For unsecured and signed data, the dissector uses a dissector table to
determine the next dissector. It uses the psId field to index the table.
In the case no psId is provided inside, the caller can set a default
psid if it is provided beforehand. If none is provided, data are not
dissected.
Change-Id: I6f9d6989cd87dd373a155a5b893c460344a0c857
Reviewed-on: https://code.wireshark.org/review/31237
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I decided that packet-z3950.h was unnecessary at this time, but I didn't eliminate all trace of it.
Change-Id: Iaff41e143bac6bf42779de49f7390ac129cef3e1
Reviewed-on: https://code.wireshark.org/review/31288
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In some cases (e.g. when a field has a user defined dissection function)
the type reported for this field is a 'virtual' one and the latter is not
contained in selt.type. Consequently, BASE_VAL64_STRING is not set.
Function eth_get_type_attr should return all the attributes of a type and
it seems resonable to expect it to return the BASE_VAL64_STRING. This
will solve the above mentioned error and may solve any possible issue in
other parts that call this function.
Change-Id: Iaee9ce5bd30f2a768cfcecf628df23bf1ed54e55
Reviewed-on: https://code.wireshark.org/review/31287
Reviewed-by: Michael Mann <mmann78@netscape.net>
Per [MS-SFU] 2.2.2 PA_S4U_X509_USER in AS-REQ consists of
the certificate data instead of the corresponding struct.
Also, the subject-certificate field in the struct consists
of the certificate data as well, so let's decode it as such.
Change-Id: I6f03a66eac74b7d42c0893f63cab772d8ddcb803
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/31279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
cmdarg_err() is for reporting errors for command-line programs and
command-line errors in GUI programs; it's not something for any of the
Wireshark libraries to use.
The various routines for parsing numerical command-line arguments are
not for general use, they're just for use when parsing arguments.
Change-Id: I100bd4a55ab8ee4497f41d9651b0c5670e6c1e7f
Reviewed-on: https://code.wireshark.org/review/31281
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
PsId and ITS-AID are defined in several documents and listed in
ieee1609.12. Put these definitions in ieee1609.2 ASN1 definition and
export it so that GeoNetworking and wsmp dissectors may use it.
Change-Id: Ia3ac181a4c9092b555decb3ee7c5e78adcece5c0
Reviewed-on: https://code.wireshark.org/review/31236
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of Metro Ethernet Forum specification of Implementation
Agreement for the Emulation of PDH Circuits over Metro Ethernet
Networks [MEF 8]. This includes the introduction of a RTP shim header
dissection function, as is not uncommon in PW and CES services.
Signed-off-by: Jaap Keuter <jaap.keuter@aimvalley.nl>
Change-Id: I6de81007ce11793cd5352fadadd80d3f6f45ae0d
Reviewed-on: https://code.wireshark.org/review/31239
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Accept version value 1 for geonetworking, dissect last 4 bytes of SHB
and traffic class as per EN 302 636-4.
Change-Id: I254e48f888aae063d2f4b5178c2e0eadc839f8ea
Reviewed-on: https://code.wireshark.org/review/31245
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "Please report this to us" and "Please report this to whoever wrote
the program that's writing to the pipe" secondary error messages. Use
the latter for most of the errors, as the most likely cause is that the
program writing to the pipe is messing up somehow.
If we don't recoginze the first 4 bytes of the file, say "Data written
to the pipe is neither in a supported pcap format nor in pcapng
format." - it's not necessarily a pcap file.
Speak of "pcap" rather than "libpcap" format - it's not completely tied
to libpcap (although two of the libraries not called "libpcap" that read
it are basically libpcap+a Windows driver+a library for the Windows
driver, at this point), and the suffix generally used it ".pcap".
Change-Id: Ifb5518af5cade788294c93a7ac416893f57f6bc8
Reviewed-on: https://code.wireshark.org/review/31273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the images and descriptions for the packet list, column header
popup, packet list popup, and packet detail popups.
Add images and descriptions for the byte view popup.
Use title case in more places.
Change-Id: Icf3af426c97c6e7cf97dee377c20039b7b8791ce
Reviewed-on: https://code.wireshark.org/review/31271
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When UINT64 contains value strings, in addition to using VALS64 to give
the list of names, the type of the structure has to be val64_string and
the display parameter has to be ORed with BASE_VAL64_STRING.
Change-Id: I0a619c91027df1eaae8209ada816f45b85d6431d
Reviewed-on: https://code.wireshark.org/review/31268
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use consistent capitalization and whitespace. Remove library names from
find_library that are unsuitable. No functional change intended.
