dissector shows "Unknown command" for many packets summary despite
being able to dissect it properly in the tree item added in that
function. Add offset to match the tree item offset few lines below.
After the recent updates, the `process_app1_segment` function has grown very
large. Split it into three functions and make some extra improvements:
* Indent continuation lines consistently.
* Give variables more descriptive names (e.g. no more `val_16`, `val_32`).
* Remove the need to do arithmetic with the `tiff_start` (and the variable
itself) by using a subset TVB for the TIFF data.
* Remove unnecessary return values.
* Make miscellaneous style improvements.
There should be no difference in behavior, except that the error message
associated with `ei_next_ifd_offset` now shows the correct number (previously
the number was `offset + tiff_start`, when it should have been
`offset - tiff_start`; with the removal of `tiff_start` this bug got fixed
by itself).
The row number to lookup in the stat table is the index retrieved
from my_try_val_to_str_idx, not the original message type.
Ticks the counts in the correct rows of the stats table, and
prevents failed assertions and program halt in stat_tap_ui.c when
getting a message type with a number greater than the number of
rows in the table.
These display bases work to replace unprintable characters so the
name is a misnomer. In addition they are the same option and this
display behaviour is not something that is configurable.
This does not affect encodings because all our internal text strings
need to be valid UTF-8 and the source encoding is specified using
ENC_*.
Remove the assertion for valid UTF-8 in proto.c because
tvb_get_*_string() must return a valid UTF-8 string, always, and we
don't need to assert that, it is expensive.
Since we now support ISO 8601 Basic format, have asn2wrs.py
convert GeneralizedTime fields in BER to FT_ABSOLUTE_TIMEs and use
the new common code to convert them. This means that the fields
can be compared with other time fields in filters, etc.
These were recently added to the DRBD protocol. See the following
commits at https://github.com/LINBIT/drbd-headers:
098b1fdcdbaa introduce new P_RS_CANCEL_AHEAD
e5d5e6fa9af7 add P_DISCONNECT to stop connect-attempts
1681c4b0166e add dagtag resync request packets
MBIM_CID_MS_UICC_ATR
MBIM_CID_MS_UICC_OPEN_CHANNEL
MBIM_CID_MS_UICC_CLOSE_CHANNEL
MBIM_CID_MS_UICC_APDU
MBIM_CID_MS_UICC_TERMINAL_CAPABILITY
MBIM_CID_MS_UICC_RESET
Also fixed a minor bug in MBIM_CID_BASE_STATIONS_INFO
Add dissectors of sensors and generic properites from Mesh Models document. All opcodes from Mesh Models 1.0.1 are now dissected, but not all Mesh Properties are dissected. Closes#17734.
After refactoring in an old patch some features were moved into new
functions starting with proto_reg_handoff. This was wrong and is
corrected by this patch.
Move epan_memmem() and epan_strcasestr() to wsutil/str_util.
Rename to ws_memmem() and ws_strcasestr(). Add compile time
check for a system implementation and use that if available.
We invoke those functions using a wrapper to avoid exposing
_GNU_SOURCE outside of the implementation.
Just break out of this loop if we wraparound sequence numbers in
the middle of a segment. That guarantees that the sequence of lookups
in the tree with _le will terminate at some point. This probably
makes the dissection a little worse in a few cases with sequence
number wrap around but non erroneous sequence numbers, so a more
complete fix would be ideal. Fix#17749, at least the infinite loop.
Add an UAT for configuring fake headers according to the server port, stream
id and direction of the long-lived stream that we start capturing packets
after it is established. That helps to parsing the DATAs captured subsequently.
A testcase also added.
close#17691
The RTMPT dissector when over TCP reuses the TCP sequence numbers, so
it needs to consider wraparound, which can occur both with the
tcp.relative_sequence_numbers preference set to FALSE, or in some
unusual cases (such as a SYN packet with a bogus sequence number so
that later packets overlap its sequence number.)
Change a sequence number comparison to use the wrap around aware
macros from packet-tcp.h Fix#17745.
The original MACsec capability value strings do not reflect the
IEEE 802.1X specification (2010 or 2020).
For example: IEEE 802.1X says for value 2:
"‘Integrity without confidentiality’ and ‘Integrity and
confidentiality’ with a confidentiality offset of 0"
The packet-mka.c value string for 2 says:
"MACsec Integrity with no confidentiality offset"
The updated value string now shows that integrity and
integrity+confidentiality are supported.
