DATE_AND_TIME struct is actually time then date. We were previously
parsing it as date then time.
Change-Id: I7367b5502318de32b7c9e7fd170ae58de4c3347f
Reviewed-on: https://code.wireshark.org/review/31431
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The only place where it's currently called passes it data.
Do a DISSECTOR_ASSERT() check to make sure it's non-null.
Remove null-pointer checks that this renders no longer necessary.
Change-Id: I2fc86f9591a7126d328029379ecfe98400dd01cb
Reviewed-on: https://code.wireshark.org/review/31419
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All exported (via dissector tables and dissector handles) routines that
call dissect_atm_common() first do DISSECTOR_ASSERT(atm_info != NULL),
so dissect_atm_common() will never be called iwth a null data pointer.
dissect_reassembled_pdu() is called only from dissect_atm_common(), so
it also won't ever be called with a non-null data pointer.
Fixes Coverity CID 1442299.
Change-Id: I3b455ac546a6a0cd6aa8ef184c71fda2ca2a0710
Reviewed-on: https://code.wireshark.org/review/31418
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I9913b9653fedeb9cc119f10632f4c96fe54027b4
Reviewed-on: https://code.wireshark.org/review/31408
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I09e9a2ee8a89e4784057eb50e47022a7d1e74943
Reviewed-on: https://code.wireshark.org/review/31291
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifbe72c48ec401582d2df30b440e449398c71eb40
Reviewed-on: https://code.wireshark.org/review/31414
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic9774cc09ab5c7582dc85bf41e4021bddfca1ebe
Reviewed-on: https://code.wireshark.org/review/31382
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The new table takes unit ((VPI << 16) | VCI) to allow ATM cell payload dissection depending on VPI+VCI combination
Change-Id: I8f958f904749363cafe0046424c3c2bf6a1a5c96
Reviewed-on: https://code.wireshark.org/review/31381
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Used documentation of bug report.
Bug: 15272
Change-Id: I83871b7458c36df711502bc6aa954a8c3c53604d
Reviewed-on: https://code.wireshark.org/review/31385
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The CS_MONITOR package have also a flags fields wich is not used. [1]
This fix parsing the CS_MONITOR package.
[1] https://msdn.microsoft.com/en-us/library/dd305336.aspx
Change-Id: I99eea5abe95d4654aed8dc0d0e137c845aaba3aa
Reviewed-on: https://code.wireshark.org/review/31389
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will allow the VPI and VCI to be handed to
dissect_atm_cell_payload() in
https://code.wireshark.org/review/c/31381/.
That structure also needs to include the enable_fill_columns_by_atm_dissector
flag; we remove that from the pwatm_private_data_t, which is now private
to the ATM pseudo-wire dissector, and put it in the new structure.
Change-Id: I88f4a9f4b3c4c1c94914311bb883ea38e10ca4b4
Reviewed-on: https://code.wireshark.org/review/31384
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Lock our pipe mutex before closing its file descriptors. This should
hopefully fix some infrequent crashes that I'm seeing on my Windows 7 VM.
Add a note about GRWLock behavior on Windows which doesn't appear to be
related to this issue, but which is nevertheless important.
Ping-Bug: 14701
Change-Id: I32e66a24258264fa65a907f319755594f90c0177
Reviewed-on: https://code.wireshark.org/review/31375
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Generated code and 256-element lookup table with pycrc
* Combined 2 crc6 functions which both have same poly 0x6f and lookup table
* Using the example file from the bug report,
$ tshark -r ~/Downloads/M1_header_crc.pcapng -V | grep "Calculated CRC"
1101 00.. = Header CRC: 0x34 [Calculated CRC 0x34]
Header and Calculated CRC are now both 0x34 (correct value)
* pycrc settings for generation:
$ python pycrc.py --reflect-in False \
--reflect-out False \
--xor-in 0 \
--xor-out 0 \
--algorithm table-driven
--width 6 \
--poly 0x2f
* To manually check 3GPP protocol header CRCs, use above command with flag
--check-hexstring=<HEADER HEX>
Bug: 14875
Change-Id: I283f52fcae10b2f92f107df6988629d49d692428
Reviewed-on: https://code.wireshark.org/review/31356
Reviewed-by: Ross Jacobs <rossbjacobs@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by clang-tidy.
Change-Id: Ibedfec5e5d3eca7c2e65319b7ecb4dcbe974b88b
Reviewed-on: https://code.wireshark.org/review/31337
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If you're not casting anything, you're not casting away qualifiers, so
there's no need to disable warnings about casting away constness.
Change-Id: Ib6bb75a8683ce129078a09df385159c13d2cf306
Reviewed-on: https://code.wireshark.org/review/31355
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by clang-tidy.
Change-Id: Iaf6cf84c33b03ddfcd39a333b49f4987002afa56
Reviewed-on: https://code.wireshark.org/review/31338
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The RU Allocation is really a decimal number and the
standard uses it as a decimal number. It is not a bitmap.
Print it in decimal.
Change-Id: I2f8ff9798aa1af855ad3c8b0a26704282fe18189
Reviewed-on: https://code.wireshark.org/review/31315
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
it is no longer Ethereal (=> Wireshark)
Change-Id: I2a59aa0ec4e18b05612bbce6ede18db9ae350e49
Reviewed-on: https://code.wireshark.org/review/31317
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Smart Metering Equipment Technical Specifications (SMETS) requires
that Gas Smart Metering Equipment (GSME), and Electricity Smart
Metering Equipment (ESME) including variants, meet the requirements
described in the Great Britain Companion Specification (GBCS).
GBCS messages are end-to-end and contains ZigBee, DLMS or ASN.1
formatted payloads. The GBCS messages are transported via IPor via
the ZigBee Tunneling cluster.
https://smartenergycodecompany.co.uk/document-download-centre/download-info/gbcs-v2-1/
Bug: 15381
Change-Id: I28ca9831fc266a6abd310db103306b98786e63f9
Reviewed-on: https://code.wireshark.org/review/31168
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the IPHC TVB wasn't created then bail out of dissection before trying
to use it.
