The canonical location for the usb.ids file is
http://www.linux-usb.org/usb.ids. Unfortunately that site isn't
accessible over HTTPS so we were using https://usb-ids.gowdy.us/usb.ids
instead. *That* site is down, so switch to the Linux USB project's
SourceForge repository URL, which appears to house the assets for
www.linux-usb.org, including the usb.ids file.
(cherry picked from commit 01d5e8ee51)
Some UN*Xes (4.4-lite-derived, such as the obscure, little-known macOS,
FreeBSD, NetBSD, OpenBSD, and DragonFly BSD) have a length field in the
socket address structure.
That was originally done for OSI address support; unlike most transport
addresses, such as IPv4 (and IPv6) addresses, where the size of the
address is fixed, the size of an OSI transport layer address is *not*
fixed, so it cannot be inferred from the address type.
With the dropping of OSI support, that field is no longer necessary in
userland. System calls that take a socket address argument also take an
address length argument; in newer (all?) versions of the {macOS,
FreeBSD, NetBSD, OpenBSD, DragonFly BSD} kernel, the system call code
sets the length field in the kernel's copy of the address to the address
length field value.
However, that means that you have to pass in the appropriate length; if
you have a sockaddr_storage that might contain an IPv4 address or an
IPv6 address, connect() (and bind()) calls should use the IPv4 address
size for IPv4 addresses and the IPv6 address size for IPv6 addresses,
otherwise, at least on macOS, the call fails.
In cap_open_socket(), report socket() and connect() errors separately,
to make it easier to determine where TCP@ captures fail, if they do
fail. (That's how I got here in the first place.)
(cherry picked from commit e3047d9b38)
The pointer isn't incremented in get_ts_23_038_7bits_string_unpacked
so it just decodes the first octet length times.
(cherry picked from commit 5df3f5d05d)
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
(cherry picked from commit 33e63d19e5)
It's easy to create systemd blocks with a missing or invalid
__REALTIME_TIMESTAMP= field when fuzz testing. If that's the case, leave
WTAP_HAS_TS unset instead of returning an error. Fixes#16965.
(cherry picked from commit 51145c62e6)
PEP 394[1] says,
"In cases where the script is expected to be executed outside virtual
environments, developers will need to be aware of the following
discrepancies across platforms and installation methods:
* Older Linux distributions will provide a python command that refers
to Python 2, and will likely not provide a python2 command.
* Some newer Linux distributions will provide a python command that
refers to Python 3.
* Some Linux distributions will not provide a python command at all by
default, but will provide a python3 command by default."
Debian has forced the issue by choosing the third option[2]:
"NOTE: Debian testing (bullseye) has removed the "python" package and
the '/usr/bin/python' symlink due to the deprecation of Python 2."
Switch our shebang from "#!/usr/bin/env python" to "#!/usr/bin/env
python3" in some places. Remove some 2/3 version checks if we know we're
running under Python 3. Remove the "coding: utf-8" in a bunch of places
since that's the default in Python 3.
[1]https://www.python.org/dev/peps/pep-0394/#for-python-script-publishers
[2]https://wiki.debian.org/Python
(cherry picked from commit 30c392f166)
According to TS 44.060, figure 10.3a.2.1, note 2, the TLLI is
encoded in little endian for EGPRS (while big endian is used in GPRS).
(cherry picked from commit dfa8a3fe5a)
STUN heuristic over TCP (added in 770872790d) doesn't handle multiple
STUN messages in the same TCP payload.
While at it, added a comment (forgotten in 354bbbe7cb) about different
TURN channel support among STUN versions
(cherry picked from commit 905f304d54)
The previous handling of LI=0 was a confusion with the LI=0 meaning from
EGPRS (see TS 44.060 B.8.2 Example 2) data block.
(cherry picked from commit 9d5de22a88)
Change PT_DECIMALLIT, PT_OCTALLIT and PT_HEXLIT tokens to uint64
type, and make PT_IDENT excluding '-' numbers which will be parsed
in protobuf_lang.y. That negative enum number and number type of
constant can be correctly parsed.
Note, intLit is uint32 for parsing fieldNumber and enumNumber,
but might be uint64 as constant.
close#16988
(cherry picked from commit 1fff3cb106)
You can't use packet scope if you're not dissecting a packet;
read_IOR_strings_from_file() is called from giop_init(), which is called
when a file is opened, not when dissecting a packet.
