Since fe94133f0d ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
COContainerContent dissects PDInterfaceMrpDataAdjust and
PDInterfaceMrpDataAdjust dissects remaining COContainerContent
because of offset problem. Offset problem is fixed.
Use tvb_captured_length() instead of returning integer offset.
Otherwise, the packet is marked as malformed and the rest of the
packet is not processed.
Don't handle request/response tracking when pinfo->flags.in_error_pkt
is set (DNS packets contained within ICMP/ICMPv6 error packets).
Fix: wireshark/wireshark#15036
Have it return WTAP_FILE_TYPE_SUBTYPE_UNKNOWN, rather than an
undecorated -1, if the hash table lookup fails.
Check for that as a return value, and pop up a "file an issue" dialog if
WTAP_FILE_TYPE_SUBTYPE_UNKNOWN is returned.
This should squelch Coverity CID 1473325; the error Coverity reports is
bogus, as negative file type/subtype values are check for before we try
to use them as suffixes, but this should catch the "this should not
happen" case that caused the error to pop up.
Dissect client hello SRP extension to extract SRP username.
Decryption is already supported by SSLKEYLOGFILE's client random
and pre-master secret. Add ciphers to decryptable cipher list
so that a decoder is created.
This merge request adds:
* Decoding of ProtocolID and PPID in Component Status Protocol dissector.
* Moved SCTP PPID list from SCTP dissector into separate file sctpppids.c,
due to reuse in Component Status Protocol dissector.
* Export of sctpppid_val_ext containing the PPID list.
Some DVB-CI messages contain a file that can be dissected by the mime-encap
dissector. mime-encap adds itself to the protocol column. We already set a
fence, but things still look messy:
DVB-CIMIME_FILE
This patch adds ", " before the fence and "Data" afterwards. If mime-encap
is enabled, it'll overwrite the Data with its protocol name
DVB-CI, MIME_FILE
If mime-encap is disabled, the embedded file will be handled by the data
dissector, who doesn't touch the protocol column. So we keep
DVB-CI, Data
Note that we use EditorConfig in the WSDG and README.developer, and that
you should make sure your editor uses it. Recommend 4 space indentation
more strongly. Ping #17253.
Reorder and reword the coding style sections of each document while
we're here.
from the earlier version C37.237-2011. The previous version of this
standard, IEEE Std C37.238-2011, separated grandmaster time inaccuracy
and what was then called NetworkTimeInaccuracy into two fields. The
first, grandmasterTimeInaccuracy, was located immediately before
totalTimeInaccuracy in this version (now a reserved field). The second,
networkTimeInaccuracy, was located where totalTimeInaccuracy is now
found.
Those are used by more than one file type, so we should provide a block
type for them. (We don't *currently* use that block type, or the packet
block type, but this makes them available for future use.)
Check to make sure the value is non-negative and less than the number of
file type/subtypes.
Make it clearer than one check is unnecessary:
* pull wtap_dump_open_check() into wtap_dump_init_dumper(), so it's
clear that wtap_dump_init_dumper() ensures the validity of the file
type/subtype value early on (wtap_dump_can_open() fails if it's not
valid);
* pull wtap_dump_alloc_wdh() into wtap_dump_init_dumper(), so that the
allocation and all the initialiation is done there - that makes it clear
that it sets the file_type_subtype member of the wtap_dumper structure
before wtap_dump_init_dumper() returns;
* have wtap_dump_open_finish() use that value rather than being passed
the type/subtype value explicitly, so it's clear that it's dealing with
a validated value.
In Git protocol, a pkt-line consists of a 4-hexdigit pkt-length,
followed by several bytes of pkt-data. The pkt-length represents the
length of the entire pkt-line including the length field, so for an
ordinary pkt-line the length is always >= 4. This allows the protocol
to use values less than 4 as special values --- for example, 0000 is a
so-called flush-pkt, representing the end of a command.
There's one particular pkt-length value that should never appear: 0003
is not >= 4 and is not a flush-pkt, delim-pkt, or response-end-pkt, so
it is not permitted in Git protocol. Currently the dissector handles
this case by returning length 0 so it doesn't show up in wireshark as
Git protocol. Better to treat it as Git protocol and add expert-info
describing what is wrong in case it shows up in a corrupt capture.
Part of #17093. Based on a hint from Pascal Quantin at [1].
[1] https://gitlab.com/wireshark/wireshark/-/merge_requests/1946#note_515567051
Regression introduced by b287e7165e.
To avoid an infinite loop with malformed packets, that commit stops
parsing the tags list after finding an unknown tag.
When this "unknown" tag is perfectly valid but not supported by
Wireshark, we don't decode any subsequent (valid) tags anymore.
GQUIC is going to die soon and it is quite unlikely it will change in
the next future. Therefore the best/quick solution is simply decoding
any valid tag.
Close#17250
It only registers one file type/subtype, so rename it to
wtap_register_file_type_subtype().
That will also force plugins to be recompiled; that will produce compile
errors for some plugins that didn't change to match the new contents of
the file_type_subtype_info structure.
Also check to make sure that the registered file type/subtype supports
at least one type of block; a file type/subtype that doesn't return
*any* blocks and doesn't permit *any* block types to be written is not
very useful. That should also catch most if not all other plugins that
didn't change to match the new contents of the file_type_subtype_info
structure.
Don't make errors registering a file type/subtype fatal; just complain,
don't register the bogus file type/subtype, and drive on.
The second argument is the file type/subtype, and the third argument is
the file descriptor, according to the function declaration and all the
calls to it. Make it so in the function definition.
Fixes Coverity CIDs 1473314 and 1473312.
Register the pcap and pcapng file types/subtypes rather than hardwiring
them into the table.
Call the registration routines for them directly, rather than through a
generated table; they're always supposed to be there, as some code in
Wireshark either writes only one of those formats or defaults to writing
one of those formats. Don't run their source code through the
registration-routine-finder script.
Have the file type/subtype codes for them be directly exported to the
libwiretap core, and provide routines to return each of them, to be used
by the aforementioned code.
When reporting errors with cfile_write_failure_message(), use
wtap_dump_file_type_subtype() to get the file type/subtype value for the
wtap_dumper to which we're writing, rather than hardcoding it.
Have the "export PDU" code capable of supporting arbitrary file
types/subtypes, although we currently only use pcapng.
Get rid of declarations of now-static can_write_encap and
dump_open routines in various headers.
dissect_pkt_line takes an `offset` parameter (passed by reference) to
allow parsing multiple pkt-lines from a single tvbuff. Currently the
only caller passes an offset of 0, so reading from `0` happens to do
the right thing, but that is about to change when [1] adds support for
dissecting multiple pkt-lines in a buffered HTTP request or response.
Part of #17093. Noticed by Joey Salazar and explained by Pascal
Quantin.
[1] https://gitlab.com/wireshark/wireshark/-/merge_requests/1946
These will be backported, for the benefit of Lua scripts that want those
specific file types/subtypes (typically in order to write files of those
types); that allows those types to be fetched without having to know the
right string to hand to wslua_wtap_name_to_file_type_subtype().
"i" and "j" are too similar, so it's easy to use the wrong one if you're
using both as array indices and not easy enough to notice the mistake.
Use somewhat more meaningful names when we fix the index.
Fixes#17252.