Bug: 15217
Change-Id: I6e297590cdf86e13b0185f75f1d409888f2498d8
Reviewed-on: https://code.wireshark.org/review/31308
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
IEEE1609 and GeoNetworking secured packets containing certificate
contain Service Specific Permission items that was not dissected.
This patch allows dissection of SSP both in IEEE1609dot2 dissector and
in the geonetworking dissector.
It also provides SSP dissectors for ETSI DEN and CA basic services.
Change-Id: Ic5efe403f7c4337c7e51a4eab9a9d674d2fe1cf6
Reviewed-on: https://code.wireshark.org/review/31303
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While there renumber according to latest spec. and fix some indentation.
Change-Id: Ib9b4590d72c3124ffcb96fd719a9a19cadb4c494
Reviewed-on: https://code.wireshark.org/review/31300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way there isn't a need for packet-icmp-int.h.
Change-Id: Ib523c36ab2fdf6a43ee6ff32dadfcd53e9d9bf14
Reviewed-on: https://code.wireshark.org/review/31290
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Pass dissector data to dpaux dissector directly instead of using p_get_proto_data.
2. Don't assume dissector data will always be present and default to "sink" if
that is the case.
3. tvb_memdup isn't needed for proto_tree_add_bytes
4. Use value_string to save switch cases.
5. Bugfix major/minor version dissection.
Change-Id: I018d923537ce276fda8be1884f5bb3a8b2eef862
Reviewed-on: https://code.wireshark.org/review/31297
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9bf885dcd9b8c15212062f8e6205816521e707c3
Reviewed-on: https://code.wireshark.org/review/31292
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Erik de Jong <erikdejong@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Limiting the maximum *path* name length is bogus; if the user wants to
store the file in some directory deep under the root (UN*X) or the root
of the drive (Windows), that's their choice - don't prevent them from
saving in a directory with a path longer than some maximum or limit the
file name based on the length of the path leading up to it.
Limiting the maximum *file* name is presumably to cope with, for
example, HTTP objects with a URL that had a very long query component,
so it makes sense.
Change-Id: Idfc7de8124ee80bdd4950341ff2239834eb9f6f6
Reviewed-on: https://code.wireshark.org/review/31295
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Secured packets contain Common and Extended header.
Change-Id: I60b5ed35811c19c9596bd142c1315b341d760968
Reviewed-on: https://code.wireshark.org/review/31238
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For unsecured and signed data, the dissector uses a dissector table to
determine the next dissector. It uses the psId field to index the table.
In the case no psId is provided inside, the caller can set a default
psid if it is provided beforehand. If none is provided, data are not
dissected.
Change-Id: I6f9d6989cd87dd373a155a5b893c460344a0c857
Reviewed-on: https://code.wireshark.org/review/31237
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I decided that packet-z3950.h was unnecessary at this time, but I didn't eliminate all trace of it.
Change-Id: Iaff41e143bac6bf42779de49f7390ac129cef3e1
Reviewed-on: https://code.wireshark.org/review/31288
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Per [MS-SFU] 2.2.2 PA_S4U_X509_USER in AS-REQ consists of
the certificate data instead of the corresponding struct.
Also, the subject-certificate field in the struct consists
of the certificate data as well, so let's decode it as such.
Change-Id: I6f03a66eac74b7d42c0893f63cab772d8ddcb803
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/31279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
PsId and ITS-AID are defined in several documents and listed in
ieee1609.12. Put these definitions in ieee1609.2 ASN1 definition and
export it so that GeoNetworking and wsmp dissectors may use it.
Change-Id: Ia3ac181a4c9092b555decb3ee7c5e78adcece5c0
Reviewed-on: https://code.wireshark.org/review/31236
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of Metro Ethernet Forum specification of Implementation
Agreement for the Emulation of PDH Circuits over Metro Ethernet
Networks [MEF 8]. This includes the introduction of a RTP shim header
dissection function, as is not uncommon in PW and CES services.
Signed-off-by: Jaap Keuter <jaap.keuter@aimvalley.nl>
Change-Id: I6de81007ce11793cd5352fadadd80d3f6f45ae0d
Reviewed-on: https://code.wireshark.org/review/31239
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Accept version value 1 for geonetworking, dissect last 4 bytes of SHB
and traffic class as per EN 302 636-4.
Change-Id: I254e48f888aae063d2f4b5178c2e0eadc839f8ea
Reviewed-on: https://code.wireshark.org/review/31245
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use proto_tree_add_item (and friends) instead of a protocol specific
wrapper for integer types
2. Create #defines for command IDs and properly sort them in the their value_string
3. Improve heuristics for command specific parameters to reduce false positives
4. Use length value in TLV for strings
5. Remove "sub tvb" creation. The tvb passed into the pdu should be used.
6. Use proto_tree_add_bitmask_list and proto_tree_add_bitmask_list_value where applicable
7. Allow empty fields for vendor-specific TLVs.
8. Treat version fields as FT_UINT8 and use format with BASE_CUSTOM
9. Condense all command response codes to a single range_string.
Bug: 5206
Bug: 15267
Change-Id: I49751d287af1ebb9e27ae7463c08f4724ee60c07
Reviewed-on: https://code.wireshark.org/review/31267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Heuristic is weak, but length of packet should be non-zero.
Change-Id: I68d6d85092c84d5d421731be3ada008fe7a5b06f
Reviewed-on: https://code.wireshark.org/review/31266
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Protects against some false positives because by default GSM over IP
claims some "frequently used" ports.
Change-Id: I94736ecef8ac1422bb330a364a3f77edd9a52a2b
Reviewed-on: https://code.wireshark.org/review/31265
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 5953756305.
The public API should not be polluted with Windows-specific hacks. As we
already override dofile/loadfile, those should be fixed instead.
Ping-Bug: 15118
Change-Id: Ia9d5e64e8ef14032f982f695ffd4cac59067bb17
Reviewed-on: https://code.wireshark.org/review/31134
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for loading RSA private key files from PKCS #11 tokens,
identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can
dynamically load PKCS #11 provider libraries that are not found by
p11-kit.
The configuration GUI will need additional code to discover available
PKCS #11 tokens and will be added later.
