That obviates the need to check pinfo->pkt_encap.
Change-Id: I038e065932282ce9d3362fbc9ba6ea653a63f399
Reviewed-on: https://code.wireshark.org/review/25627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Let's add an expert info, and set offset to the end of the current tvb.
Bug: 14379
Change-Id: Iaccf862c451eef58aaed11b26fceebf26bc2c818
Reviewed-on: https://code.wireshark.org/review/25619
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fixed an offset error for mqmo in gmo
Added value in comment when defining val_str
Change-Id: Ie29f65f96d2ffb96c0cc0623346432f1f8380168
Reviewed-on: https://code.wireshark.org/review/25604
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add support for collection commands
* SET/GET manifest
* DCP changes (mutation/deletion/system_event)
Add support for DCP delete_time, a new format for DCP deletion
Change-Id: Iec2000a40da37dcb1edf665a157dc7ab30d4c9d0
Reviewed-on: https://code.wireshark.org/review/25612
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining
Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - copy it with memcpy() and use the result of the
copy.
For IPv6 addresses, cast the data pointer to a pointer to a *const*
ws_in6_addr, so we don't throw away constness.
Change-Id: I0e00263f594d7778c3bd9b98e4336cb201c1f3d5
Reviewed-on: https://code.wireshark.org/review/25580
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.
Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134== by 0xA94E405: g_malloc (gmem.c:97)
==15134== by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134== by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134== by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134== by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)
Found by oss-fuzz.
Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
See Volume 9, version 1.2, sections "6-2.7.1.1" and "7-1.1"
1. Pass Connection Point from FwdOpen to Motion dissector, since that is now needed to parse I/O payload.
2. Move Run/Idle Header function to CIP dissector, since it's a CIP feature, not ENIP.
3. Add a protocol so that Format Revision 3 can be dissected without the Forward Open in the capture.
4. Minor: Highlight more bytes in some EPATH parsing.
5. Minor: Renaming some things to match spec wording.
Change-Id: I93626a6492be2675206d38c04fa1c7ce534c04ca
Reviewed-on: https://code.wireshark.org/review/25570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Valgrind report:
==642== 14 bytes in 1 blocks are definitely lost in loss record 5,705 of 49,814
==642== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==642== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==642== by 0x6D523F4: dissect_object_mapping (packet-epl.c:4216)
==642== by 0x6D56394: dissect_epl_sdo_command (packet-epl.c:3862)
==642== by 0x6D56394: dissect_epl_asnd_sdo (packet-epl.c:3572)
==642== by 0x6D59BC5: dissect_epl_asnd (packet-epl.c:3053)
==642== by 0x6D59BC5: dissect_eplpdu.part.21 (packet-epl.c:2627)
Found by oss-fuzz/5907.
Change-Id: I6f4d2cea761581260af396c848ab1fded5641b44
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5907
Reviewed-on: https://code.wireshark.org/review/25573
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
We've added more fields, increment the pre-allocation amount.
Change-Id: Ia5f1aab7a2fa120049162d17a63f99bf21a3fe37
Reviewed-on: https://code.wireshark.org/review/25566
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added support for IMS, TM, TMC2 Struct
Improve display some Flags in ID Struct
Fix display for FCNO Struct
Fix error in get_mq_pdu_len
Code reformat (VS2017)
Moved DEFINE to header file
More struct display fixed
Fix for IMS Msg len display
Change-Id: I80bfd25a5079598fc44124dc2c7b850640a38b00
Reviewed-on: https://code.wireshark.org/review/25295
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjust splash screen message used for registering dissectors when
finished fast from "Registering dissectors Registration finished"
to "Registering dissectors finished".
Change-Id: Id81cf08bb02bea0baa3ac0575b487e271641e27d
Reviewed-on: https://code.wireshark.org/review/25546
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in the #if 0ed out comments, It's not valid for a
soupbintcp subdissector to call conversation_set_dissector(), so
it shouldn't call try_conversation_dissector. Just remove the
call entirely so it doesn't look like the removal is temporary.
Change-Id: I68d9b72360b52002692c369d7b202a8a215c0a96
Reviewed-on: https://code.wireshark.org/review/25555
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Valgrind log:
==6102== Thread 1:
==6102== 32 bytes in 1 blocks are definitely lost in loss record 24,851 of 49,782
==6102== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6102== by 0xB17B7F7: __vasprintf_chk (vasprintf_chk.c:80)
==6102== by 0xA98C2AB: vasprintf (stdio2.h:210)
==6102== by 0xA98C2AB: g_vasprintf (gprintf.c:316)
==6102== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==6102== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==6102== by 0x6A66B8C: color_filters_read_globals (color_filters.c:704)
==6102== by 0x6A66FBE: color_filters_get (color_filters.c:317)
==6102== by 0x402313: fuzz_init (fuzzshark.c:237)
==6102== by 0x40252D: LLVMFuzzerInitialize (fuzzshark.c:322)
==6102== by 0x401E33: main (StandaloneFuzzTargetMain.c:125)
Change-Id: Ibc18edff6097eca736328810c903a151ddee22bc
Reviewed-on: https://code.wireshark.org/review/25553
Tested-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
The CAN-ETH protocol explicitly states that the CAN identifiers are
transmitted in little-endian order, and the dissector now decodes it as
little-endian rather than host-endian.
