Add a "_loop" header field also when processing attributes
Change-Id: I109b34d8f6cb8fbf3c38dc09f58b740b4d96436b
Reviewed-on: https://code.wireshark.org/review/33460
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
While the actual power parameters are vendor specific and can't be
dissected the mere _presence_ of the MS/BS Power Parameters IE itself is
rather important, since it implies that dynamic MS/BS power control is
active, and does therefore have an impact upon the interpretation of the
(preceding) MS/BS Power IE, too.
Change-Id: I0c6f73ca41d63887a52dcde05b59d5177971f1d0
Reviewed-on: https://code.wireshark.org/review/33439
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Display the default strings in all contexts where usb.bDescriptor is used.
Change-Id: I9f4479ccc0664585fc259927c0b2ee1149b02454
Reviewed-on: https://code.wireshark.org/review/33368
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
By providing such a file, we give the users a basic toolbox
of macros. At the moment 3 macros have been added, for private
mac addresses, as well al IP v4 and v6.
Change-Id: Icc33efce437adef00e268172c184c8b52167df23
Reviewed-on: https://code.wireshark.org/review/33449
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
the 'x_octetx' variables were removed a few years back, replace them with get_CDR_xxx()
Change-Id: I8cf3410d8a152c834e7019f7d1d80de3798530c3
Reviewed-on: https://code.wireshark.org/review/33457
Reviewed-by: Gerald Combs <gerald@wireshark.org>
add a mode to ignore a few optimisations in favor of working output
Change-Id: I875cec5a80e9449e9fd954d4ff6a21e5b128db5e
Reviewed-on: https://code.wireshark.org/review/33459
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wireshark_gen goes into an infinite recursion if it encounters a multi-level
alias, this is prevented
Change-Id: Icec678fb326b7c14344dc6df51015dad980587a9
Reviewed-on: https://code.wireshark.org/review/33458
Reviewed-by: Gerald Combs <gerald@wireshark.org>
convert the "DEBUG" constant to a command line parameter
Change-Id: I7f873d85fa053cb9298bd03444125d0160ef4640
Reviewed-on: https://code.wireshark.org/review/33456
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The code can be called by the GUI, outside of the scope validity.
Bug: 15810
Change-Id: I1f394cb3d1f978d6e99fe15d8238153aad62ebee
Reviewed-on: https://code.wireshark.org/review/33499
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This reverts commit 13c5960a2c.
Based on the features that needs integration of "multi-selection" (which this change introduced), it seems that there will be fair amount time and code changes required in packet_list.cpp and possibly other files.
I am reverting this change from the master branch so that people can still continue to use features with single-selection.
Meanwhile, Stig B and others ready to test can import this change to verify which features are missing integration and/or integrated correctly. Once the feature set integration is complete and there is fair amount of approval from all of you, the core committers can decide on it.
Change-Id: I106fd3c54350dd0fd85fc44743e7f5321cb04110
Reviewed-on: https://code.wireshark.org/review/33454
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update dissect_iso7816_class() to return 1 only if both APDU structure
and coding are compliant with ISO 7816. In this case, the iso7816 dissector
can continue dissecting the APDU.
Change-Id: I73d4246fbc234779fceb337c788dd0b680102d61
Reviewed-on: https://code.wireshark.org/review/33480
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the range strings for the ISO 7816 class byte were not correct.
Update them to match the ISO 7816 specification.
Change-Id: Ieae7baac7e2428293525dd940eddc6bf5406a446
Reviewed-on: https://code.wireshark.org/review/33479
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check whether the byte count includes the padding before skipping it; it
may not be present (at least not if this is at the end of the byte
parameters).
Change-Id: I4385a4713cb6813a6e8519005288d6ef5a28f028
Reviewed-on: https://code.wireshark.org/review/33493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The file name doesn't appear to be padded, and may have a 1-byte null
terminator (yes, 1 byte, according to MS-CIFS) at the end, not included
in the file name length.
