Refer to USB Device Class Definition for Video Devices
document revision 1.5.
* bmFramingInfo is 1 byte
* Cut & Paste error for bMaxVersion label
Change-Id: Ib1221886f864a6ab9dbab70a8e5fca6482bf4267
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
(cherry picked from commit b6222766cc)
Also, take a chance to correct the comment: section 6.11.0 does
not exit in 3GPP TS 44.018. In version 15.4.0 Release 15 of
the referenced document it is 10.5.2.31 (table 10.5.2.31.1).
(cherry picked from commit 732591237b)
Corretly decode MNC if it consists of 3 digits
Change to what is called big endinan MNC
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| Filler | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 2 | MNC digit 1 | octet x+2
+---------------+---------------+
MNC of length 3:
8 7 6 5 4 3 2 1
+---+---+---+---+---+---+---+---+
| MCC digit 2 | MCC digit 1 | octet x
+---------------+---------------+
| MNC digit 1 | MCC digit 3 | octet x+1
+---------------+---------------+
| MNC digit 3 | MNC digit 2 | octet x+2
+---------------+---------------+
From 3GPP TS 29.171
7.4.27 PLMN Identity
- digits 0 to 9, encoded 0000 to 1001,
- 1111 used as filler digit, two digits per octet,
- bits 4 to 1 of octet n encoding digit 2n-1
- bits 8 to 5 of octet n encoding digit 2n
The Selected PLMN identity consists of 3 digits from MCC followed by either
- a filler digit plus 2 digits from MNC (in case of 2 digit MNC) or
- 3 digits from MNC (in case of a 3 digit MNC).
(cherry picked from commit 156f9e81fc)
Don't try to dissect bytes as string and show its value item if the
bytes field has a subdissector. And add field subdissector under field
item instead of value item.
close#16956
(cherry picked from commit 1c5d577d63)
Creating protocols with unknown length must be created to the end of the TVB
first and reined back using proto_set_len() once the length becomes known.
Not doing so can make indentification of problems harder and prevents analysis
engines like MATE from properly processing the generated protocol trees.
With this change the remaining offending dissectors are corrected for this.
Closes#16961
(cherry picked from commit 918db88055)
Systemd journal entries aren't file-type-specific; they're found in both
systemd journal entry blocks in pcapng files and in systemd journal
export files. Give it a record type, for use with both file types.
This fixes#16955.
It also means that you can open a systemd journal export file and save
it as a pcapng file.
(cherry picked from commit 889e0d5cb6)
The macOS installer works differently from the way it did when that
message was written (it's now a drag-install for Wireshark, with
separate installers for ChmodBPF and for files to add the Wireshark
binary directory to the default $PATH), and the macOS main screen now
offers a "click this to install" link, running the ChmodBPF installer,
if the user doesn't have permissions to capture. Update the message
to reflect that (although that's wrong if you directly run dumpcap or
run it via TShark - this needs to be cleaned up in some fashion).
Fix a capitalization error while we're at it.
In the code that generates the main screen message to which the dumpcap
message refers, add a comment saying that, if the main screen message
changes, dumpcap's message should also be updated.
(cherry picked from commit 4fd7983b04)
The AT response may not contain a leading \r\n, so avoid checking
for this to determine if it's a response. This characters will be
removed as a part of white space removal anyway.
(cherry picked from commit 5413331ed3)
Start the limit at 2^32-1, as we use a guint32 to store the frame
number.
With Qt prior to Qt 6, lower the limit to 53 million packets; this
should fix issue #16908.
(cherry picked from commit 639891651f)
1) Allow AVP_DEBUGGING settings to be made from Preferences, iff compiled so.
2) Flush MATE/AVP debug output once sequential packet parse has completed.
(cherry picked from commit 5b2901d090)
Cherry-pick the part of 507dd98a58 that skips over commit body checks
since they might contain extra newlines due to appending "(cherry picked
from commit xxx)".
Don't double increment the count when saving all Export Objects,
which effectively halves the maximum number allowed.
(cherry picked from commit 56e19bec49)
Instead of grabbing the set of IDBs found at open time, have a loop
using wtap_get_next_interface_description() to read all unread IDBs run
after opening the input file, after reading a packet from the input
file, and after getting an EOF on the input file.
Add a routine wtap_uses_interface_ids() to check whether the file type
and subtype for a dump file uses interface IDs and requires IDBs. If
so, in the aforementioned loop, add the IDBs to the dump stream.
Add a routine wtap_dump_add_idb() to add IDBs to a dump stream. Have it
call a file-format-specific routine to add the IDBs; the only file type
that supports it is pcapng, and it 1) writes out the IDB and 2) adds it
to the set of IDBs for the stream.
Add a wtap_dump_params_init_no_idbs() routine that prevents the IDBs
from the input file from being used to initialize the output file; use
it in cases where we're using the aforementioned loop to copy over IDBs.
