When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The memory ownership of wtap_rec::opt_comment was not clear. Users of
wtap were leaking memory (editcap.c). wtap readers were not sure about
freeing old comments (erf) or simply ignored memleaks (pcapng).
To fix this, ensure opt_comment is owned by wtap_rec and free it with
wtap_rec_cleanup. The erf issue was already addressed since
cf_get_packet_comment properly duplicates wth.opt_comment memory.
- wtap file formats (readers):
- Should allocate memory for new comments.
- Should free a comment from an earlier read before writing a new one.
- Users of wth:
- Can only assume that opt_comment remains valid until the next read.
- Can assume that wtap_dump does not modify the comment.
- For random access (wtap_seek_read): should call wtap_rec_cleanup
to free the comment.
The test_tshark_z_expert_comment and test_text2pcap_sip_pcapng tests now
pass when built with ASAN.
This change was created by carefully looking at all users opt
"opt_comment" and cf_get_packet_comment. Thanks to Vasil Velichkov for
an initial patch which helped validating this version.
Bug: 7515
Change-Id: If3152d1391e7e0d9860f04f3bc2ec41a1f6cc54b
Reviewed-on: https://code.wireshark.org/review/31713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* remove _U_ unused attribute for used args
* no need for gcry_err_code() for success
Change-Id: I4c629657328506255da066671b69a98d0f088a3b
Reviewed-on: https://code.wireshark.org/review/31729
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change aligns this field with the image size and data size fields,
which are also shown as decimal.
Change-Id: I0e34a2742ae3d18c7b2501e895406f4b416a9ca6
Reviewed-on: https://code.wireshark.org/review/31717
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
HAVE_LIBXML2 can be set while PARSE_XDD is unset, resulting in missing
functions and linker errors.
Bug: 15419
Change-Id: I0aa20a80080d159bfb6eebccc503b66cc148f7f8
Reviewed-on: https://code.wireshark.org/review/31715
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Addresses a -Wmissing-variable-declarations warning from Clang.
Change-Id: I04de4b2017a61f9e605892338426b1a49042671f
Fixes: v2.3.0rc0-1774-g8efb7fece1 ("Adjust proto_tree_add_xxx_format_value calls to use unit string")
Reviewed-on: https://code.wireshark.org/review/31721
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not rely on strptime("%b") to parse the month, it does not correctly
recognize English month abbreviations on non-English systems. While at
it, do not try to parse milliseconds if seconds are missing.
Change-Id: Ia049bf362195eef1eba2f04ff7217049fa6a7d9d
Reviewed-on: https://code.wireshark.org/review/31707
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid relying on strptime to parse the day of week (%a) and month name
(%b) since these are locale-dependent. Fixes test suite failures with
tvb.lua and LC_ALL=nl_NL.UTF-8.
Additionally it will now reject four-digit years when using ENC_RFC_822
as that requires two digit years. The only user of this API seems to be
the Lua tests though, so this should not make much of a difference.
Bug: 15437
Change-Id: I75436b93faab23869794d9756b9c3ce6128dd1f4
Reviewed-on: https://code.wireshark.org/review/31698
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added Common function to convert 256-bit Port Select Mask into a range
string (e.g. "1-3,5-8,10").
Used wmem_strbuf API to allocate range string.
Change-Id: I70d737d1a33e84c7961eaf0bf83a1bc0689380a1
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28506
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the PDU types needed for SA
were missing in earlier RRC versions.
Change-Id: Ida3b091fe91961cf3cd8e7476692d2467211b5fd
Reviewed-on: https://code.wireshark.org/review/31703
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The string value is stored in the conversation, so use file-scoped
memory instead of g_strdup. Convert to union to save space.
Bug: 15440
Change-Id: Ie2dabfc67ac1db1cc8f864601b8395dcdec7caf8
Fixes: v2.9.0rc0-2719-g8bd0616621 ("SDP: Show callid from all call legs with the same RTP cpnversation.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11845
Reviewed-on: https://code.wireshark.org/review/31704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN:
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x564bccf83549 in malloc (run/tshark+0x1b0549)
#1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13
#2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11
#3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16
#4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15
#5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16
#6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12
#7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27
Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893
Reviewed-on: https://code.wireshark.org/review/31702
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Add more Motion attributes
2. Pull out some copy-paste code into functions
3. Add some units to existing data
Change-Id: I82f112e2f8595eb904076ee758b2e7e034354243
Reviewed-on: https://code.wireshark.org/review/31680
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TS 32.298 reference TS 29.274 for decoding of CSGId,
which describes the CSGId as a unsigned int.