Change-Id: I92c44b809caace31726e0d355363355eb32efa3e
Reviewed-on: https://code.wireshark.org/review/25549
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise we use an uninitialized variable
Bug: 14372
Change-Id: Idacdb40569421f7e41e181c14fb2bc033b0645b8
Reviewed-on: https://code.wireshark.org/review/25529
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adding Session Multiplex Protocol SMP
SMP is used by TDS when MARS in enabled.
Bug: 14110
Change-Id: Ia4113c627d107da6c3d51e4004265efb228a297b
Reviewed-on: https://code.wireshark.org/review/25509
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
bf_arr is used as %s argument to proto_tree_add_subtree_format(), so it need to be NUL terminated.
Add + 1 to bf_arr size, and use sizeof() in memset() calls.
ASAN report:
ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ff1b179f150 at pc 0x00000044cf31 bp 0x7ffdc7493cf0 sp 0x7ffdc74934a0
READ of size 258 at 0x7ff1b179f150 thread T0
SCARINESS: 41 (multi-byte-read-stack-buffer-overflow)
#0 0x44cf30 in printf_common(void*, char const*, __va_list_tag*) /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_format.inc:548
#1 0x498cfc in __vsnprintf_chk /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1558
#2 0x5775cf in proto_tree_set_representation /src/wireshark/epan/proto.c:5508:9
#3 0x577eb1 in proto_tree_add_text_valist_internal /src/wireshark/epan/proto.c:1226:2
#4 0x5782d5 in proto_tree_add_subtree_format /src/wireshark/epan/proto.c:1249:7
#5 0x73c73f in fBitStringTagVS /src/wireshark/epan/dissectors/packet-bacapp.c:7490:15
#6 0x73ad20 in fApplicationTypesEnumeratedSplit /src/wireshark/epan/dissectors/packet-bacapp.c:7569:26
#7 0x73a484 in fApplicationTypes /src/wireshark/epan/dissectors/packet-bacapp.c:7635:12
#8 0x7395db in fIAmRequest /src/wireshark/epan/dissectors/packet-bacapp.c:13412:14
#9 0x7383e1 in dissect_bacapp /src/wireshark/epan/dissectors/packet-bacapp.c:14163:9
Found by oss-fuzz/5452.
Change-Id: I57e948904f707c5003a389431b009a37c1212e04
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5452
Reviewed-on: https://code.wireshark.org/review/25544
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Fixes/improves a few filter identifiers, typos, consistent
use of MHz (as opposed to Mhz), and fixes to the MCS map trees
in the HE Capabilities tag.
Change-Id: I5c761990237ccc241d95fb0b9b2d3f8f1263b460
Reviewed-on: https://code.wireshark.org/review/25530
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
The UDP port for HSRPv6 was mistyped when UDP dissectors was converted
to use "auto" preferences in g2eb7b05b8c.
Change-Id: I4b6f634677d23d81fc197dbeb43ee3d91d9a111f
Reviewed-on: https://code.wireshark.org/review/25526
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Open lua scripts when double-clicked. Behavior depends on your system
configuration. Add tooltips accordingly.
Let Qt wrap the "Wireshark" tab information.
Set column widths by eyeballing their contents.
Elide the Folders and Plugins strings in the middle.
Fixup placeholder text capitalization.
Draw links using the palette link color.
Change-Id: Ic141eae05541480ec1e254c55fd81728d04713d9
Reviewed-on: https://code.wireshark.org/review/25510
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing NULL terminator to ieee1905_reporting_policy_flags[], in order to fix buffer overflow.
ASAN report:
ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000092a4af8 at pc 0x00000062afd2 bp 0x7ffce7e468d0 sp 0x7ffce7e468c8
READ of size 8 at 0x0000092a4af8 thread T0
#0 0x62afd1 in proto_item_add_bitmask_tree /src/wireshark/epan/proto.c:10406:9
#1 0x62953f in proto_tree_add_bitmask_with_flags /src/wireshark/epan/proto.c:10786:3
#2 0xfb8271 in dissect_metric_reporting_policy /src/wireshark/epan/dissectors/packet-ieee1905.c:2762:9
#3 0xfb2997 in dissect_ieee1905_tlv_data /src/wireshark/epan/dissectors/packet-ieee1905.c:4390:18
#4 0xfb23c8 in dissect_ieee1905 /src/wireshark/epan/dissectors/packet-ieee1905.c:4577:18
Found by oss-fuzz/5298.
Change-Id: I35dbd6d29d0a3a5560286146fbed172c810e5b2d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5298
Reviewed-on: https://code.wireshark.org/review/25520
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
One thing I hate is big slabs of open coding. Compilers are very good these days
and will inline functions if they are used in only one place.