This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows,
macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7.
Currently macOS via official packages disables PKCS #11 support, so that
will also not work.
Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66
Reviewed-on: https://code.wireshark.org/review/30855
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reloading Lua plugins did not actually remove registered FileHandler
instances which resulted in a use-after-free of lua_State. Fix this by
tracking instances and release them in wslua_deregister_filehandlers.
Other required fixes to allow reregistration after reloading:
- Fix END_FILEHANDLER_ROUTINE not to block all new registrations.
- wtap file subtypes are apparently persistent, even after
"unregistering". Fix this by looking up the previous subtype that
matches the FileHandler short name. Add a small sanity check to
wtap_register_file_type_subtypes to prevent internal handlers from
being overwritten.
This patch creates a potential memleak of registered_file_handlers as
wslua_deregister_filehandlers is not called on program exit (yet?).
Bug: 13264
Change-Id: I4f5935cde6ff8dc4de333359bad3efca96d4fb9b
Reviewed-on: https://code.wireshark.org/review/31068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Get rid of an extra blank line in a comment.
Change another comment to refer to "error packets", as we do elsewhere.
Fix indentation.
Change-Id: I4d81b8856ea876f20914352f962b1df0e115404c
Reviewed-on: https://code.wireshark.org/review/31241
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The callsign was being truncated to 7 letters.
This affects the following fields:
- I004/100#01.AN
- I004/170#08.MS1
- I004/170#08.MS2
- I025/020.SD
- asterix.AI, which is included in:
-- I021/170
-- I048/240
-- I062/245
-- I062/380#02
-- I062/380#03_v0_17
Change-Id: Idbbb3891d96e906053fc1f0c447e37bae87d207a
Reviewed-on: https://code.wireshark.org/review/31230
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of length determinant in the value returned for psid. Length
determinant is not part of the value.
This helps comparison with other protocols possibly containing a psid
also.
Change-Id: I2bd93bd6849f8bfa686f0574f05b0a65f587e4ad
Reviewed-on: https://code.wireshark.org/review/31235
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This keeps it in the same resolution as the dns.time field.
Ping-Bug: 15382
Change-Id: Ibacf8761819c0fac2e87fa147f7381336ce5cb39
Reviewed-on: https://code.wireshark.org/review/31223
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4234
Change-Id: Ibd59809b2dd9890a7851eb57ef7af384e280a74b
Reviewed-on: https://code.wireshark.org/review/31222
Reviewed-by: Michael Mann <mmann78@netscape.net>
The total maximum length of the APN with Network Identifier and Operator
Identifier is 100 bytes.
Bug: 15383
Change-Id: Ib74eac1f18f2235c2788e58370f50eeb9a678357
Reviewed-on: https://code.wireshark.org/review/31225
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
NISO Z39.50 is a protocol used by libraries and library vendors for information retrieval and catalog manipulation. It is defined using ASN.1 using BER encoding. It has an assigned TCP port of 210. This is an initial implementation.
Features:
- The Z39.50 standard OIDs are defined.
- The bib-1 attribute set is decoded.
- The bib-1 diagnostics are decoded.
- Some OCTET STRINGs which are nearly always printable ASCII are special-cased.
- The MARC (MAchine Readable Cataloging) format is decoded. Only the MARC21 variant is
currently handled, but this is one of the most common variants. The most common tags
are decoded. The MARC dissector is included in the Z39.50 dissector, but the code is
structured in such away that it could be pulled out.
Todo:
- Add information to the Wiki about Z39.50.
As part of this work, the definition of isdigit_string() was fixed to avoid const complaints.
Change-Id: I29a7db53375ef8be83738a1ab98707761d878717
Reviewed-on: https://code.wireshark.org/review/31209
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The stat tree API only supports 32-bit integers and if nanosecond resolution
is used correctly it's easy to hit integer overflow issues on even a fairly
small capture file trying to sum up response times.
Bug: 15382
Change-Id: I15d2cfbdbec7b0bef2bcfe1afe4f6eb6fc1d2456
Reviewed-on: https://code.wireshark.org/review/31217
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't try to (re)set parameters in a struct when its pointer
points to NULL.
Bug: 15374
Change-Id: I953e82795990fde5fce2ad6d955781b372a9e405
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31189
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The F5 trailer dissector is called before the taps are called, so there
is no reason why the taps should attach information to the frame if
there isn't any information attached - if there's an F5 trailer, there
will be information attached to the frame, so there's no need to attach
one, and if there's no F5 trailer, there's no analysis to be done, so
there's no need to attach one.
That way, we don't waste memory that we aren't going to use (about 100MB
for a large capture I have that has almost 3 million packets).
Change-Id: I471b6c9b0fc6eb36f3aff35d6fba2f73c3a0eb90
Ping-Bug: 15385
Reviewed-on: https://code.wireshark.org/review/31210
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I5b5a627f9d75c2b9aa1ceb3a43c7991833dce751
Reviewed-on: https://code.wireshark.org/review/31195
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of using the current date (that can differ from packets)
take if from the current frame. That will put the frame in an index
related to its capture date instead of its loading date.
Small indentation fixes.
Change-Id: If9f9dad1399c2b1bf145e8bcc45a6936e4599cd7
Reviewed-on: https://code.wireshark.org/review/31204
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This squelches -Wmissing-prototypes warnings.
Change-Id: I49feace8796c9786e09183e8dcf82d08e06996a2
Reviewed-on: https://code.wireshark.org/review/31193
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not used outside this file.
Change-Id: I1eead997dbd4d3b58498192a0aec73094a49a067
Reviewed-on: https://code.wireshark.org/review/31202
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Nothing else uses it.
Change-Id: I1de8ced2ceeaf02f2c9eeeef9b6680d5ad7f4794
Reviewed-on: https://code.wireshark.org/review/31201
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not used outside this file, and isn't declared in any header file.
Change-Id: I5b2e7600188bd25333fb85eed21ac41737794988
Reviewed-on: https://code.wireshark.org/review/31200
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The preferences file includes an optional comma-separated string of
hidden interface type integer values (gui.interfaces_hidden_types).