Change-Id: I79e7ae2ac2e997ba64e10a7351a04b421da1fc86
Reviewed-on: https://code.wireshark.org/review/31692
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the ZCL cluster id is in the range 0xFC00 .. 0xFFFF the cluster is a manufacturer specific cluster.
The information shown was 'Unknown' and should be 'Manufacturer Specific'.
Change-Id: Id3ae90aea65c6049c38df2029871fdcfc41ce565
Reviewed-on: https://code.wireshark.org/review/31668
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename ACK Block to ACK Range, merge the ACK(0x03) frame with the
ACK(0x02) frame by special casing the ECN Blocks addition. Update field
names and descriptions to match the current spec.
Bug: 13881
Change-Id: I9fb9d1f19d82bbd8323396627b773fd548a12a4c
Reviewed-on: https://code.wireshark.org/review/31688
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 15416
Change-Id: I24593bdc9f2399085926724176b1a0a8197d7e1a
Reviewed-on: https://code.wireshark.org/review/31662
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the flag descriptors for options inside a set_with_meta and
del_with_meta message, whilst also adding a new flag, IS_EXPIRATION,
for only del_with_meta.
Change-Id: I2f97c5aecb618e90783a39ce026ae0feba110dfd
Reviewed-on: https://code.wireshark.org/review/31675
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'Src port' (mint.header.srcport) has a conflicting entry in its value_string: 133 is at indices 63 (trouble/dgram) and 64 (trouble/stream)
Change-Id: Ic0033e2fad7cc8338aafec6f4a32df0fbe4c3d9d
Reviewed-on: https://code.wireshark.org/review/31630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* implement preauth hashing
keep hash state in conversation object
- preauth_hash_con for connection hash state
- preauth_hash_ses for session preauth hash state
- preauth_hash_current points to either one of the above depending
on where we are in the connection state
- store final session preauth hash in session object
store per-packet hash in the saved packet data
object (smb2_saved_info_t) and display it as generated field.
since request and responses share the same pointer, make a hash buffer
for each (preauth_hash_req, preauth_hash_res).
* implement 3.1.1 key derivation
use session preauth hash to generate the keys
* sample
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3.1.1_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:690000ac1c280000,b25a135fc3dc14269f20d7cbc8716b6b -r smb311-aes-128-ccm-filt.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option merged in Linux 4.13 kernel.
Change-Id: Iee41ef9e2dd93795a0c7953fdd1f5256fe477dd2
Reviewed-on: https://code.wireshark.org/review/31659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* factor out duplicated code to lookup and create sessions
* we now create (potentially dummy) session object all the time, no
need for null checks.
* stash session key in session object in preparation of SMB3.1.1
decryption
Change-Id: I5499c6363abc1356fd35f22b1b8bc363dd5ec347
Reviewed-on: https://code.wireshark.org/review/31658
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
in preparation for SMB3.1.1 decryption we need to know the dialect
when generating the keys.
Change-Id: I68a75bfe6f85b1941a201f8f261de16dbba3dc37
Reviewed-on: https://code.wireshark.org/review/31657
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
factor out duplicated code in decrypted and plain packet to display
generated session informations.
Change-Id: Id6d1d862da753cb5dc4111ec61d1c55c6f6fd760
Reviewed-on: https://code.wireshark.org/review/31656
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Instead of using "$ORIGIN/../lib" just use "$ORIGIN".
Also be explicit in configuring the relative RPATH. We don't want
to assume a default relative path, in case more targets are addded,
out of caution.
Change-Id: I3b7f5e8de7be8bb30aca3b433212113d876c4163
Reviewed-on: https://code.wireshark.org/review/31647
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I37a0cd4bb6ee419873ab05a131279c36c68a8c13
Reviewed-on: https://code.wireshark.org/review/31653
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This results in shorter filters. Some filters (such as quic.stream)
already omitted "frame_type". Done with an automated search and replace.
Change-Id: Iad8710b3b66487e5f744e10cde3561d34f20fe99
Reviewed-on: https://code.wireshark.org/review/31648
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also reorder fields to match the bit layout.
Bug: 13881
Change-Id: I43d3186ae0a0f871302b8a3b34fcb628b38b2306
Reviewed-on: https://code.wireshark.org/review/31644
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As all packet number fields are encrypted, it is no longer useful to
display the partial packet number. The user can infer the original
decrypted value by checking the field length and truncating the value.
Bug: 13881
Change-Id: I7926ac7439ff579b9dd5047dde87f738aefac76d
Reviewed-on: https://code.wireshark.org/review/31643
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create ciphers earlier in the long header dissection process such that
the flag byte can be decrypted, dissect Reserved and Packet Number
Length fields.