By using functions we make the code very much more readible.
There is also a big opportunity to use functions like proto_tree_add_bitmask.
Change-Id: I66d1509f577d2955996f4649e05494ab0370ed01
Reviewed-on: https://code.wireshark.org/review/24964
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sip_is_packet_resend() function sets the internal transaction_state to
final_response_seen, the prevents the sip_find_request() from finding the
matching INVITE as it expects transaction_state == request_seen. Simply
reversing the order of these functions seems to fix the problem.
Change-Id: I61d085c979dee24ad88b4eea26dfa002fd9cd213
Reviewed-on: https://code.wireshark.org/review/25429
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CCM* algorithm implemented as part of ieee802154 dissector can be
leveraged for higher layer protocols, e.g. OSCORE. This change adds an
additional parameter to the CCM* API in order to allow passing a generic
13-byte nonce.
Bug: 14367
Change-Id: Ib2da1146659f67ffb3a4767ec093f8b7f09461ce
Reviewed-on: https://code.wireshark.org/review/25455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14332
Change-Id: I49642a9880fc03d38942eebfd6b1015894fef23d
Reviewed-on: https://code.wireshark.org/review/25255
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modern SDP usage (e.g. SIP, WebRTC) can "bundle" multiple RTP media streams on
a single port. Thus the RTP dissector has to be able to handle audio and video
at the same time, so the gboolean flag in _rtp_info was changed to a bit mask.
The SDP parsing was then changed to detect multiple "m=" lines using the same
port, and combine their audio/video bit masks, and the rtp_dyn_payload used
has all the audio and video payload descriptions.
Change-Id: Ifa3c034260f892ed005fe28647d28f3b0b1b05cf
Reviewed-on: https://code.wireshark.org/review/25431
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add the crypto suite that came in with a spec change (v171212).
2. Add two additional fields that need handling.
3. Make the attribute value a separate sub-tree.
Change-Id: Ic01527bcd0361bf2522d2efbc91cd8191d7b2e27
Reviewed-on: https://code.wireshark.org/review/25514
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Should fix clang warning created by https://code.wireshark.org/review/#/c/25492.
Change-Id: Iafa31e24cd786a510f3a953d615df4cbc3930fa6
Reviewed-on: https://code.wireshark.org/review/25508
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Chances are if there are a large number of "empty objects" (that don't increment packet
counter) it's an intentionally malicious packet and we should break the loop.
Bug: 14362
Change-Id: Id9a6f4270cc47188becdf4652f903d0ba4478dcb
Reviewed-on: https://code.wireshark.org/review/25497
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
JSON will be display like in browswer developer tool (Firefox or Chrome).
Change-Id: Ib504f4828d9fd8d25d9564b93717007ac021713c
Reviewed-on: https://code.wireshark.org/review/25474
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Handle the Estimated Service Parameters tagged element and the Future
channel guidance one. The second may need more work in future.
These are defined in IEEE STD 802.11-2016 but may have been defined earlier.
Change-Id: I1c67a0ea6df9c1cc89bb3a34da921f3938e0a012
Reviewed-on: https://code.wireshark.org/review/25407
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Iecfb705b37f54119eaec75ab8df8c7ee3c76bfec
Reviewed-on: https://code.wireshark.org/review/25503
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
UAT color "datatype" has the format of #XXXXXX so the XXXXXX is strduped
to pass to strtol(). The "pointer math" assumed the # was always present
and would result in large memory allocation if string was empty.
Bug: 14357
Change-Id: Idc43b17f0e07705880d0d77f106991d10e09f072
Reviewed-on: https://code.wireshark.org/review/25504
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add dissection of the TDS response packet for TDS 4.2. In order to share code, this
required parameterizing TDS 7.x token-handling routines for things such as endian-ness
and one-byte vs two-byte character encodings. This required ascertaining accurately when
TDS 7.x is in use as early in the conversation as possible. This in turn required knowing
the program versions downloaded in the prelogin packet in the case where the login packet
is encrypted. (Listening to the LoginAck token is a little too late.)
Add more support routines to parameterize the endian nature of each connection.
Although the particular tokens decoded here are documented for TDS 4.2, it has only been tested
with a trace from TDS 4.6. TDS 4.6 didn't change much, but there may be a few minor errors.
Change-Id: I6f8f136bcc565640fbea4302cb79ea29a118d9a1
Reviewed-on: https://code.wireshark.org/review/25464
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Used reference:
Book "InfiniBand Network Architecture" by Tom Shanley; page 369 ff
Bug: 14359
Change-Id: I77e64ca16ccc5f193eac34b304165f722ffb0748
Reviewed-on: https://code.wireshark.org/review/25489
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some oddities with regard to file permissions have crept into
the repository. Reset execute rights on various files which do
not need them.
Change-Id: Ib05658072925d59fc682173673c5638d157a269a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25490
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Headers field "name" is used in the hash table for matching
field type while processing data. Browsers use dash as
delimiter while in the code we use underscore.