Use NULL as the scope, which just does a regular allocation, and free
the buffer when we're done.
Expand a comment to indicate that using dissection routines is *also* a
bad idea in code that's not used when dissecting packets.
Fixes#16984.
(cherry picked from commit 2c2ee172eb)
Cherry picking tends to add an extra blank line to the commit message.
Update the body check in validate-commit.py to allow for this.
Revert "tools: Skip over commit body checks." This reverts commit
24450d9c51.
(cherry picked from commit dd6b6f48dc)
This patch makes the parsing of length fields consistent by moving them
below their parent element and adjusting the length of the parent
element. And it fixes some problems by doing this.
Problems fixed by this:
- Bytes skipped after dynamic length arrays. This resolves#16951
- A byte was ignored before unparsed payload.
- Unions not marking the correct byte range.
- String having the length field twice.
Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
(cherry picked from commit 9ac8dcb3a1)
Check if padding flag is set and alter length accordingly.
Display rtcp.xr.bl the same way as rtcp.length.
Fixes: wireshark/wireshark#16933
(cherry picked from commit e07bb433b2)
Refer to USB Device Class Definition for Video Devices
document revision 1.5.
* bmFramingInfo is 1 byte
* Cut & Paste error for bMaxVersion label
Change-Id: Ib1221886f864a6ab9dbab70a8e5fca6482bf4267
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
(cherry picked from commit b6222766cc)
Also, take a chance to correct the comment: section 6.11.0 does
not exit in 3GPP TS 44.018. In version 15.4.0 Release 15 of
the referenced document it is 10.5.2.31 (table 10.5.2.31.1).
(cherry picked from commit 732591237b)
Corretly decode MNC if it consists of 3 digits
Change to what is called big endinan MNC
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| Filler | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 2 | MNC digit 1 | octet x+2
+---------------+---------------+
MNC of length 3:
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| MNC digit 1 | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 3 | MNC digit 2 | octet x+2
+---------------+---------------+
From 3GPP TS 29.171
7.4.27 PLMN Identity
- digits 0 to 9, encoded 0000 to 1001,
- 1111 used as filler digit, two digits per octet,
- bits 4 to 1 of octet n encoding digit 2n-1
- bits 8 to 5 of octet n encoding digit 2n
The Selected PLMN identity consists of 3 digits from MCC followed by either
- a filler digit plus 2 digits from MNC (in case of 2 digit MNC) or
- 3 digits from MNC (in case of a 3 digit MNC).
(cherry picked from commit 156f9e81fc)
Don't try to dissect bytes as string and show its value item if the
bytes field has a subdissector. And add field subdissector under field
item instead of value item.
close#16956
(cherry picked from commit 1c5d577d63)
Creating protocols with unknown length must be created to the end of the TVB
first and reined back using proto_set_len() once the length becomes known.
Not doing so can make indentification of problems harder and prevents analysis
engines like MATE from properly processing the generated protocol trees.
With this change the remaining offending dissectors are corrected for this.
Closes#16961
(cherry picked from commit 918db88055)
Systemd journal entries aren't file-type-specific; they're found in both
systemd journal entry blocks in pcapng files and in systemd journal
export files. Give it a record type, for use with both file types.
This fixes#16955.
It also means that you can open a systemd journal export file and save
it as a pcapng file.
(cherry picked from commit 889e0d5cb6)
The macOS installer works differently from the way it did when that
message was written (it's now a drag-install for Wireshark, with
separate installers for ChmodBPF and for files to add the Wireshark
binary directory to the default $PATH), and the macOS main screen now
offers a "click this to install" link, running the ChmodBPF installer,
if the user doesn't have permissions to capture. Update the message
to reflect that (although that's wrong if you directly run dumpcap or
run it via TShark - this needs to be cleaned up in some fashion).
Fix a capitalization error while we're at it.
In the code that generates the main screen message to which the dumpcap
message refers, add a comment saying that, if the main screen message
changes, dumpcap's message should also be updated.
(cherry picked from commit 4fd7983b04)
The AT response may not contain a leading \r\n, so avoid checking
for this to determine if it's a response. This characters will be
removed as a part of white space removal anyway.
(cherry picked from commit 5413331ed3)
Start the limit at 2^32-1, as we use a guint32 to store the frame
number.
With Qt prior to Qt 6, lower the limit to 53 million packets; this
should fix issue #16908.
(cherry picked from commit 639891651f)