This pull request includes:
* The "Follow DCCP stream" feature.
* Updated docbook documentation for the "Follow DCCP stream" feature.
* Test for the feature.
* Corresponding packet trace for the test.
Use guint64 instead of u_int64_t. GLib might make it easier to use
standard types at some point[1] but they haven't yet. Make our offsets
unsigned.
[1]https://gitlab.gnome.org/GNOME/glib/-/issues/1484
The file request and file acknowledge APDUs of the auxiliary file system
resource are exactly the same as in the application mmi resource.
We already have a function that dissects file acknowledge. Move the
dissection of file request into a separate function as well.
Call the two functions for both ami and afs resources.
Save a copy of the pathname used to open a file in the wtap structure.
This allows the BER file reader to put a pointer to it in the
pseudo-header; it also would allow file readers to attempt to read
"associated" files that have the same name as the file, but with a
different extension.
Instead of having cf_open() special-case BER files, and calling a
routine in the BER dissector to specify the file name to the dissector,
have separate dissectors for "dissect packet payload as BER" and
"dissect a file as BER", and have the latter get the pathname of the
file from the pseudo-header and determine the ASN.1 syntax from that.
(Side-effect - this means that you can now dissect a BER file, and have
the syntax be determined by the file extension, in TShark as well; the
above cf_open() special-casing was *not* done in TShark, so it didn't
work before. Now the application code doesn't need to do any of that,
so it works in TShark as well as Wireshark.)
Eliminate WTAP_FILE_TYPE_SUBTYPE_ERF and
WTAP_FILE_TYPE_SUBTYPE_SYSTEMD_JOURNAL - instead, fetch the values by
name, using wtap_name_to_file_type_subtype().
This requires that wtap_init() be called before epan_init(); that's
currently the case, but put in comments to indicate why it must continue
to be the case.
When handling uncompressed packets:
* Add bounds checks before allocating or reading memory.
* Limit amount of memory allocated to the size of the IP header plus the
maximum needed size of the TCP header, not entire packet contents.
* Check for IPv4 before processing.
* Use more constant macros for easier reading and review.
When handling compressed packets:
* Add bounds checks when calculating size of compression header.
General:
* Add extra comments.
* Use reported length instead of captured length for calculating
syn+ack values (since that's what the sender would use).
* Added support for dissecting mPackets with arbitrary preamble length,
in accordance with IEEE 802.3br-2016
Changed fpp.preamble type from FT_UINT64 to FT_BYTES
* Allowed for capture device to signal non-integer preamble length by padding with zero.
Added fpp.preamble.pad to indicate any alignment padding bits
* Added missing printouts of SMD types
i.e. SMD-E, SMD-V, SMD-R, SMD-S0, ...
* Added missing printouts of decoded fragment numbers
i.e. 0, 1, 2, 3
Add dissect_pkt_line helper that dissects a single pkt-line and
simplifies the pre-existing dissect_git_pdu().
A later patch will make use of this same helper for HTTP support.
Part of #17093
Testing with tftpConversationError.pcapng attached to issue 10305 revealed this
warning on the console:
GLib-CRITICAL **: 16:47:08.092: g_str_has_suffix: assertion 'str != NULL' failed
The cause is that the filename retrieved from the tftpinfo struct could
potentially be NULL when dissect_a615a_heur is called, for instance if the TFTP
RRQ/WRQ was not captured or not associated with the same conversation as the
DATA packet.
It's interesting that this condition arises from this capture
file... Perhaps the conversation tracking is amiss? To be investigated.
Without knowing the filename, there appears to be no way to meaningfully
dissect the protocol beyond just dissecting just the file length and the
protocol version; For simplicity, I opted to maintain the present behavior and
have the heuristic test fail if the filename is not known.
Celcius -> Celsius.
ammendment, framenun and untunelled (with one 'n') are in wireshark_words.txt
but do not seem to be present in our codebase anymore (and are not
correctly-spelled words), so AFAIK they can be removed from the list.
Added a handful of words which don't seem to be in the dictionary on my host
but are real words and are in the codebase.
Removed two contractions which are now handled within tools/check_spelling.py .