Augment the interface_type enum and the preferences file to better
document what these interface type integer values stand for.
Change-Id: Idd268ed7f252cfa56dd046d24ff7ff597018f5d3
Reviewed-on: https://code.wireshark.org/review/31191
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the request URI to the response to allow filtering of
responses by request URI in a single pass.
Bug: 15344
Change-Id: I89bf675dccaed37f54a4d13956223cbdde601e7d
Reviewed-on: https://code.wireshark.org/review/31184
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Fix compilation on OSX:
../epan/dissectors/packet-geonw.c:1248:164: error: format specifies type 'unsigned long' but the argument has type 'guint64' (aka 'unsigned long long') [-Werror,-Wformat]
proto_tree_add_uint64_bits_format_value(subtree, hf, tvb, (start << 3) + (*offset) - start, (((*offset) - start) << 3) - ((*offset) - start),tmp_val,"%lu",tmp_val);
~~~ ^~~~~~~
%llu
While here, minor indentation issues have been fixed.
Change-Id: I5fc37d337fc302a16210c784e75cf39085ef622e
Reviewed-on: https://code.wireshark.org/review/31186
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The use of this function has beed discontinued in
v2.9.1rc0-109-gee439bb82d.
Change-Id: I0106b0812ebabbe7fc754be6dc0e636c8088c835
Reviewed-on: https://code.wireshark.org/review/31181
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissects secured messages from GeoNetworking protocol as per
ETSI_TS_103_097 (v1 or 2). Msg_id or application id is used to determine
subdissector: "geonw.sec.v1.msg_type" and "geonw.sec.v2.app_id".
Unsecured and signed payloads are subdissected, encrypted payload is kept
as data.
Version 3 secured message dissection calls ieee1609dot2 dissector. No
subdissector is provided in this case.
Use Application ID as defined in ETSI_TS_103_965.
Change-Id: Iff90a0e433d7774790cda50a557631d65c6de2ce
Reviewed-on: https://code.wireshark.org/review/31164
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Editor change (No packet change)
Also update link to spec
Change-Id: I7b64edc1db85d6092858eab98098692ae5c69eb4
Reviewed-on: https://code.wireshark.org/review/31169
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AKE_Transmitter_Info and AKE_Receiver_Info commands now supported
Change-Id: I01b6c4811665023b60e26538c4678562eb217c1a
Reviewed-on: https://code.wireshark.org/review/31135
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Setting LIBRARY_OUTPUT_DIRECTORY to Wireshark.app/Contents/Frameworks
for each of our libraries ends up installing a fully versioned .dylib
along with soversion and unversioned symlinks, which is more than we
want and which wastes disk space when osx-app.sh dsymifies our
libraries.
Leave LIBRARY_OUTPUT_DIRECTORY unset and depend on osx-app.sh to copy
our libraries into place.
Bug: 15361
Change-Id: If0fbaa796b4be806e2aa13887e511a330fe55df5
Reviewed-on: https://code.wireshark.org/review/31139
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Failed Rule ID : FARDynamic by CP 3
to
Failed Rule ID : FAR: Dynamic by CP 3
Change-Id: Ib8383ec4f298c423bed38ffda36f0a0ebac65dc7
Reviewed-on: https://code.wireshark.org/review/31147
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will present the Header in unescaped format, without percent-coding.
ex.
&requester-plmn=%7B%22mcc%22%3A%22240%22%2C%20%22mnc%22%3A%2201%22%7D&
to
&requester-plmn={"mcc":"240", "mnc":"01"}&
Change-Id: I44296bf564a9dd75bf172503a277d48f116d26fd
Reviewed-on: https://code.wireshark.org/review/31119
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add temperature and power tags, represented using millidegrees/milliwatts.
Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number.
Also fix a few implicit floating point conversions (confirmed values are the same).
Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b
Reviewed-on: https://code.wireshark.org/review/31136
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Read the base64 decoded data into a wmem_alloc memory to avoid
a memory leak for each opened file.
Change-Id: I4cbb2c15dea43183ed741d54ae7c6ea2e83e46c0
Reviewed-on: https://code.wireshark.org/review/31112
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix according to review 31069
Change-Id: I03552eaba434597386d8bf386117a3366f2c3446
Reviewed-on: https://code.wireshark.org/review/31101
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All other error-return code paths set *dfp to NULL; make this one do so
as well.
Change-Id: I4015c1d53bdbac99cdeda158d7d01c8da7bf2562
Reviewed-on: https://code.wireshark.org/review/31102
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissector for Intelligent Transport System facility messages:
- Cooperative Awareness Message (CAM)
- Decentralized Environmental Notification Message (DENM)
- Infrastructure to Vehicle Information Message (IVIM)
- MAP (topology) Extended Message (MAPEM)
- Signal Phase And Timing Extended Message (SPATEM)
- Signal Request Extended Message (SREM)
- Signal request Status Extended Message (SSEM)
- Electric Vehicle Charging Spot Notification (EVCSN)
- Electric Vehicle - Recharging Spot Reservation (EVRSR)
- Tyre Information System (TIS) and Tyre Pressure Gauge (TPG) interoperability
Subdissectors:
- ITS version if ever the ITS PDU header is changed
- Version << 16 | MessageID to register new message dissectors
- RegionId << 16 | type to register regional extensions
AddGrpC regional additions already provided
TAP:
- its TAP with ItsPduHeader fields provided
Bug: 15148
Change-Id: I4c71d4dfa1d5d63cb57f61a4e1436a60a3482205
Reviewed-on: https://code.wireshark.org/review/31049
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When an open type is decoded in ASN.1 PER, one can define a dissector
for the content of the open type. Providing data to the inner dissector
is only possible through packet info private data or global vars.
Use the private_data field from ASN.1 context as the data for the inner
dissector. This avoids using packet info private data to communicate
with the inner dissector, especially if the data to be provided are only
"local" matter.
Ping-Bug: 15148
Change-Id: I8fd2cb69d52e371e7d713afe2cc4b2856fb39f7c
Reviewed-on: https://code.wireshark.org/review/31087
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When decoding an open type in ASN.1/PER and the content length is zero,
do not try to create a buffer. Doing so triggers an error in tvbuff.c.