Change-Id: Ic40516542777d768b6eef656fe5c0a0af143fb7e
Reviewed-on: https://code.wireshark.org/review/31264
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Upgrade to GnuTLS 3.6.3-1, using MinGW binaries from Fedora 29 packages:
mingw64-gnutls-3.6.3-1.fc29.noarch.rpm
mingw64-gcc-8.2.0-3.fc29.x86_64.rpm
mingw64-gmp-6.1.2-4.fc29.noarch.rpm
mingw64-nettle-3.4-2.fc29.noarch.rpm
mingw64-p11-kit-0.23.7-5.fc29.noarch.rpm
mingw64-libffi-3.1-4.fc29.noarch.rpm
mingw64-libtasn1-4.13-3.fc29.noarch.rpm
mingw64-winpthreads-5.0.4-2.fc29.noarch.rpm
This includes libgcc_s_seh-1.dll (64-bit, new) and libgcc_s_sjlj-1.dll
(32-bit, previously included with glib2).
Built with
https://git.lekensteyn.nl/peter/wireshark-notes/tree/windows-libs/make-gnutls-libs-zip.sh?id=b86878e458d5d7deb21218ce6598b98af4ed7ec2
The main motivation is improved PKCS #11 support:
- 3.6.0: fix potential compatibility issue with SafeNet HSMs
https://gitlab.com/gnutls/gnutls/merge_requests/398/
- 3.6.2: gnutls_pkcs11_token_get_flags now forwards token info.
- 3.6.3: new APIs for low-level PKCS #11 token or object operations.
Change-Id: I235774e3b27f3426cb74d3d9c0ab593d06870e89
Reviewed-on: https://code.wireshark.org/review/31128
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use proto_tree_add_item (and friends) instead of a protocol specific
wrapper for integer types
2. Create #defines for command IDs and properly sort them in the their value_string
3. Improve heuristics for command specific parameters to reduce false positives
4. Use length value in TLV for strings
5. Remove "sub tvb" creation. The tvb passed into the pdu should be used.
6. Use proto_tree_add_bitmask_list and proto_tree_add_bitmask_list_value where applicable
7. Allow empty fields for vendor-specific TLVs.
8. Treat version fields as FT_UINT8 and use format with BASE_CUSTOM
9. Condense all command response codes to a single range_string.
Bug: 5206
Bug: 15267
Change-Id: I49751d287af1ebb9e27ae7463c08f4724ee60c07
Reviewed-on: https://code.wireshark.org/review/31267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Heuristic is weak, but length of packet should be non-zero.
Change-Id: I68d6d85092c84d5d421731be3ada008fe7a5b06f
Reviewed-on: https://code.wireshark.org/review/31266
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Protects against some false positives because by default GSM over IP
claims some "frequently used" ports.
Change-Id: I94736ecef8ac1422bb330a364a3f77edd9a52a2b
Reviewed-on: https://code.wireshark.org/review/31265
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The third URL works, but let's go https: for it. The other two don't.
Line-wrap another part of the comment while we're at it.
Change-Id: I744770c859b317ace2a71e82f86e2419b6d7ef2b
Reviewed-on: https://code.wireshark.org/review/31276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Thanks for killing off a bunch of comment mechanisms, not saving the
old comments and placing them somewhere useful, and not even allowing
the Wayback Machine to archive at least some of those sites, Microsoft.)
Change-Id: Ie4258250a0176a56ee33be77604acf43c6886e0f
Reviewed-on: https://code.wireshark.org/review/31274
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Class TrafficTableTreeWidget is used by the conversation and enpoint
dialogs, both of which are subclasses of WiresharkDialog.
Those dialogs use WiresharkDialog::registerTapListener() to register tap
listeners. When the dialog is closed, those listeners are removed by
WiresharkDialog::removeTapListeners().
TrafficTableTreeWidget's destructor tries to remove its tap listener a
2nd time after WiresharkDialog did its cleanup. This causes warnings
Warn remove_tap_listener(): no listener found with that tap data
Don't call remove_tap_listener() from TrafficTableTreeWidget's
destructor. The destructor is now empty and can be removed completely.
Change-Id: I3143fa1c5116203f4a0be791bd4c5f08135aefb0
Reviewed-on: https://code.wireshark.org/review/31259
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use consistent lowercase capitalization and whitespace. Windows: clarify
libgpg-error names and remove libgcc_s (1.7.6/1.8.3 do not need it).
Change-Id: I5d1b1a67f7a992ccfca4c28d0e19bbbfc41b7a4d
Reviewed-on: https://code.wireshark.org/review/31244
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
FT_(U)INT64 are restricted to integer types only currently.
Do not use VALS64() for other types.
Change-Id: Id2299a9291c53ef246b90d732eb84811510ccb85
Reviewed-on: https://code.wireshark.org/review/31257
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This reverts commit 5953756305.
The public API should not be polluted with Windows-specific hacks. As we
already override dofile/loadfile, those should be fixed instead.
Ping-Bug: 15118
Change-Id: Ia9d5e64e8ef14032f982f695ffd4cac59067bb17
Reviewed-on: https://code.wireshark.org/review/31134
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
VALS generation did not take into account the constraints on integers.