Bug: 13881
Change-Id: I233ee1cab9783f00a4ed6e1e3689135f979ec820
Reviewed-on: https://code.wireshark.org/review/31642
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
While gQUIC Q044 is compatible with the IETF QUIC long headers format,
it is not the same. Remove gQUIC support since it is incomplete (flag
dissection is wrong, payload is not correctly dissected) and slows down
IETF QUIC dissector development. If support is restored, it should
likely be added as heuristics in packet-gquic.c
This is a manual revert of v2.9.0rc0-2173-g9fcb4af6b6 ("QUIC: gQUIC Q044
always use CHLO from gQUIC (with tag)") plus some other changes.
Change-Id: If75d81a4c38475f4e11fd8ade7252991f0ba0316
Reviewed-on: https://code.wireshark.org/review/31640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This was necessary to support draft -12 and -13 at the same time. As the
QUIC WG seems to slow down on further changes, this can be removed.
Removing this prepares for properly dissecting the decrypted flag byte
in dissect_quic_long_header.
Change-Id: Ieb7852e2cbdb89730a80b574d04e9ca42e16c23a
Reviewed-on: https://code.wireshark.org/review/31641
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Draft -17 shifts the key phase bit and encrypts it. The old KP bit is
now always 1 which broke decryption due to selection of the wrong
payload protection cipher.
Split calculation of the header protection and payload protection
cipher such that the short header flag can be decrypted earlier. Now the
decrypted flag can be displayed and the correct pp cipher is selected.
Bug: 13881
Change-Id: Ic9468498c3d0fb3f0a456d947824b40709db4927
Reviewed-on: https://code.wireshark.org/review/31637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
At the moment, wslua first registers a class and then adds its
attributes in a second step. This registration creates empty __getters
and __setters tables which are later populated with the getter and
setter methods of the attributes.
Looking at the code and the comments, it seems that this was meant to be
a temporary solution. Eventually, attributes should be stored in
wslua_class' attrs field. The code to read and write attributes was
already updated to handle this.
Add new macros WSLUA_REGISTER_CLASS/_META_WITH_ATTRS that store the
attributes in wslua_class. Defining new macros is simpler than modifying
WSLUA_REGISTER_CLASS/_META to register attributes. If we did the latter,
we'd have to add an empty attribute list for all classes without
attributes.
We can now drop the WSLUA_REGISTER_ATTRIBUTES macro and the
wslua_reg_attributes function.
Using this new way of registering attributes, the __getters and
__setters tables are still available. The tests is the test suite that
rely on those tables still pass.
Change-Id: I526b9116435645c9c54ab69a05c3c7f3d459ec33
Reviewed-on: https://code.wireshark.org/review/31417
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Decryption would fail after switching from Initial to the Handshake
message due to the packet number changing from 1 to 0 which would result
in the wrong reconstructed packet number. To fix this, implement three
different packet spaces and update the full packet number only if
decryption succeeds.
While at it, document all tricky interactions between packet number
spaces and different secrets / ciphers.
Bug: 13881
Change-Id: Ic88a83cdf76cb024054de8a32ea959bd1dacaca3
Reviewed-on: https://code.wireshark.org/review/31635
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Packet numbers in handshake messages are protected by a cipher different
from the initial cipher.
Bug: 13881
Change-Id: Ife6524c0525df10ff3c64f4333908b189f823509
Reviewed-on: https://code.wireshark.org/review/31634
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Swap Retry and 0-RTT Protected identifiers to fix connection tracking
and decryption. Fix detection of Retry packets.
Bug: 13881
Change-Id: I41d1b5674a5ec634b3c55bee72d6943664039dba
Reviewed-on: https://code.wireshark.org/review/31629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of showing the CRC16 value of the clientid, this commit
displays the real value of the clientid in the INFO column.
Bug: 15432
Change-Id: Iaeae89bf7dfe4b08746a4da9515f25f9ae6c02ac
Reviewed-on: https://code.wireshark.org/review/31628
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is more explicit and easier to read with slightly better locality
while using less code.
Also less awkward when the package doesn't fit the narrow package list
expectations.
The ws_find_package() macro doesn't include all the status messages. The
choice was to rely on standard find_package() and feature_summary() output
and be less verbose.
Avoid polluting the CLI build interface. Per target include paths and
macro definitions are preferred.
Because this patch intentionally removes the global CMAKE_*_FLAGS
and include_directories() usage in favor of target properties, some
untested build configurations may inadvertently break because of
missing ${PACKAGE}_INCLUDE_DIRS or ${PACKAGE}_DEFINITIONS. This
required a manual review of dependencies that might have been
incomplete.
${PACKAGE_VAR}_LINK_FLAGS seems to be unused.
Changing the CMake Qt code to use more modern CMake component syntax
is left as future work.