Change-Id: I6342af9328118b41a8c71e034ef5913a83a84459
Reviewed-on: https://code.wireshark.org/review/25478
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I306341c7cddf8facb4a9ca62254a465a1da22174
Reviewed-on: https://code.wireshark.org/review/25423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
iPXE seems to violate RFC 3004 by ommitting the UC_Len_i field in the
User Class Data field. Since this seems to be a 'well known' issue,
which is not going to be corrected, detect and circumvent the error
detection for this specific use.
Bug: 14312
Change-Id: I2a15c336d7f67ee5fd83f955de7126eac146bfb1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25450
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f47e0ede2a31cfdadc69ab125a739b3deaa297e
Reviewed-on: https://code.wireshark.org/review/25453
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Move checking of encoding before allocating nstime.
Found by clang.
Change-Id: I3c1de5fae6fcf52393cc38302359f21f17808087
Reviewed-on: https://code.wireshark.org/review/25442
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modern SIP endpoints often use non adjacent, or the same, port for the RTCP
protocol as the RTP protocol. This is indicated via attributes in the SDP,
which should be used to set up the correct dissector for the correct port
on this SIP session.
Change-Id: I37bf30b71541b6f924fbda5ac1cb29f3ba171515
Reviewed-on: https://code.wireshark.org/review/25430
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I049c8b9b9a0a1da2243217532186ba5a19cf5671
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
RHEL7 ships with Libgcrypt 1.5.3 which does not support AEAD, add guards
to fix -Wunused-function errors.
Change-Id: I230a66eff0dca9a882bf87f2f740ee0d36cd1dc6
Reviewed-on: https://code.wireshark.org/review/25434
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If176231d1c71692b1d6a2627934d211e4f2476a7
Reviewed-on: https://code.wireshark.org/review/25433
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
While we are at it, let's add the protocol item to allow filtering on
protocol.
Bug: 14360
Change-Id: I4973a6e657dccd71af4f798584cc118b75bedd20
Reviewed-on: https://code.wireshark.org/review/25425
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
offset was not used after increment/assignment, just return it to relax clang.
Found by clang scan.
Change-Id: I21dece4e31075ca2da8d3ba942336fb4858636b6
Reviewed-on: https://code.wireshark.org/review/25419
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Some ZigBee commands within the Smart Energy Profile does not have the same payload
across different specifications. With this preference it is possible to choose what
version of the specification to use when dissecting payloads.
The default version is set to the latest one, which is Smart Energy 1.4, even though
it is still under development.
Change-Id: Iaec5528f2a418aeec4e39cfa087a58e531570d42
Reviewed-on: https://code.wireshark.org/review/25409
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is based on Draft 2 of the standard. Draft 2 did not get approved, but
is close to what the final version will be and support is needed now by the
teams working on this.
Change-Id: I837df05a288b815e1e455883f4f165721104d51f
Reviewed-on: https://code.wireshark.org/review/24861
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All tools use draft-07 or draft-08
Bug: 13881
Change-Id: I539e34324f16149fe8c0d05d938bae1298b9eb15
Reviewed-on: https://code.wireshark.org/review/25399
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a field is indicated as not known, then display that field as reserved
which will prevent people from searching for fields that are not known and
makes more sense.
Also, rename some of the hf fields to be more in line with standard practice.
Change-Id: I5cbbd682acbea3713b7b19325fe1a36cc0e36aa1
Reviewed-on: https://code.wireshark.org/review/25397
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There was a missing field in the initial version of the spec. Add the
flags bits that define the subsequenct fields.
Change-Id: Ie237075f4f7f30adc4b280358fe5c985c63f5281
Reviewed-on: https://code.wireshark.org/review/25375
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Don't break the remaining length by setting and invalid one
Change-Id: Ia32798db73937ada6c99a6927cc87402603a9e75
Reviewed-on: https://code.wireshark.org/review/25391
Reviewed-by: Michael Mann <mmann78@netscape.net>
'rsvp.template_filter.ipv4_tunnel_sender_address' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'rsvp.template_filter.sub_group_originator_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
Change-Id: I922ef6742c7f340519adc6014ec37e29cb0e34c7
Reviewed-on: https://code.wireshark.org/review/25390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Glib hash table can use integers as pointer by casting them
using GINT_TO_POINTER. This prevents alloc/free of memory.
Leak found by clang.
Change-Id: Ieae4d1ec787e41aef0657d27bdaefe30d12e2b80
Reviewed-on: https://code.wireshark.org/review/25341
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will help identifying that the packet contains unexpected data at the end
rather than triggering a malformed error when trying to fetch outside of
the tvb.
Change-Id: Ieb71204f3c364e809447157e7a71c3eb92620d85
Reviewed-on: https://code.wireshark.org/review/25366
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This removes an error when running cmake target checkAPI_epan.
No such file: "ps.c" at wireshark/tools/checkAPIs.pl line 2144.
This error is related to out-of-tree builds. In-tree builds are not
affected since the generated files live next to the versioned ones.