We now generate VALS if no constraints are present and VALS64 if the
interger needs 64 bits.
Change-Id: Ia044ee1ba1bd5b45554c19a458876e20110b1b7f
Reviewed-on: https://code.wireshark.org/review/31252
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Purely cosmetic, show the various VC redist paths using the native
format.
Change-Id: I96d0b088f703e3e8dea6623ec258139eff066d90
Reviewed-on: https://code.wireshark.org/review/31251
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for loading RSA private key files from PKCS #11 tokens,
identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can
dynamically load PKCS #11 provider libraries that are not found by
p11-kit.
The configuration GUI will need additional code to discover available
PKCS #11 tokens and will be added later.
This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows,
macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7.
Currently macOS via official packages disables PKCS #11 support, so that
will also not work.
Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66
Reviewed-on: https://code.wireshark.org/review/30855
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reloading Lua plugins did not actually remove registered FileHandler
instances which resulted in a use-after-free of lua_State. Fix this by
tracking instances and release them in wslua_deregister_filehandlers.
Other required fixes to allow reregistration after reloading:
- Fix END_FILEHANDLER_ROUTINE not to block all new registrations.
- wtap file subtypes are apparently persistent, even after
"unregistering". Fix this by looking up the previous subtype that
matches the FileHandler short name. Add a small sanity check to
wtap_register_file_type_subtypes to prevent internal handlers from
being overwritten.
This patch creates a potential memleak of registered_file_handlers as
wslua_deregister_filehandlers is not called on program exit (yet?).
Bug: 13264
Change-Id: I4f5935cde6ff8dc4de333359bad3efca96d4fb9b
Reviewed-on: https://code.wireshark.org/review/31068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Check for potential Unicode-related problems on Windows.
Change-Id: I147c07749c5073a9ae00f07914dd80347d17c40f
Ping-Bug: 15118
Reviewed-on: https://code.wireshark.org/review/31154
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lua internally uses ANSI C APIs (such as fopen). On many systems (macOS
and Linux for example) these work fine with UTF-8. Windows however
requires special Unicode APIs (such as _wfopen), so patch the Lua
library to interpret paths are UTF-8 and call appropriate Unicode APIs.
Changes compared to the previous LuaBinaries zip archive:
- Patched with UTF-8 support for loadfile, os.execute, etc.
- Built with VS 2015 (VCRUNTIME140.dll) instead of MinGW (MSVCRT.dll).
- Includes PDB file for lua52.dll
- Includes lua52.exe and luac52.exe with UTF-8 argv support (wmain).
- Includes build scripts, source files and README.md.
- Extra subdirectory named after the zip file.
These zip files are taken from https://github.com/Lekensteyn/lua-unicode
(the "prepared" source zips can be found here as well.)
Bug: 15118
Change-Id: I219f046d6e0fd5093287b5d6503a48ba7d1fc6a4
Reviewed-on: https://code.wireshark.org/review/31165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add interface name (colon delimited) to SP_DROPS ('D') message so when dropped
packets are outputted, they include the interface name for clarity.
Bug: 13498
Change-Id: I68cdde4f20a574580f089dc5096d815cde5d3357
Reviewed-on: https://code.wireshark.org/review/31218
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Get rid of an extra blank line in a comment.
Change another comment to refer to "error packets", as we do elsewhere.
Fix indentation.
Change-Id: I4d81b8856ea876f20914352f962b1df0e115404c
Reviewed-on: https://code.wireshark.org/review/31241
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The callsign was being truncated to 7 letters.
This affects the following fields:
- I004/100#01.AN
- I004/170#08.MS1
- I004/170#08.MS2
- I025/020.SD
- asterix.AI, which is included in:
-- I021/170
-- I048/240
-- I062/245
-- I062/380#02
-- I062/380#03_v0_17
Change-Id: Idbbb3891d96e906053fc1f0c447e37bae87d207a
Reviewed-on: https://code.wireshark.org/review/31230
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of length determinant in the value returned for psid. Length
determinant is not part of the value.
This helps comparison with other protocols possibly containing a psid
also.
Change-Id: I2bd93bd6849f8bfa686f0574f05b0a65f587e4ad
Reviewed-on: https://code.wireshark.org/review/31235
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This keeps it in the same resolution as the dns.time field.
Ping-Bug: 15382
Change-Id: Ibacf8761819c0fac2e87fa147f7381336ce5cb39
Reviewed-on: https://code.wireshark.org/review/31223
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4234
Change-Id: Ibd59809b2dd9890a7851eb57ef7af384e280a74b
Reviewed-on: https://code.wireshark.org/review/31222
Reviewed-by: Michael Mann <mmann78@netscape.net>
The total maximum length of the APN with Network Identifier and Operator
Identifier is 100 bytes.
Bug: 15383
Change-Id: Ib74eac1f18f2235c2788e58370f50eeb9a678357
Reviewed-on: https://code.wireshark.org/review/31225
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>