Change-Id: I8510434b3b5aec092290697c336924d6ff6be763
Reviewed-on: https://code.wireshark.org/review/33486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to MS-CIFS:
1) the file name is not one of those "buffer format followed by
a string" fields, it's just a string, so there's no buffer
format field;
2) it's always in ASCII, so ignore the "Unicode strings" flag.
Note that, for the *request*, the *directory* name isn't claimed to
always be ASCII, so honor the "Unicode strings" flag there.
Change-Id: I495b7be8257d941ccf4b45126a44d25cf0ab2c12
Reviewed-on: https://code.wireshark.org/review/33482
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sometimes there appears to be an extra byte before that field; try to
catch some of those cases.
Expand comments discussing various weirdness with that field, including
a note that clients might not pay any attention to it, so maybe we just
have buggy servers talking to clients that don't care about those
particular bugs.
Change-Id: I4d35d2e2c475d4da37debedfed31b891e6f3cfa8
Reviewed-on: https://code.wireshark.org/review/33481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Note, for all of the different word count values, what protocol or
protocols it represents.
(If we have the Negotiate request, and can thus determine which protocol
was selected based on the set of protocols the client was willing to
accept, should we verify that the server selected a protocol for which
the given word count value was used, and add an expert info if it
didn't?)
Change-Id: I95ad4b1245bf2a04fdef4746815352967d8ac0a6
Reviewed-on: https://code.wireshark.org/review/33475
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It *should*, but a malicious or otherwise malformed packet might not
have them. One of them is the file name length; if it's missing, we
can't dissect the file name, as we don't know how long it is.
Change-Id: Ie259e2d8ec65f5d53d466382d89889902495d2c8
Reviewed-on: https://code.wireshark.org/review/33467
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Display the data in a PLP chunk as just raw bytes, and reassembled all
the chunks and extract the value from the reassembled data.
Showing the chunks as strings doesn't necessarily work - if the string
is an NVarChar string, a chunk might well have an odd number of octets,
meaning you're splitting one of the 16-bit UTF-16LE items in half.
Reassembling handles that, as well as just, in general, showing the
actual value rather than pieces of the value.
If the column is a string, append its value to the top-level item, just
as we do for non-PLP strings.
Also, if a length value was specified, report an error if it doesn't
match the total length of the reassembled chunks.
Change-Id: Iab80da052eb363ee08cd518afbe2556a5ab740b9
Reviewed-on: https://code.wireshark.org/review/33466
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Starting from ArubaOS 8.6.0.0 all 11n, 11ac and 11ax APs are
expected to support type 6 ap packet captures which will be
decoded using the radiotap dissector.
Change-Id: If9e9488271965116e807adbbcf92b9c5e4fb2ac4
Reviewed-on: https://code.wireshark.org/review/33451
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add dissector for all messages of Bluetooth Mesh Foundation models.
Bug: 15797
Change-Id: Ife831fe24bbbcaf2e99c9bff69b24c0d4fe2d1de
Reviewed-on: https://code.wireshark.org/review/33361
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jonas Jonsson <jonas@ludd.ltu.se>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissect the two parameter bytes p1 and p2 for the read record message.
Usually, p1 contains the record number and p2 defines that we want to
read exactly this record in the currently selected file.
Change-Id: I34586d6cfd4293120416507ef1613b9f3278d0df
Reviewed-on: https://code.wireshark.org/review/33448
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Remove the plural. The specification documents use "read record" as well.
Change-Id: Ib7a77f33e2bb0c59720be3e8e89da6be1cd9afd0
Reviewed-on: https://code.wireshark.org/review/33447
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The v2.5.0rc0-478-g558fe23226, the dissection of ip.frag_offset changed
to be listed under "Flags", this is not correct. The Fragmentation
Offset is a separate field according to the RFC. This change corrects
that behavior. Also, the raw value from the header was shown instead of
the real byte offset, this is also corrected.