Change-Id: I3a6b05eaf4b7bb703222c47233576d0cb77e66d1
Reviewed-on: https://code.wireshark.org/review/25330
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This field is generated so mark it so. It may also be usable so
make it visible.
Change-Id: I10d951f234f1fba240059bc791b40d25dede07a9
Reviewed-on: https://code.wireshark.org/review/25350
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This allows the user to override the EAPOL Key MIC length for those
crypto suites where the Key MIC length is greater than 16 bytes.
This works in the DPP case where the Key MIC length is supposed to be the
same as the Nonce length.
Change-Id: I8ef6bc978e0a44ece0e95d76b231a02c7f15c89b
Reviewed-on: https://code.wireshark.org/review/25332
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Padding frame can be anywhere on QUIC payload
Add loop check if it is always padding frame (0x00)
Bug: 13881
Change-Id: I3d50e5347aeca9738aeac3287ddba7fd30fc72b1
Reviewed-on: https://code.wireshark.org/review/25324
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I0a4eb85abd75ed706ea519371f2c62b172c05297
Reviewed-on: https://code.wireshark.org/review/25326
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
A capture with a Server Hello failed to be dissected because the record
was split in TCP segments of one byte each. This resulted in a
"Malformed Packet" exception because ssl_looks_like_sslv2 looks at the
third byte which. To fix this, ensure that at least the size of a TLS
record is available.
Change-Id: I8558028a28169020bc6549fdac29e07ecedf6ce2
Reviewed-on: https://code.wireshark.org/review/25310
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Renumber key_share extension, display the old codepoint as "Reserved
(key_share)" in case an older draft version is loaded. The old codepoint
(40) was apparently used for different purposes:
https://www.ietf.org/mail-archive/web/tls/current/msg25168.html
Add a new "signature_algorithms_cert" extension which is similar to
"signature_algorithms", except that it advertises the supported
algorithms in certificates rather than handshake messages.
Change-Id: Ibbb09100e2540deea8f652ba0685feadb68f33e7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/25309
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make HTTP2 headers filterable.
Change-Id: I1a1a42ccdb41461f048e9ae462421ecad79da61b
Reviewed-on: https://code.wireshark.org/review/24475
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I8b69922c2bbb7905480277e7b28d9894453e785b
Signed-off-by: Anton Glukhov <anton.a.glukhov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/25284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the term "external capture interfaces".
Change-Id: I216ce2273737b58e4922c476416333ba16d6cb30
Reviewed-on: https://code.wireshark.org/review/25298
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a trailing NULLs so that we don't read past the end of
hfi_nfct_attr_status_flags and hfi_nfexp_attr_flags_bitfield.
Bug: 14336
Change-Id: I1e96a89f60df2d653c4f3ad63f29cf57eb0224a5
Reviewed-on: https://code.wireshark.org/review/25290
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Have the make-dissectors CMake target explicitly depend on copy_cli_dlls,
otherwise we might try to create dissectors.c before libglib-2.0-0.dll
has been copied into place. It looks like this is what's been causing
our random Windows PD failures.
Change-Id: Ia2445f17abd2c73113ab269ba6c606f48e724d93
Reviewed-on: https://code.wireshark.org/review/25292
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Decode additional data of NTP opcodes 8,9,10,11,12 only as one string.
There's room for improvement to dissect the string for all the
name=value pairs. To do so more samples of different implementations are
needed.
Used reference:
* https://tools.ietf.org/html/draft-ietf-ntp-mode-6-cmds-03
* http://doc.ntp.org/
* sample captures attached to bug
Bug: 14270
Change-Id: I4da537bf2a984b673845333714d8a8cb873f3147
Reviewed-on: https://code.wireshark.org/review/25281
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This UAT was limited (allowed configuring RACH channels only) and hasn't been extended for 4 years now.
There is also a heuristic dissector for RACH channels so pre-configuring them is unnecessary.
Change-Id: I266d2a0aba179318e1c28e0d5bc2b60860962fb2
Reviewed-on: https://code.wireshark.org/review/25270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since the message number isn't explicitly encoded in the protocol there
is no field to filter on. It is however derived from the message
contents and added in the info column.
Adding this as a generated field allows searching for and filtering of
these messages.
As requested before, last at SF'17 EU.
Change-Id: Id77612f0178710d30ea815335b0a54339d5d7b2c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25257
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The correct length for an AT_STRINGZ address of "" is 1, not 0. A
length of 0 for an address is valid only if the pointer-to-address-data
is null.
Change-Id: I1da6de5ed402020ed5c8389a911870a54fa8b14a
Reviewed-on: https://code.wireshark.org/review/25258
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes a build failure when building the wireshark-git package on Arch
Linux using GCC 7.2.1:
epan/dissectors/packet-h223.c: In function ‘dissect_mux_sdu_fragment’:
epan/dissectors/packet-h223.c:207:13: error: variable ‘circuit_id’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
Fixes: v2.5.0rc0-1698-g800b26edbe ("Remove circuit API")
Change-Id: I0b63f692e840e852680467b25ba3c3dfd31392ed
Reviewed-on: https://code.wireshark.org/review/25251
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make plugins.c the source of truth for plugin names. Where plugins
reside and what they do are two different things, so split the plugin
directory and description into two separate elements.
