.
Linux kernel usbmon packet documentation mentions:
unsigned int length; /* 32: Length of data (submitted or actual) */
unsigned int len_cap; /* 36: Delivered length */
Wireshark shows usbmon packet length as URB length (usb.urb_len) and
len_cap as Data length (usb.data_len). For usbmon isochronous IN packets
containing data (URB complete), usbmon length is "actual". Actual length
is the sum of payload packets length received from device. Delivered
length refers to the amount of data associated with usbmon packet, that
is the isochronous descriptors and actual isochronous data. There can be
multiple isochronous descriptors in single URB and the actual payload in
special cases can be noncontiguous (there can be gaps).
Libpcap when reading usbmon capture calculates packet length based on
usbmon packet structure size (64), "actual length" and number of
isochronous descriptors. This gives expected packet length as long as
there are no gaps between isochronous data. If there are gaps, the
calculated packet length will be smaller than delivered length.
Wireshark should show the frame length and captured length as provided
by the capture engine, even if the capture length is greater than frame
length. Silently limiting captured length essentially hides the issue
from the user and allows misbehaving capture engine to go unnoticed.
Passing unmodified Frame Length and Capture Length to dissectors (and
thus complete tvb) allows USB dissector to show all ISO Data fields
captured on Linux usbmon interface using bugged libpcap.
Fixes#18021
Dissect the receipt info object that may appear in the tlv container of a
zvt message.
Define an ett value for receipt bitfields and use it for receipt info and
receipt param. We shouldn't be using the ett for the tlv tag.
The code checks for state=LOGIN, but the state is set to RESPONSE_OK,
which is not correct in case of TLS as the packet following the non-TLS
LOGIN is another LOGIN, but on TLS. The first LOGIN is not really a
LOGIN, but more of a STARTTLS situation.
Closes https://gitlab.com/wireshark/wireshark/-/issues/10346
Make add_for_decode_as_with_preference create a range preference,
instead of a single uint preference. Decode As allows multiple
ports to be set for a dissector, so a range preference is correct.
This prevents an odd situation where the quasi preference only
holds the last value set in the Decode As table, and changing it
only changes that one value, not all the other values. Moving
the preference to a range also means that the empty string clears
the result instead of doing nothing. (With uint preferences
inputing 0 is required to not dissect.)
This moves a lot of the automatic port preferences over to ranges.
Ping #14319. Fix#15554.
Check in both editcap and Wireshark to make sure that comments have
fewer than 65536 bytes before accepting them.
This shoudl fix#18235, although there should also be checks in
libwiretap to catch cases where the user interface code doesn't do the
check (it should be done in the UI so that the user gets notified
appropriately).
Releases 98 and 99 are older than version 8. Also fix the
extra length added for RADIUS so that it properly accounts
for the lack of allocation-retention priority in RADIUS.
Previously it was off by one, which caused errors in Release
98. Fix#10688 again.
The TCP and UDP follow conversation filter functions should
only retrieve a conversation and conversation data, not
create new conversations or new stream numbers. (That should
only happen during actual packet processing.) So they should
match on the endpoint type and not look up endpoints (since
TCP and UDP don't use the endpoint API.)
They still don't work with tunneling, or any other situation where
the addresses and ports have been changed (see #18231), but this
at least works when some other protocol _has_ used the endpoint
API, and also avoids creating nonsensical streams.
Making them work properly with tunneling either requires adding
packet info to each packet with the stream information, or using
the endpoint API (after finishing it to allow more than one endpoint
on the packet, and a way of searching for endpoints other than
the most recent.)
Add the currency codes for CHF, GBP and USD to the list of currency codes.
ZVT is used mainly in german speaking countries. The currencies above plus
EUR should cover most use cases. If necessary, we can add more currency
codes from https://en.wikipedia.org/wiki/ISO_4217.
Remove the redundant BASE_FLOAT field display type. The name
BASE_FLOAT is meaningless and the value aliased to BASE_NONE.
Require BASE_NONE instead of BASE_FLOAT (corresponding to
the printf() %g format).
Add new float display types using BASE_DEC, BASE_HEX and BASE_EXP
corresponfing to %f, %a and %e respectively.
Add support for BASE_CUSTOM with floats.
Uncapitalize Open Source Software. Prefer the well established umbrella
term "free and open source software". Add specifics about the license
version.
Most references use an hyphen with "open-source". Do that as well.
To maintain familiarity and keep to expectations do an exact copy.
The last sentence to check the man page is an exception because it
is an addenda and recognizing that this clipboard information will
be used mostly in bug reports, it might get annoying.
Move Acknowledgements to a separate file to enable some code
simplification and improve maintenance and discoverability
for acknowlegements.
Convert the Acknowledgements file to Github flavored markdown
and display it in rich text using QTextBrowser.
Add Acknowledgements.md to NSIS installer
For QUIC, we explicitly know the server direction. Use that
in order to correctly mark which packets are from the server
verus from the client, instead of assuming that the first packets
in a stream are from the client (which is true for a connection
generally but not necessarily a stream). This also allows us to track
direction across connection migration instead of marking all
packets after migration as from the server.
Similar to commit 2eb7b05b8c,
replace the RTP payload type preferences with automatic
dissectors.
This reduces the number of preference module callbacks.
Hadar Shoham