Ping-Bug: 15148
Change-Id: If892e8c6a84cdfb268e3f6c50af0f7e30a89c59b
Reviewed-on: https://code.wireshark.org/review/31088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to TS 29.274, ch8.38. the UE NR security capability coding
is specified in clause 9.9.3.53 of 3GPP TS 24.501
Change-Id: I4e5352bf7a5c75a3766b2d1162d8d85c3566da86
Reviewed-on: https://code.wireshark.org/review/31074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add ws_dofile() and ws_loadfile(), which are like the substitute
dofile() and loadfile() we provide, but that, on Windows, take a UTF-8
path rather than a path in the local code page.
Use that to load console.lua.
This means we can load console.lua on Windows even if the full path to
it includes non-ASCII characters.
Bug: 15118
Change-Id: Iaa00639563fe53a34e1e24e42022f3886a38e7c5
Reviewed-on: https://code.wireshark.org/review/31075
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also add the below minor fixes/enhancements:
- Fix O-bit in MT TLV (rfc5120)
- Add IPv4/IPv6 prefix string in a parent subtree
- Modify the IPv6 Reachability TLV dissector so that it would dissect in TLV format order
- Add a new SR Local Block TLV dissector (draft-ietf-isis-segment-routing-extensions-21)
- Fix offset in SID/Label sub-TLV
Change-Id: Ie317f094ff8f2ed3352e844c212eb59a677e18c6
Reviewed-on: https://code.wireshark.org/review/31069
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_cip_cm_data() was getting hard to read so:
1. Pull out some some logic into separate functions
dissect_cip_cm_unconnected_send_req
dissect_cip_cm_fwd_close_req
dissect_cip_cm_fwd_close_rsp_success
2. Reduce the scope of some variables.
No functional changes
Change-Id: I40c3dd5d2505b29991589ede4752c383348006ec
Reviewed-on: https://code.wireshark.org/review/31051
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id720d7857328c1f464c4568b0a279a864921b031
Reviewed-on: https://code.wireshark.org/review/31052
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Reassemble TCP segment so that IMAP dissector is called on message elements.
Content of fetched messages are parsed by IMF dissector. Dissected fields
are available to "Export Objects" menu item.
2. Request/Response tracking with timestamp between request and response in response frame.
Bug: 15090
Change-Id: Icdbef8c237965d2a59aa7726c5e6a681602c71ce
Reviewed-on: https://code.wireshark.org/review/30876
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I22450f09490f3d508f3865984d710469a8d119f0
Reviewed-on: https://code.wireshark.org/review/31050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In IE User Plane IP Resource Information. If Associated Source Interface is present the length of Network Instance
is 1 octet less than the remaining length.
Change-Id: I4fc74f8ab69d0c441947d3d0149fe9e2106a2bc7
Reviewed-on: https://code.wireshark.org/review/31046
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Andreas Schultz <andreas.schultz@travelping.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replaced global vars with fPresentValue and wrapper functions.
Split bacapp.present_value dissector based on datatype for filtering.
Replaced char array buffers with wmem api calls.
Rebased commit onto latest master branch.
Removed date and time present_value field dissectors.
dissectors added:
bacapp.object_name
bacapp.to_state
bacapp.from_state
bacapp.notify_type
bacapp.error_code
bacapp.error_class
bacapp.event_type
present_value dissectors added:
bacapp.present_value.null
bacapp.present_value.boolean
bacapp.present_value.uint
bacapp.present_value.int
bacapp.present_value.real
bacapp.present_value.octet_string
bacapp.present_value.char_string
bacapp.present_value.bit_string
bacapp.present_value.enum_index
Change-Id: I3ba9327ee22787da59190204e808f8c10dc8fabd
Reviewed-on: https://code.wireshark.org/review/30847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implements V2X protocol dissectors:
* Geonetworking (network layer):
Dissector is registered on top of Ethernet (ethertype=0x8947). Secured
Packets are dissected up to the basic header, the rest is shown as data.
GN_ADDR address type is registerd and provides resolution of station
type and country code in the address. MID is shown as an ethernet address.
All the fields are dissected for non Secured Packets.
A subdissector table named "geonw.ch.nh" is provided on the next header
field. IPv6 is automatically registered. Heuristic dissectors is not
supported. If no dissector is foundd, payload is shown as data.
A preference boolean allows to enable/disable sequence number checking.
Tap "geonw" gets headers of all packets (with most fields).
Expert info tests if and provide feedback on:
- version is zero (no other version possible),
- reserved fields are zeros,
- payload_len matching with reported length of buffer,
- Remaining Hop Limit is 1 for Beacon and SHB,
- low RHL or RHL > Max Hop Limit,
- country code is less than 999 (3 digits ITU-T E.164),
- latitude, longitude, heading and angle limits,
- (suspected) duplicate packets,
- LS_REQUEST/LS_REPLY matching.
* Basic Transport Portocol:
BTP-X (X=A or B) dissectors are registered on top of Geonetworking.
Subdissector tables "btpx.port" allow to register for a given port,
while heuristic dissector can register to "btpx.payload". Decode as
capability is supported.
"btpx" taps get headers of all packets with ports/@ infos.
"btpx_follow" taps get the payload.
Bug: 15148
Change-Id: Iab5f4486d4c38068d9ad4361e77296b747f9b1bb
Reviewed-on: https://code.wireshark.org/review/30992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group RAN-Secondary-RAT-Usage-Report and decoding of Secondary-RAT-Type
Change-Id: I33c1a0e21be64b5b5b4b9a4a40e9e718d89c9943
Reviewed-on: https://code.wireshark.org/review/31036
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6bd309134ebbd27e90b2bf92a2df1abfdfe45a5
Fixes: v2.9.1rc0-3-g4803390686 ("Add new "rsa_keys" UAT for storage of RSA private keys")
Reviewed-on: https://code.wireshark.org/review/31031
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This fix prevents that a BoundsError is thrown in function try_decrypt for
packets with captured length less than packet length. Otherwise, some data
is not dissected.