CMake creates portable[1] builds on Windows and macOS. That is, the
build-time directory layout is the same as the installation directory
layout. Adjust various plugin paths macOS accordingly.
[1] You have to run osx-app.sh on macOS to prepare the application
bundle, but the goal is to create a directory/bundle that can be moved
or copied to a different system and run in the new location.
Change-Id: Icf9d02e61918fdf1404468baf52542910edf2743
Reviewed-on: https://code.wireshark.org/review/25166
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Shift the value stored in coinfo->block_mflag in
dissect_coap_opt_block so that we store 0/1 instead of 0/8.
Change-Id: I45ac08564ff1fdcaf4e7306692db862b6a70989b
Reviewed-on: https://code.wireshark.org/review/25248
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Niels Widger <niels@qacafe.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For queries, there appear to be two different versions, one with a
2-byte value of some unknown type and one with a 1-byte value that
appears to be an "appliance type" code followed by a 2-byte VLAN ID.
For replies, there only appears to be a version with a 1-byte "appliance
type" followed by a 2-byte VLAN ID, but handle a too-short payload.
Also point to http://www.rhyshaden.com/cdp.htm in some comments.
Change-Id: If1b476d5e6b23c7e0ba027835c6f0c84c8b723b7
Reviewed-on: https://code.wireshark.org/review/25249
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow decoding of LoRaTap in UDP packets like used by gr-lora (https://
github.com/rpp0/gr-lora) for instance.
Change-Id: I812c428db840a646b6fb22437037dcb8fab39370
Reviewed-on: https://code.wireshark.org/review/25247
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
UNSOLICITED_PONG (0xB): An endpoint received a PONG frame that did
not correspond to any PING frame that it previously sent.
Bug: 13881
Change-Id: I8f3daf46965b93007dd178622f3ebd7c187b11e7
Reviewed-on: https://code.wireshark.org/review/25239
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AS23456 is reserved in RFC6793 for 32-bit AS number range as AS_TRANS.
Add an additional text "(AS_TRANS)" to AS 23456 items.
Bug: 14305
Change-Id: I1a0ea9e07c74b7e409cb32e2da55dbf233a2348d
Reviewed-on: https://code.wireshark.org/review/25172
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ASN.1 prose imported from the specification and heavily modified
manually to workaround its poor quality.
Some of them are marked with -- WS modification comment, some are not.
Probably useless as-is, but it is an initial start until an updated
version is available.
Change-Id: I19ab6cedb6aa23c8ed57bae525ee4a3391494e32
Reviewed-on: https://code.wireshark.org/review/25235
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When doing recursion check we must also count down when done.
Bug: 14253
Change-Id: Icacc86e8b25e106e151117dbcc2f132b1bbe898e
Reviewed-on: https://code.wireshark.org/review/25226
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Another simple example of how to use preference effects to limit
the times a capture file is redissected unnecessarily.
Also clean up some of the grammar of preference effect descriptions.
Change-Id: I2db92e8e3ee913d3b37162916bd0ef7ac8ecd794
Reviewed-on: https://code.wireshark.org/review/25175
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've added more fields, increment the pre-allocation amount
Change-Id: If0e68697c797e8709349a59b86fbcd4397730476
Reviewed-on: https://code.wireshark.org/review/25220
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow LoRaTap syncword field to be used for "decode as".
Fix field types for LoRaWAN EUI fields to display as EUI-64 little endian.
Change-Id: I584f338031a4bc87e127d35a7bf8751a60e93d55
Reviewed-on: https://code.wireshark.org/review/25199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This interperates the main body of Lustre traffic.
This dissects all current Lustre OPCODES (as of Lustre 2.10.2)
This dissects MDS REINT sub-opcodes
This dissects LDLM Intent opcodes
This dissects LLOG EADATA
Conversation matching is just IP based and not IP/port based.
Only one lustre "instance" can be running on a given host at a given time,
and request / reply pairs aren't don't always match by port numbers.
Add exception for lustre_* structure names in PROTOABBREV.
We have several lustre.lustre_* because the internal lustre structre is
named lustre_ (i.e. lustre_handle or lustre_msg_v2)
This is still a work in progress, as there are missing FLAG values
and some LLOG EADATA structures that aren't fully decoded.
Change-Id: If57085e2692565336e49f40fb475ca1035da7a35
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24800
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the addition of power values to the top-level item for the TLV so
that it actually adds power values.
Make the list of power values in that item display correctly, without
extra commas.
Fail if the length of the TLV is less than 8. (We should really add an
expert info item for that.)
Change-Id: Ic4229c0652306f69156b8341c9fbb67cacc8154c
Reviewed-on: https://code.wireshark.org/review/25215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a recursion check to tvbparse so that we don't overflow our stack.