Change-Id: I1d6dfc4314091eb6f3eef418c5a17ed37f7a1200
Fixes: v2.5.0rc0-478-g558fe23226 ("[IP] Simplify paring of flags field by using proto_tree_add_bitmask_with_flags().")
Reviewed-on: https://code.wireshark.org/review/33422
Petri-Dish: Sake Blok <sake.blok@SYN-bit.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
The first L2CAP PDU fragment starts with the 4 octet long L2CAP header
consisting of the Length and the CID fields. The Length field doesn't
include the header itself. Thus the Length field in the BLE Data header
will be 4 octets larger than the L2CAP PDU header Length field if the
packet wouldn't be fragmented.
The current implementation doesn't correctly detect the start fragment
causing reassembly to fail as it compares the BLE Data Length with the
L2CAP Length without compensating for the header.
By increasing the L2CAP PDU Length field with the header length the
reassembly works.
Rename the variable to better reflect what length it actually
represents.
Bug: 15807
Change-Id: Idcb6bdccc4daae756a63a9bae0839fe25ae99f23
Reviewed-on: https://code.wireshark.org/review/33428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The URL's used to access the repository with git should not be hyperlinks in
the documentation. These are not intended to be used by a webbrowser.
Change-Id: I2d516f823e58681474f6a2a9e2e229471fbc87f6
Reviewed-on: https://code.wireshark.org/review/33423
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Ubuntu 16.04 uses an older GCC version which produces some errors in compiling. Updating
to Ubuntu 18.04 solves these issues as it is using a more recent GCC version (7.4.0).
Change-Id: Ia62bb60d3549b7e12ab82abfa5e8751e474bb701
Reviewed-on: https://code.wireshark.org/review/33424
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
Text smells of CVS/SVN heratige.
Change-Id: I37c3309781f49149b2603ae32087ed01363460ee
Reviewed-on: https://code.wireshark.org/review/33421
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When we reassemble I-blocks, we pass the payload to fragment_add_seq_next.
To do so, we use the overall iso14443 tvb, an offset and the payload length
as parameters.
We then call process_reassembled_data to do reassembly. If the I-block was
not fragmented, process_reassembled_data returns the only fragment + the
rest of the packet after this fragment.
This might be a misunderstanding on my part or something to be fixed in the
reassembly routines. For now, we work around this by defining a new tvb for
the data we submit to fragment_add_seq_next.
(I ran into a similar issue years ago for DVB-CI. Add a comment about this.
If it turns out that there's a better way to fix this, we should be fixing
both dissectors.)
Change-Id: Id83ab152529a5150669df3099df6f60be7a3a723
Reviewed-on: https://code.wireshark.org/review/33355
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check whether the unfolded-and-compacted header has only printable
characters, not whether the full header does - the full header may
include LWSP, which includes HT, CR, and LF, none of which are
considered "printable", so valid headers were being treated as not being
headers, causing mis-dissection of some packets.
We don't need to split the header name from the value -
is_known_multipart_header() stops comparison at the end of the header
name.
Change-Id: I96e4ac0b69df726b984ee7faeea19eda18be223c
Reviewed-on: https://code.wireshark.org/review/33417
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
This results in GET DESCRIPTOR Request HID Report entries to be properly
grouped under the URB setup instead of being directly added to top level
tree.
Rename tree from "URB setup" to "Setup Data" to better match the
terminology used in USB specification.
Change-Id: If9ef7cea86b51c0c63680c424d7f45d7dd38249b
Reviewed-on: https://code.wireshark.org/review/33408
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mark undecoded data in endpoint descriptors with expert info.
Bug: 15798
Change-Id: I392da00205274fb3f5eb947a54ba424d1edb041b
Reviewed-on: https://code.wireshark.org/review/33386
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Yannik Enss
Eric Wild