Change-Id: I0dcd89b85b959f5712ff58b184bfa2e064746d0b
Reviewed-on: https://code.wireshark.org/review/31026
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Type of field wlan.ext_tag.ess_report.ess_info.thresh
must be FT_INT8 instead of FT_UINT8.
Change-Id: Icd1a121832d6a660550023a91d0b732385f68b60
Reviewed-on: https://code.wireshark.org/review/31016
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
v5 of sFlow has another bitmask for output interface
as v2 and v4.
This commit dissects v5 output interface according to
https://sflow.org/sflow_version_5.txt
Bug: 15325
Change-Id: I1c0f1958e5491a7683c716538e103a5d6b49869e
Reviewed-on: https://code.wireshark.org/review/30999
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
New built-in dissector for PCOM protocol (ASCII and binary modes included)
Bug: 15315
Change-Id: Ie13da6bfd7fefefbc5bb5df3461c7fc18261df81
Reviewed-on: https://code.wireshark.org/review/30823
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should eventually replace the "ssl_keys" UAT which additionally
contains a useless address, port and protocol field. This prepares for
HSM support through PKCS #11.
Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582
Reviewed-on: https://code.wireshark.org/review/30977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for different OUI: ST/IoTecha and Qualcomm-Atheros
Signed-off-by: Sergey Rak <sergrak@iotecha.com>
Bug: 15348
Change-Id: If71479339b95b5c26e84ffceb2f00307b3de680c
Reviewed-on: https://code.wireshark.org/review/30969
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Revert a wording Sub-TLV back to SubCLV according to review 30985.
Change-Id: I1f7a2a586d45fe8548c1589baa2803616cf5bd20
Reviewed-on: https://code.wireshark.org/review/31008
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The calculation for relative times incorrectly converted ms to ns.
Change-Id: I4357d89e45b3f31a5c222e4b8f82edc720766a6e
Reviewed-on: https://code.wireshark.org/review/31009
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Changed modelines: c-basic-offset: 4 to keep consistency between files
Also added style for emacs as it is the most common for this file
Signed-off-by: Sergey Rak <sergrak@iotecha.com>
Change-Id: I62b6e16d614ebe2bacce330e3aaa12796d6b248b
Reviewed-on: https://code.wireshark.org/review/30988
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extra data could be an indicator of a problem, or it could be that we
haven't added support in Wireshark for it yet. Either way, it's helpful
to show it, instead of hiding it.
Changes:
1. Show unparsed data in the CIP CM dissector
2. Clean up some offsets
Change-Id: Ieebe208aab1f293f97a8774a6a4de5d5dbd3df67
Reviewed-on: https://code.wireshark.org/review/31003
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Added a check that the Common Packet Format Item Length < remaining
data for that layer.
2. Added a check that there should always be at least 4 bytes available
for each Common Packet Format item (Type ID + Length)
Change-Id: Ie6f2b7904d52d8699c06cfef6844cf0032293d97
Reviewed-on: https://code.wireshark.org/review/31002
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add 2x new Safety Supervisor services
2. Add more enum types for Device Status
3. Match field names to current spec
4. Add some BASE_UNIT_STRING units
Change-Id: I8fedb7cea55fb44eccf641ca60ab849847db2620
Reviewed-on: https://code.wireshark.org/review/31001
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add cip.connection. This works just like tcp.stream, but for CIP
connections. This is added to CIP connected messages and the Forward
Open/Close messages.
Change-Id: Ib358c00dc0a4fd61065cb22b0e9b574ac43a44a4
Reviewed-on: https://code.wireshark.org/review/30984
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also add Strict SPF in SR-Algorithm Sub-TLV (draft-ietf-isis-segment-routing-extensions-21)
Change-Id: Icc564f093075d2d6edf5b25ac90e41c987ea71e8
Reviewed-on: https://code.wireshark.org/review/30985
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Data PDU sequence number 0 is illegal, add an expert info for this.
Don't include this packet in SEQ/ACK analysis.
Bug: 15337
Change-Id: I476088531e8a3605393ee1dedf1e8b159dac342b
Reviewed-on: https://code.wireshark.org/review/30980
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix false positive warning:
epan/dissectors/packet-cipsafety.c:1960:37: warning: suggest braces around initialization of subobject [-Wmissing-braces]
enip_conn_val_t eip_conn_info = {0};
This is a Clang bug: https://bugs.llvm.org/show_bug.cgi?id=39931
Change-Id: I9f3040ae6bd4d5a2fafe21a37ac4b504933eabcf
Reviewed-on: https://code.wireshark.org/review/30979
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dylan Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. For each connected data message, display generated connection
information including:
a. Connection Path from the initial connection
b. API values
c. Forward Open packet number. (This already existed, but moving it to a
consistent place in the tree)
2. Display O->T or T->O in the Info column depending on the direction of data.
3. Remove cip.conn_path_class filter. This was originally added to show
which type of data is in a given packet. But, it's not really needed
anymore because we have the generated connection path in each connected
data packet now.
4. Ensure dummy structs used for Decode As menus are zeroed out.
5. memset -> zero initialization
pcaps from the following bug reports are good examples:
Bug: 14939
Bug: 6617
Bug: 14916
Bug: 14958
Change-Id: I63885a5ca41f95e04f855a1e1dcd9ab3684f7eec
Reviewed-on: https://code.wireshark.org/review/30808
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Both NFSv3 and NFSv4 ACCESS reply dissection will be
sensible when the ACCESS request is not available (because the packet
containing the request was either not capture or truncated).
Bug: 15343
Change-Id: I5bf7b9905e85b1c1eb30e2949b9b246b54f9ec68
Reviewed-on: https://code.wireshark.org/review/30965
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is intended to be a replacement for get_token_len (from strutil.h) when its used on a tvb. It should be a little safer and remove the need for a dissector to use tvb_get_ptr.
Change-Id: Ib2d4a79718b6fba4eb9acc0129b13be6c8199a43
Reviewed-on: https://code.wireshark.org/review/30892
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add message type named 'fast extension' to analyze unprocessed messages
Bug: 15345
Change-Id: I62fce2b753899cb4f2ba833a58388906c9f0d2d3
Reviewed-on: https://code.wireshark.org/review/30954
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The CAT-TP specification says explicitly that the version bits must be
zero. Fail the heuristic check if they aren't.