Don't require any IDBs to be present when opening a pcapng file for
writing; 1) the simplest pcapng file has just an SHB in it, 2) that
requirement causes dumps that don't provide IDBs at open time to fail,
and 3) the real issue is that we don't want packets with an interface ID
not corresponding to a known IDB, and we already have a check for that.
(There are some hacks here; eventually, when everything processes the
IDBs in such a loop, we may be able to get rid of the "two favors of
dump parameter initialization" hack.)
Fixes#15844.
Addresses the same issue in #15502, but there are other issues there
that also need to be addressed.
In addition, the merge code also needs to be changed to handle this.
Fix Qt 5.15 deprecation warnings in QCustomPlot, similar to 76d92ba7e7.
Use default flags constructors instead of 0.
Use QWheelEvent::angleDelta() instead of QWheelEvent::angle().
Use QWheelEvent::position() instead of QWheelEvent::pos().
Use date::startOfDay() instead of QDateTime(date).
Use QMultiMap instead of QMap where needed.
According to [MS-FSCC] if the file has the REPARSE_TAG attribute, the
EaSize field must be interpreted as a reparse tag for the following
info levels:
* FileFullDirectoryInfo
* FileBothDirectoryInfo
* FileIdFullDirectoryInfo
* FileIdBothDirectoryInfo
From tools/check_typed_item_calls.py output:
epan/dissectors/packet-bssgp.c:655 proto_tree_add_item called for hf_bssgp_bss_area_ind - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-bssgp.c:1468 proto_tree_add_item called for hf_bssgp_unit_val - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:1469 proto_tree_add_item called for hf_bssgp_gprs_timer - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:2606 proto_tree_add_item called for hf_bssgp_unit_val - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:2607 proto_tree_add_item called for hf_bssgp_gprs_timer - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:2635 proto_tree_add_item called for hf_bssgp_unit_val - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:2636 proto_tree_add_item called for hf_bssgp_gprs_timer - item type is FT_UINT8 but call has len 3
epan/dissectors/packet-bssgp.c:3276 proto_tree_add_item called for hf_bssgp_cell_acc_mode - item type is FT_UINT8 but call has len 4
It currently wraps wtap_block_create() and wtap_block_copy(); if there
are no remaining use cases for wtap_block_copy() at some point, it can
just *replace* wtap_block_copy().
In a wtap, keep track of the first interface description not yet fetched
with wtap_get_next_interface_description() and, when
wtap_get_next_interface_description() is called, have it return that
description, as a wtap_block_t for its IDB. If there are no
as-yet-unfetched interface descriptions, return NULL; there may, in the
future, be more interface descriptions for the file, so this should be
called:
* after the file is opened;
* after wtap_read() returns TRUE, indicating that it's returned a
record (and *before* you process the record that wtap_read()
returns, as it might be the interface description for the
interface on which the packet in that record arrived);
* after wtap_read() returns FALSE, indicating an EOF or an error
return (as there might have been interfaces at the end of the
file or before the error point).
At each of those points, the caller should loop until
wtap_get_next_interface_description() returns NULL.
Not used yet (but tested with capinfos, which found a reason why you
have to wait until the end of the file before processing the interface
information - there's now a comment in the code giving that reason).
This will probably be used in the future.
Add support internally to using iconv (always present with glib) to convert
strings from various encodings to UTF-8 (using REPLACEMENT CHARACTER as
recommended), and use that to support GB 18030 and EUC-KR. Replace call
directly to iconv in ANSI 637 for EUC-KR to new API. Update comments
and documentation around character encodings. It is possible to replace
the calls to iconv with an internal decoder later. Tested on Linux and
on Windows (including with illegal characters). Closes#16630.
For WPA security association (SA) entries are created on sucessful
PTK derivation from 4-way handshake frames. WEP though don't use
4-way handshake frames for key derivation and therefore no SA entry
is created. Still WEP decryption implementaton expects to find
an SA otherwise the decryption is skipped.
Fix broken WEP decryption by removing the check for an existing SA
entry and instead form the SA on first successful decryption.
Add also a test for WEP decryption.
Fixes: v3.3.0rc0-1263-g099d241046 ("dot11decrypt: Avoid allocating SA on packet decryption")
The SOCKS dissector temporarily changes the pinfo values for destport
or srcport, so it should get the tcp_conversation_data after doing so
before recursively calling the TCP dissector again. Otherwise the TCP
dissector will be confused about whether a TCP multisegment PDU is in
progress or not, causing failure to lookup and store fragments correctly,
including both failed desegmentation and failed asserts (when it expects
an entry in the table which isn't there, as it was stored under a different
port number.) Fixes#16646.
Gerald Combs
Sylvain Munaut
Vadim Yanitskiy