Bug: 14253
Change-Id: I0f667c3720311318267a1184b33e33253f8ff729
Reviewed-on: https://code.wireshark.org/review/25202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissecting of LS Types bytes for LS Requests was missing.
Dissecting of LS Types bytes for LS Acknowledgments have been implemented.
Bug: 14310
Change-Id: I13d5b564a1e97f0c5a33c749273b11f94c90cbc0
Reviewed-on: https://code.wireshark.org/review/25183
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Protocols of protocol type 802.2 (PT = 2) are encoded with the
"normal" ethernet type when PT length == 8.
Used reference: https://docs.fd.io/vpp/17.10/d2/d71/cdp__protocol_8h_source.html
Show IPv6 addresses as IPv6 and not as bytes.
Change-Id: I0f192e758bcc1a562f042609fa5d0d9527551bb8
Bug: 14311
Reviewed-on: https://code.wireshark.org/review/25168
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Smart Energy Tunneling cluster can carry various payloads.
The type of payload is determined when the tunnel is established.
However, we cannot be sure to capture the tunnel establishment and
therefore heuristics are used to determine the payload type.
The IP protocol is added as a heuristic dissector because the
specification allows IP in the tunnel payload. However, the only
real life payload type I am aware of is GBCS messages in
UK Smart Metering (https://smartenergycodecompany.co.uk).
Finally, if a heuristic dissector cannot be found, the Data
dissector is used.
Change-Id: I4942bf00d0d0efe7047db6494cd4f8a9d19c96b6
Reviewed-on: https://code.wireshark.org/review/25181
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a simple example of changing preferences that don't
affect dissection to something else, so that changing them
doesn't cause a file to be redissected unnecessarily
Change-Id: I77c64c739e8bbc9f2a202f744f27cb07be4a822b
Reviewed-on: https://code.wireshark.org/review/25173
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We currently accumulate all of the object data in memory, so we can't
support objects whose size doesn't fit in a size_t; that means the
maximum object size is 2^32-1 bytes on ILP32 platforms, even though we
allow the size to be up to 2^63-1 bytes.
Change-Id: I2b45f2f1a6a4a68c97d34931aea6f5294db41b6e
Reviewed-on: https://code.wireshark.org/review/25174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add flags field to preference structure to help determine what
areas of Wireshark are affected by a preference changing. The
intent is to be able to distinguish dissection from GUI or other
changes that are not dissection.
The default is to have all preferences affect dissection, but their
flags can be changed. This patch doesn't change any flags from the
default.
Change-Id: Ied5ae961bc3f33f5b730b2892fff3fa0898380b8
Reviewed-on: https://code.wireshark.org/review/25171
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not add two "Handle:" in COL_INFO for opcode "Error Response".
Change-Id: I13dd5fc3bbef1762c2e868dfe885fa5d6437412e
Reviewed-on: https://code.wireshark.org/review/25152
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If on Long Header, the version field is set to 0x00000000, it is a version Negotiation Packet
with the list of all supported version (with some GREASE)
Bug: 13881
Change-Id: I56b7cecd112950fb557aadc434f367b74eebe07b
Reviewed-on: https://code.wireshark.org/review/25138
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With draft-08 Connection ID is changed to Omit Connection ID in Short Header frame
Bug: 13881
Change-Id: I9e53dc370ea692636143d2129754a3dc62d068bd
Reviewed-on: https://code.wireshark.org/review/25136
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Explicitly return 0 from make-dissectors on success. Hopefully this will
fix some Windows builder failures.
Change-Id: I0c172597584c52ced2380719135e8559ef83392a
Reviewed-on: https://code.wireshark.org/review/25150
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I05da9a546f5de81783e4c9d004aff7dbb3ead44b
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/25146
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12457
Change-Id: Ie97747704b12a0ba70bb6adb1a8c251dfcaca08f
Reviewed-on: https://code.wireshark.org/review/25132
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add new offset field in BLOCKED and STREAM_BLOCKED frame
Add new stream_id field in STREAM_ID_BLOCKED
Bug: 13881
Change-Id: If030728c46607ea9ea3a500d925b30aaf9a841a8
Reviewed-on: https://code.wireshark.org/review/25121
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MAX_STREAM_ID is rename to MAX_STREAM_ID_BIDI
and there is a new paramter MAX_STREAM_ID_UNI
Bug: 13881
Change-Id: I99bcc559a133ded88f4caedd887f481147063496
Reviewed-on: https://code.wireshark.org/review/25120
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix for unused variable mq_MQPRI_vals
Fix test when displaying unique MQ Segment (vs multi MQ segment)
Changed my name in AUTHORS
Change-Id: I8ffa5523dbf8469d2814d2a90348eea61a05823a
Reviewed-on: https://code.wireshark.org/review/25106
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Do not add custom UUID dissectors to the DecodeAs "btatt.handle"
table because it does not work to DecodeAs this attributes using
the "BT ATT Handle" field.
This removes some of the artificial protocols which is generated
from BT attributes, and avoids adding new ones when extending
the custom UUID dissection support.