The include_directories documentation at
https://cmake.org/cmake/help/latest/command/include_directories.html
says:
"Note: Prefer the target_include_directories() command to add include
directories to individual targets and optionally propagate/export them
to dependents."
Switch from include_directories to target_include_directories in a bunch
of places.
Add "SYSTEM" to the remaining external include_directories calls in
order to minimize our compiler warning blast radius.
Using the application mmi (ami) resource, a file of any type may be sent
from the module to the host.
The host receives both the file name and the binary payload. At the moment,
we parse the name and hand the payload to the png dissector if it ends with
.png
Instead of this manual approach, we should make use of all file types that
wireshark can dissect, i.e. all file types registered in the wtap_file
dissector table. The mime-encap dissector does just that, so we pass our
payload to this dissector.
Dissect the ip config request and reply APDUs that were added in the DVB-CI+
v1.4 specification.
Re-use the existing value string for "connected/disconnected". (If the field
was a single bit, we could use a tfs...).
Yet again, this is based on work by Jens Rosenboom.
In some circumstances when dealing with a series of out-of-order
packets, the last packet of this series is marked as a
retransmission instead of an out-of-order. Closes#17214.
NCSI: Extends NCSI dissection based on DSP0222 Version: 1.2.0_2b
Add pci-ids.c and pci-ids.h for mapping PCI IDs(VID,DID,SID,SVID) to string.
Extends NCSI dissection to support DSP0222 Version: 1.2.0_2b.
Extends NCSI dissection to support Mellanox OEM commands.
NCSI: Use TFS for boolean mapped string and added AEN dissectors
1. Use the tfs defined in tfs.c
2. Refine the boolean mapped strings to be TFS style
3. Added dissectors for AEN
NSCI: Fixed erros with gcc 7.5.0
1. Fix compiling errors with gcc 7.5.0 under Ubuntu 18.04
2. Sloved complaints of git pre-commit hook
NCSI: Add "0x" prefix for displaying HEX values
There are codes display HEX values without prefix, added "0x" to fix that.
PCI-IDS: Added PCI ID file and python script to convert it to C codes
1. Added the PCI ID file pci.ids from https://pci-ids.ucw.cz/
2. Added pci-ids-convert.py to convert to epan/dissectors/pci-ids.c
PCI-IDS: Updated the PCI ID list to be Version 2021.01.11
NCSI: Remove trailing spaces and unused href entries
PCI-IDS: Use a fresh copy of pci.ids to generate pci-ids.c
1. Renamed pci-ids-convert.py to make-pci-ids.py
2. make-pci-ids.py uses a fresh copy of pic.ids to generate pci-ids.c
PCI-IDS: Move internal structure to C file
1. Move pci_id_t and pci_vid_index_t from header file to C file.
2. Refined the comments of pci-ids.c
3. Renamed local variable index (shadow variable) to idx
PCI-IDS: Refined binary search codes
PCI-IDS: Moved pci-ids.[ch] to epan/
Moved pci-ids.[ch] to epan/ as they ought to be
A complete dissector for Van Jacobson PPP header compression:
<ftp://ftp.rfc-editor.org/in-notes/rfc1144.pdf>
This dissector was created solely by reading the description of the
protocol in section 3.2 of RFC 1144. In particular, I did *not* read the
sample implementation of the RFC in its Appendix A, due to the
questionable legality of using code with "All rights reserved" in
Wireshark. See #12138 for details.
Closes#12138.
The Auxiliary File System Resource was added by the DVB-CI+ specification
v1.4. As a first step, this patch adds the framework for supporting the afs
resource and dissects two simple APDUs.
This is based on work by Jens Rosenboom.
Use target_include_directories instead of include_directories in a few
places as recommended at
https://cmake.org/cmake/help/latest/command/include_directories.html
Doing so lets us mark a bunch of dependency includes SYSTEM PRIVATE, in
particular LIBXML2_INCLUDE_DIRS. On macOS this keeps us from triggering
the nullability warnings described at
https://www.wireshark.org/lists/wireshark-dev/202004/msg00056.html
(This might also keep the Visual Studio code analyzer from complaining
about various Qt headers, but I haven't tested this.)
Grzegorz Niemirowski