Change-Id: I3ed75252189a6e05a23ed6e619088f519cd7ed78
Reviewed-on: https://code.wireshark.org/review/31496
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The given "len" is the size of the string in "txt" excluding the NUL
terminator. GCC 8.2.1+20181127-1 rightfully complains that strncpy will
not terminate the destination buffer.
Change-Id: I592c7c218cf07c13697de4e60f454326a93d1124
Reviewed-on: https://code.wireshark.org/review/31600
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While at it set p2p_dir.
Change-Id: Ia63ba998db72353963eddc4baa811ce552fd617a
Reviewed-on: https://code.wireshark.org/review/31590
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Joakim Karlsson <oakimk@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PUBACK, PUBREC, PUBREL, and PUBCOMP can all have abbreviated packets
which are not currently handled, leading to those forms being marked as
malformed.
Bug: 15428
Change-Id: I1e6e5dbbca29e7e731683d5c166f9abf978f62b2
Reviewed-on: https://code.wireshark.org/review/31580
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Show 3 digits of precision after the decimal place for API/RPI when
displaying in ms.
2. Remove displaying the value as hex microseconds.
Change-Id: I483739c13ff0e02bd773b5207b41a5eec6c23289
Reviewed-on: https://code.wireshark.org/review/31583
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove name resolution from DNS packets from the tooltip because
resolving from DNS packets has it's own check box.
Change-Id: I0a4039a1639f22b51429c3771fd828d9727aca08
Reviewed-on: https://code.wireshark.org/review/31581
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The DTLS and TLS dissectors already share code for parsing the key log
file contents but the actual key material was stored separately. As
implementations (like GnuTLS) write the TLS and DTLS secrets to the same
file (specified by the SSLKEYLOGFILE environment variable), it seems
reasonable to combine them.
This also enables use of the pcapng Decryption Secrets Block for
decryption of DTLS traces. The dtls.keylog_file preference has become
obsolete and can no longer be used (this was not tested anyway).
A new test was added based on dtls12-aes128ccm8.pcap, the master secret
was extracted using the tls.debug_file preference.
Bug: 15252
Change-Id: Idfd52c251da966fe111dea37bc3fb143d968f744
Reviewed-on: https://code.wireshark.org/review/31577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Should this be default off? I had a false positive.
While at it remove unused hf entry.
Change-Id: Ia3ec0f2e127659349226af9bc2acb0812960a0a6
Reviewed-on: https://code.wireshark.org/review/31574
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Corrected the Multicast Active/Idle true_false_string order
Change-Id: I1753f4cfc9e1ea138789a236976b649607d74831
Reviewed-on: https://code.wireshark.org/review/31567
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector for http://fd.io vpp graph dispatch traces. The file
format is described in detail here:
https://fdio-vpp.readthedocs.io/en/latest/gettingstarted\
/developers/vnet.html#graph-dispatcher-pcap-tracing
Fuzz-tested with good results.
Bug: 15411
Change-Id: I3b040bb072ce43fb2fb646a9e473c5486654906a
Signed-off-by: Dave Barach <dave@barachs.net>
Reviewed-on: https://code.wireshark.org/review/31466
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The UDP-NM dissector is actually AUTOSAR-NM and works over UDP and CAN.
The change also adds parsing of reserved bits of control bit vector and
the 'NM Coordinator Id' field which was present in revision 3.2 but now
is deprecated (bits are marked as reserved).
Since not every packet on a CAN bus is an Network Management one,
parameters were added to filter only packets with specific ids.
In order to define ids to be dissected one should define a reference id
and a mask in preferences.
Change-Id: Ica69032b7200c4c3a1f81130ebcea0dd4144cbf2
Reviewed-on: https://code.wireshark.org/review/31560
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In PID_TYPEOBJECT_LB dissection class_id_enum_names char* array has
been replaced by a string_values so it won't cause any issue if
the read index value is out of bounds.
Bug: 15405
Change-Id: I0dc9d8d00024a2fbb03fca7238ab709b91b059aa
Reviewed-on: https://code.wireshark.org/review/31484
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for dissecting IS-IS BIER Info Sub-TLV and BIER MPLS
Encapsulation Sub-sub-TLV, as per RFC 8401
Bug: 15421
Change-Id: Iec5e275f3afef7cb64d474634bd0a89b42a1b480
Reviewed-on: https://code.wireshark.org/review/31551
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It can be annoying to have to manually calculate the number
of tones based on the global bandwidth and the RU allocation.
Do that in the dissector.
Change-Id: I42eb403a91ebacc4fcfaa3e8c3e793a055d2b9f8
Reviewed-on: https://code.wireshark.org/review/31559
Reviewed-by: Emmanuel Grumbach <egrumbach@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>