I checked ETSI TS 102 127 V15.0.0 from
https://www.etsi.org/deliver/etsi_ts/102100_102199/102127/15.00.00_60/ts_102127v150000p.pdf
Bug: 15342
Change-Id: I05a886ccd5811f367abdb9faead4983d137c12c6
Reviewed-on: https://code.wireshark.org/review/30970
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Using the recent updates occasional 'trailing' byte warnings
occur if the key encodes a collection-ID, with these changes
we now get much better key decoding, without the warnings
with and without collections.
Change-Id: I9fc1e0d807c8054065a7346a09b0ce99d05f1e63
Reviewed-on: https://code.wireshark.org/review/30956
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previous decoding showed "Unknown TLV: <TLV value>". This was confusing, because people interpreted the value as the type of the unknown TLV.
Change-Id: Ia9259db547fca393c248f78ea7c758969b69548e
Reviewed-on: https://code.wireshark.org/review/30959
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
UATs are loaded at startup, no need to do it again. Call chain:
epan_load_settings -> read_prefs -> init_prefs -> uat_load_all.
Change-Id: I57caabafb16b0b46fcb6d1621dd6b503154c805c
Reviewed-on: https://code.wireshark.org/review/30958
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Correctly print out the AP Tx Power level.
2. The A-Control UL MU Response field was renamed to the TR Response field.
3. Handle padding correctly in the A-Control field.
Change-Id: I33000aa28b9e00ab97ca30d53907685e302c49c2
Reviewed-on: https://code.wireshark.org/review/30918
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those IEs have specific dissect methods that expect offset to point to
the IE type, not to its value. Furthermore, those methods already add a
subtree, so no need to create it for them.
Related: https://osmocom.org/issues/3705
Change-Id: Ia63253b95678b799f59ed945d1381f4eb01be636
Reviewed-on: https://code.wireshark.org/review/30931
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always initialize our length in dissect_oer_length_determinant. Its
callers assume that this happens and doing so should fix some scan-build
warnings.
Change-Id: I67abc19417e6437b9302b880164140fb8a773204
Reviewed-on: https://code.wireshark.org/review/30935
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not allways good to pick up frames for related call legs when
filtering.
Make different hf:s for the two use cases.
Change-Id: I33c640636a76173f3a7952f4a740491ccfac276d
Reviewed-on: https://code.wireshark.org/review/30922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To stop accepting SIP messages on the
hart-ip port.
Change-Id: Ifc653f4a3defb823336914e8be6f20453aedb6fe
Reviewed-on: https://code.wireshark.org/review/30914
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to MS-SFU 2.2.2 PA_S4U_X509_USER checksum section;
PA-S4U-X509-USER may be returned inside encrypted-pa-data, but
it contains just the checksum data so do not try to dissect it.
Quote:
The padata of type 130 in the encrypted-pa-data field contains
the checksum value in the S4U request concatenated with the
checksum value in the S4U reply.
Change-Id: Ia124f56914ef2fefd5b0a64fccd176911321f246
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding a collection-ID from the
key-bytes.
Update DCP as collection_len is no longer in the
protocol and the system events have changed.
Change-Id: Ib910083d929a906729e2bba2b0f07ba23e093cf5
Reviewed-on: https://code.wireshark.org/review/30895
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of Support Type Object LB type.
Change-Id: I7e654faed4874a87865f1d94a372eb8f00dde412
Reviewed-on: https://code.wireshark.org/review/30903
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the couchbase packet dissector with some re-factoring of the
FlexFrame dissector and then extra functionality for:
* FlexFrame on requests (magic 0x08)
* Durability
* Out-Of-Order requests
* DCP Stream ID
Additional checks are added to warn/error for invalid frame lengths and
for the case where the FlexFrame byte0 is 0xff, which is not defined by
the protocol.
Change-Id: I5f1fec8293284dadbdef717d02fa1eef27da7a0c
Reviewed-on: https://code.wireshark.org/review/30894
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 4154e35cde.
Apparently we do need to call PeekNamedPipe on Windows.
Change-Id: I9c9bbcb56bf1e1c2e6ae240ac5056b8a80674f15
Reviewed-on: https://code.wireshark.org/review/30900
Reviewed-by: Gerald Combs <gerald@wireshark.org>
GAP field dissection shows an acknack analysis. This analysis doesn't
make any sense in the GAP field.
Change-Id: I9c4cca2b722390112b6a350bd2310b48874e5c9d
Reviewed-on: https://code.wireshark.org/review/30897
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Somewhere in the code the handling of the offset goes wrong.
Instead of incrementing the offset it's the pointer to the offset
which is being incremented, leading to all sorts of problems.
Add a dereference to these few statements which lack them.
Bug: 15322
Change-Id: If575711a5b120f25f0172e0efb26e01f07244e8b
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30899
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
use an hf variable of type FT_ADDR
Change-Id: Ice88965825d05ee10825b1a7dc91475ffaa75cb2
Reviewed-on: https://code.wireshark.org/review/30890
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When no content is provided, creating the tree with empty content leads
to malformed IMF.
Ping-Bug: 15090
Change-Id: Idf521c26f69638a94300792e50dba29645a45a68
Reviewed-on: https://code.wireshark.org/review/30874
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The asn1 is based on [MS-SFU] 2.2.2 PA_S4U_X509_USER
Change-Id: Ic072b7c4eca5c924da8833f85529098f6a93f436
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Correct cluster ID
- Parse ZDP Status
- Move from client to server
- Classify as notify instead of request
Change-Id: Idb3d26d3212af2762465d7ec02efcb8978830af3
Reviewed-on: https://code.wireshark.org/review/30859
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic559133086f4529f8dcc7b99cce6dbb97c11e197
Reviewed-on: https://code.wireshark.org/review/30860
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Two trivial cleanups of the definition of the tftp.destination_file field:
There is probably no need to shout DESTINATION in capital letters, and change
"source" to "destination" in the field's blurb.
Testing Done: Built on macOS 10.12.6. Examined the capture attached to
bug 10305 (tftpConversationError.pcapng, which includes a TFTP WRQ), and saw
that the capitalization of the "Destination File" field is as expected in
the packet dissection, and that the status bar now describes the field as
the "TFTP destination file name".
Change-Id: I9f5bded321c16d4e200bf1caf80ad5733ecc8287
Reviewed-on: https://code.wireshark.org/review/30857
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handling of preferences is often done in the dissector handoff
registration. Therefore this function is often registered as
callback while registering preference handling for the module.
In this way the preferences are processed both when registering
the dissector and when changes happen.
Some dissectors opt to register a seperate callback function to
be called when preferences change. Now these have to be called
from the dissector handoff function explicitly, in order to have
the preferences processed during dissector registration.
This becomes explicitly apparent when the port registration comes
into play. With the migration to using dissector registration on
ports with preference this port (range) is often retrieved from
the preferences to match against the ports in a packet to determine
an incoming or outgoing packet of a server. In case the callback
function is not called from the dissector registration this
determination fails, until the preferences are applied/changed,
causing the preference handling callback to be called.
This change add the calling of the callback during dissector
registration, fixing some dissector port registrations in the
process.
Change-Id: Ieaea7f63f8f9062c56582a042a3a5a862e286406
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30848
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done in epan_init.
Change-Id: I2bbfd22ef4a552003dc3644e9d21b5a5ca3465ba
Reviewed-on: https://code.wireshark.org/review/30849
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Apply change 30835 to dissector functions for version draft_01_v6 of the
protocol.
Dissector code added flag values in the "branch" label. Individual flags
are '0' when expanding the branch in the packet details pane due to
wrong definition.
Values on the branch label should be added by proto_tree_add_bitmask.
Use proto_tree_add_bitmask_with_flags instead. Remove code that adds
flag values to label "by hand" and remove unused local vars.
Change-Id: I1f639e4b0e617834276f2e11283315ac8b1594f1
Reviewed-on: https://code.wireshark.org/review/30843
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector code added flag values in the flag branch label.
Values should be added by proto_tree_add_bitmask.
Individual flags were all '0' when expanding the branch
in the packet details window.
Use proto_tree_add_bitmask_with_flags instead and correct
flags values and length (as in packet-ip.c). Remove flag
values adding to label "by hand" and remove unused local vars.
Change-Id: Id5bc63d2e1a0453664d21f554f0f3b8c36d7263f
Reviewed-on: https://code.wireshark.org/review/30835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/3241539.3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for
decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer).
Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9
Reviewed-on: https://code.wireshark.org/review/30833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RSA private keys can only be used for decrypting TLS sessions with a
full handshake that use the RSA key exchange. However currently the RSA
private key is always looked up even if it cannot be used (for example,
due to an (EC)DHE cipher or due to a resumed session).
Defer lookup of these private keys and make some more code conditional
on the availability of GnuTLS at compile time since future changes
switch to GnuTLS for RSA decryption.
Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a
Reviewed-on: https://code.wireshark.org/review/30831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently our Windows code looks for data files in the same
folder as the binary executable (presumably to make the
application relocatable, although it should be possible
to improve this with relative paths?).
Ping-Bug: 15301
Change-Id: I0fef4e87dc9d1d8edef81dd11755761fddd0fd12
Reviewed-on: https://code.wireshark.org/review/30819
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to the lack of setting the size of the data objects,
the exported objects file contains junk data. Set the
actual size of the object data feed to the tap.
Patch originally from Darius Davis <darius@vmware.com>
Bug: 15304
Change-Id: I020a9f010e97f960e8a60b4c991acd0f678ec39c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30803
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The attribute value of the ifname attribute is a 0-terminated string that
contains the interface name. Add an hf variable for this name and
display it as a string.
Change-Id: I0bd4caae49274f3e471a6eefb210db8d56f020f7
Reviewed-on: https://code.wireshark.org/review/30789
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix `tools/generate-nl80211-fields.py --update` to match the output from
v2.9.0rc0-1896-g43134ae252 ("netlink-*: fix various VALS/TFS misuse").
Update to match nl80211.h from Linux v4.19-rc6-1865-g0d4e14a32dca.
Change-Id: I101146867a62f2f881752c42229a218c12d6dda7
Reviewed-on: https://code.wireshark.org/review/30794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to a incorrect check the details of MCAST-VPN NLRI were
never dissected. Also the Originating Router's IP Addr of a
S-PMSI A-D Route was not dissected.
Bug: 15307
Change-Id: Ic7481ed034e4cbf0dcab4aa150f05da2f5aac508
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30796
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When frame data exceeds the snap length given in the PCAP file header,
add an expert item warning of this inconsistency.
Change-Id: I700fd987320d7505aee33158895ba32ec2b480f6
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30788
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TFTP protocol uses 16-bit block numbers. After block 65535, the block
number simply wraps back to zero. This change implements recovery of the bits
lost from the upper end of the block number, allowing for correct tracking of
block numbers in large TFTP transfers. The resulting "Full Block Number" is
added to the TFTP tree, marked as GENERATED; The "Full Block Number" is now
used in all places which previously received the truncated 16-bit block number.
An expert note is added when the block number at the protocol level is about to
wrap around to zero.
I chose to use 32 bits for the block numbers... even with the absolute-minimum
blocksize (8 bytes), that allows for 32 GByte files to be correctly handled;
With a more reasonable blocksize, it theoretically allows for files on the
order of terabytes.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including the transfer of a large file
(115,836 blocks of 1,456 bytes each). Observed that the packet info shows
untruncated block numbers where previously the displayed block numbers would
wrap back to zero after block number 65,535. Constructed a few packet
captures with bizarre sequences of block numbers, and observed that they
were dissected as expected. Checked that a display filter for "tftp.block"
and "tftp.block.full" worked as expected.
Bug: 15305
Change-Id: Ic72ca49c975b1db76e8c5653e64e2a7c34eede5d
Reviewed-on: https://code.wireshark.org/review/30775
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>