A number of protocols have IDs that can be reused that are used as
lookup keys. In most cases the frame number should be used as well
to differentiate repeat appearances of an ID. For response/request
matching, it is frequently useful to find the most recent frame number
(greatest value less than or equal to the current one) that contained
an ID.
We can achieve that by using a multimap that stores values with a given
ID in a tree keyed with the frame number. This works better than using
a map or a tree alone:
1) A map isn't ordered, so doesn't allow for less than or equal comparison.
2) Using a tree requires an ordering on all the ID components, and then
having to test all the components other than the frame number separately
for equality after retrieval.
Currently the multimap does not support inserting items without specifying
the tree key (and having the multimap generate a key), because the total
capacity of trees (including deleted nodes) is not tracked. If other use
cases are needed, this could be added later along with more generic
multimap support.
Use a multimap in ANSI MAP, ANSI TCAP, and GSM SMS, all of which need to
match lookup IDs that can be reused. Fix#7653.
Copy Advertiser Address from AUX_ADV_IND if not present in AUX_CHAIN_IND
to make reassembly work. Check for valid reassembled data before
doing dissect_ad_eir().
As the GLib documentation says, g_strsplit returns "A newly-allocated
NULL-terminated array of strings. Use g_strfreev() to free it." Call
wmem_strsplit instead so that we clean up after ourselves. Blind attempt
at fixing #17736.
This is capable of dissecting UASP traffic on a USB 2.0
bus, provided Wireshark sees the interface descriptor.
Dissecting USB 3.0 traffic won't work properly because we
don't have access to an URB's bulk stream ID, so the data
transfer can't be attributed properly to commands.
The existing dissector only handles the Bulk-Only Transport
protocol but occupies the USB dissector hooks for all mass
storage class traffic.
To facilitate alternative protocols like UASP, direct all
mass storage class traffic to a stub dissector which will
dispatch to the real dissector based on other information,
such as the USB interface protocol.
Heuristic dissectors are still attached directly to the
core USB hooks.
Dissect FlexRay specific EBHSCR header of frame packets, symbol packets,
slot status packets and start of cycle packets. Payload of frame packets
and symbol packets is prepared and passed to the FlexRay dissector.
The Service Response Time stats for CAMEL (and TCAP, which must be
enabled as well) are reliable and not that processor intensive. They
should be always enabled, just like the SRT stats for other protocols.
This also makes things less confusing with regards to the CAMEL
opcode counter stats, which were only enabled if the SRT preferences
were also set, since they use the same tap.
Also remove a unused function declaration in a header.
When compiling the current wireshark master branch (with the default
project provided CFLAGS) on Fedora 35, GCC 11.2.1 prints a few
`-Wmaybe-uninitialized` warnings.
This change fixes those.
Dissector was not correctly distinguishing between 12 byte and 16 byte Group GUIDs.
Code for dissecting Participant GUID used as guidance.
closes#17631.
Rcv.Wind.Shift and Snd.Wind.Shift were not displayed correctly by
the BBLog dissector and the TCP dissector was not using the
information about the shift values available in the BBLog file.
While analyzing the network traffic between an OMRON NS8-TV01B-V2 HMI
and an OMRON CJ2M PLC, I discovered that all requests from the HMI have
their Gateway Count byte set to 0x07. Responses from the PLC still have
a Gateway Count byte set to 0x02.
This conflicts with the (20-year-old) protocol documentation by OMRON,
but happens nevertheless.
With this check removed, all bytes can be successfully parsed to an
OMRON FINS message.
- The RSSI fields in "(Un)Asssociated STA Link Metrics" and "Steering
Policy" TLVs are not defined as RSSI but RCPI in released versions of
the Multi-AP/EasyMesh specs. It's defined as an unsigned value in
range 0 - 220.
- Changed "RCPI reporting threshold" type to UINT8 in "Metric Reporing
Policy TLV".
This patch is a quick fix to the infinite loop during dissection of the
IOAM Trace data list, introduced by merge request !4962Fixes#17709Closes#17709
Signed-off-by: Justin Iurman <justin.iurman@uliege.be>
Strengthen the heuristics according to Appendix A.1 of RFC 3550:
Reject if the packet isn't long enough to fit the fixed header, including
the CSRCs if present.
Reject if the packet isn't long enough to fit the extension header.
Reject if the packet isn't long enough to fit the padding, if we have
all the packet.
Reject the payload types reserved for RTCP conflict.
Most of these lead to malformed packet error if dissected anyway,
which can still be done via other methods (SDP, Decode As, etc.)