Change-Id: I8384a56b49cac2ea64508470d67c67b6ec7cd13e
Reviewed-on: https://code.wireshark.org/review/25107
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The IEEE 802.15.4 dissector is built-in and will never be not present,
and if disabled then call_dissector() will call data handle.
Change-Id: Ie8d2a1bed1ba540df1a5bc239b57e475b346c8f1
Reviewed-on: https://code.wireshark.org/review/25103
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From/to Server/Client
Store the port destination to found key need to be used
Change-Id: If7f2edcdb21f5b5aa9de28431db8dc3ec6d76602
Reviewed-on: https://code.wireshark.org/review/25083
Reviewed-by: Anders Broman <a.broman58@gmail.com>
not longer negotiated version on Client Hello but on encrypted extensions
Missing add new TransportParameterId (ack_delay_exponent and initial_max_stream_id_uni)
Bug: 13881
Change-Id: I5d76662b8c7767c48fdec460e2249d49c6693f18
Reviewed-on: https://code.wireshark.org/review/25018
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
using varint for Stream ID/Offset/Length
Bug: 13881
Change-Id: I9c9524e494e6cb8785d919fee596f94401b12fed
Reviewed-on: https://code.wireshark.org/review/24991
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improve display of ID Struct for FAP Lvl 13
Improve display for Segmented MQ Mesages
Add also the ReasonCode of the ASYNCH_MESSAGE in column and tre node
Added various new CONST for display
Change-Id: I458296e466d0744627e0b4f645d634b0c6d930de
Reviewed-on: https://code.wireshark.org/review/25009
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Idad6411139226cb6694b8dad5cb2107882f90848
Reviewed-on: https://code.wireshark.org/review/25102
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When capturing on hardware with segmentation offload enabled IPv6
payload size can be reported as zero.
This commit adds a preference to dissect such frames.
Heavily based on the TSO code of packet-ip.c
Bug: 14155
Change-Id: Ibec3c35c739d8673fa655bde4f66198a22f567c4
Reviewed-on: https://code.wireshark.org/review/24900
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic77d12ac07f82ea315734782f97b035376b8b2e8
Reviewed-on: https://code.wireshark.org/review/25099
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I360bc4f802e28e9fc64cbd5cc06e514cbaf3b25f
Reviewed-on: https://code.wireshark.org/review/25091
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Uppercase a lot of "index" words in strings to quieten checkAPI.
Removed some redundant double spaces.
Change-Id: Ica5915095037ec3da1d7c92d05c3a4d155bb302c
Reviewed-on: https://code.wireshark.org/review/25092
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
assignmnet => assignment
update message to show its the length value in error
Change-Id: Ic320dafb00d4e6ceb7b3b7addaf2bff25739851f
Reviewed-on: https://code.wireshark.org/review/25089
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add support for new objects g0v196-210
Rework handling of g0 objects
Change-Id: I64c46cf4709799711a7cc6ca77fe356e47dced62
Reviewed-on: https://code.wireshark.org/review/25086
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Missing Handshake and need to fix dissection of payload with varint change...
Bug: 13881
Change-Id: Ib8fb6321436d72c8c4dba172dd43ef31288615d9
Reviewed-on: https://code.wireshark.org/review/24962
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I365e40d1e0c287ecfcee30fb72538d360926b827
Reviewed-on: https://code.wireshark.org/review/25068
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It seems using gcry_strerror() should be correct,
it also fix building when --without-gnutls (when -lgpg-error is not added):
/usr/bin/ld: epan/.libs/libwireshark.a(packet-ipsec.o): undefined reference to symbol 'gpg_strerror@@GPG_ERROR_1.0'
Change-Id: I142e2e553fd7da501bd57635b8826ff42e114085
Reviewed-on: https://code.wireshark.org/review/25064
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new Long and Short Packet type
Set version field before packet number
Bug: 13881
Change-Id: I894bc5ada0d5d0269c8d12749533eaa07c553635
Reviewed-on: https://code.wireshark.org/review/24961
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Updated InformationElements as defined at
https://www.iana.org/assignments/ipfix/ipfix.xhtml
Includes updates for RFC8038 and RFC8158.
Change-Id: I66411428d0faee4290b5134b1c31c84b49996f2e
Reviewed-on: https://code.wireshark.org/review/25013
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
evaluate_sdnv_64() returns gint64 and does indeed return -1 for errors.
Use a gint64 variable to hold the return value, cast to guint64 if necessary.
Change-Id: I2aa6f95302cf20f758a872c00c3d49857f2faea4
Reviewed-on: https://code.wireshark.org/review/24989
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patchset involves the changes done to decode header and trailer
extensions correctly. There were places where the frame offset was
not handled properly leading to the improper decoding of the subsequent
fields.
Also, the subtree name for Trailer extension was not proper.
Change-Id: Ia38ddddbcd83435ce8aaa73791a2f5a14918b48f
Reviewed-on: https://code.wireshark.org/review/24140
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris