Change-Id: I0a4eb85abd75ed706ea519371f2c62b172c05297
Reviewed-on: https://code.wireshark.org/review/25326
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
A capture with a Server Hello failed to be dissected because the record
was split in TCP segments of one byte each. This resulted in a
"Malformed Packet" exception because ssl_looks_like_sslv2 looks at the
third byte which. To fix this, ensure that at least the size of a TLS
record is available.
Change-Id: I8558028a28169020bc6549fdac29e07ecedf6ce2
Reviewed-on: https://code.wireshark.org/review/25310
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Renumber key_share extension, display the old codepoint as "Reserved
(key_share)" in case an older draft version is loaded. The old codepoint
(40) was apparently used for different purposes:
https://www.ietf.org/mail-archive/web/tls/current/msg25168.html
Add a new "signature_algorithms_cert" extension which is similar to
"signature_algorithms", except that it advertises the supported
algorithms in certificates rather than handshake messages.
Change-Id: Ibbb09100e2540deea8f652ba0685feadb68f33e7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/25309
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make HTTP2 headers filterable.
Change-Id: I1a1a42ccdb41461f048e9ae462421ecad79da61b
Reviewed-on: https://code.wireshark.org/review/24475
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I8b69922c2bbb7905480277e7b28d9894453e785b
Signed-off-by: Anton Glukhov <anton.a.glukhov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/25284
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the term "external capture interfaces".
Change-Id: I216ce2273737b58e4922c476416333ba16d6cb30
Reviewed-on: https://code.wireshark.org/review/25298
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a trailing NULLs so that we don't read past the end of
hfi_nfct_attr_status_flags and hfi_nfexp_attr_flags_bitfield.
Bug: 14336
Change-Id: I1e96a89f60df2d653c4f3ad63f29cf57eb0224a5
Reviewed-on: https://code.wireshark.org/review/25290
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Have the make-dissectors CMake target explicitly depend on copy_cli_dlls,
otherwise we might try to create dissectors.c before libglib-2.0-0.dll
has been copied into place. It looks like this is what's been causing
our random Windows PD failures.
Change-Id: Ia2445f17abd2c73113ab269ba6c606f48e724d93
Reviewed-on: https://code.wireshark.org/review/25292
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Decode additional data of NTP opcodes 8,9,10,11,12 only as one string.
There's room for improvement to dissect the string for all the
name=value pairs. To do so more samples of different implementations are
needed.
Used reference:
* https://tools.ietf.org/html/draft-ietf-ntp-mode-6-cmds-03
* http://doc.ntp.org/
* sample captures attached to bug
Bug: 14270
Change-Id: I4da537bf2a984b673845333714d8a8cb873f3147
Reviewed-on: https://code.wireshark.org/review/25281
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This UAT was limited (allowed configuring RACH channels only) and hasn't been extended for 4 years now.
There is also a heuristic dissector for RACH channels so pre-configuring them is unnecessary.
Change-Id: I266d2a0aba179318e1c28e0d5bc2b60860962fb2
Reviewed-on: https://code.wireshark.org/review/25270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since the message number isn't explicitly encoded in the protocol there
is no field to filter on. It is however derived from the message
contents and added in the info column.
Adding this as a generated field allows searching for and filtering of
these messages.
As requested before, last at SF'17 EU.
Change-Id: Id77612f0178710d30ea815335b0a54339d5d7b2c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25257
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The correct length for an AT_STRINGZ address of "" is 1, not 0. A
length of 0 for an address is valid only if the pointer-to-address-data
is null.
Change-Id: I1da6de5ed402020ed5c8389a911870a54fa8b14a
Reviewed-on: https://code.wireshark.org/review/25258
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes a build failure when building the wireshark-git package on Arch
Linux using GCC 7.2.1:
epan/dissectors/packet-h223.c: In function ‘dissect_mux_sdu_fragment’:
epan/dissectors/packet-h223.c:207:13: error: variable ‘circuit_id’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
Fixes: v2.5.0rc0-1698-g800b26edbe ("Remove circuit API")
Change-Id: I0b63f692e840e852680467b25ba3c3dfd31392ed
Reviewed-on: https://code.wireshark.org/review/25251
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make plugins.c the source of truth for plugin names. Where plugins
reside and what they do are two different things, so split the plugin
directory and description into two separate elements.
CMake creates portable[1] builds on Windows and macOS. That is, the
build-time directory layout is the same as the installation directory
layout. Adjust various plugin paths macOS accordingly.
[1] You have to run osx-app.sh on macOS to prepare the application
bundle, but the goal is to create a directory/bundle that can be moved
or copied to a different system and run in the new location.
Change-Id: Icf9d02e61918fdf1404468baf52542910edf2743
Reviewed-on: https://code.wireshark.org/review/25166
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Shift the value stored in coinfo->block_mflag in
dissect_coap_opt_block so that we store 0/1 instead of 0/8.
Change-Id: I45ac08564ff1fdcaf4e7306692db862b6a70989b
Reviewed-on: https://code.wireshark.org/review/25248
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Niels Widger <niels@qacafe.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For queries, there appear to be two different versions, one with a
2-byte value of some unknown type and one with a 1-byte value that
appears to be an "appliance type" code followed by a 2-byte VLAN ID.
For replies, there only appears to be a version with a 1-byte "appliance
type" followed by a 2-byte VLAN ID, but handle a too-short payload.
Also point to http://www.rhyshaden.com/cdp.htm in some comments.
Change-Id: If1b476d5e6b23c7e0ba027835c6f0c84c8b723b7
Reviewed-on: https://code.wireshark.org/review/25249
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow decoding of LoRaTap in UDP packets like used by gr-lora (https://
github.com/rpp0/gr-lora) for instance.
Change-Id: I812c428db840a646b6fb22437037dcb8fab39370
Reviewed-on: https://code.wireshark.org/review/25247
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
UNSOLICITED_PONG (0xB): An endpoint received a PONG frame that did
not correspond to any PING frame that it previously sent.
Bug: 13881
Change-Id: I8f3daf46965b93007dd178622f3ebd7c187b11e7
Reviewed-on: https://code.wireshark.org/review/25239
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AS23456 is reserved in RFC6793 for 32-bit AS number range as AS_TRANS.
Add an additional text "(AS_TRANS)" to AS 23456 items.
Bug: 14305
Change-Id: I1a0ea9e07c74b7e409cb32e2da55dbf233a2348d
Reviewed-on: https://code.wireshark.org/review/25172
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ASN.1 prose imported from the specification and heavily modified
manually to workaround its poor quality.
Some of them are marked with -- WS modification comment, some are not.
Probably useless as-is, but it is an initial start until an updated
version is available.
Change-Id: I19ab6cedb6aa23c8ed57bae525ee4a3391494e32
Reviewed-on: https://code.wireshark.org/review/25235
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When doing recursion check we must also count down when done.
Bug: 14253
Change-Id: Icacc86e8b25e106e151117dbcc2f132b1bbe898e
Reviewed-on: https://code.wireshark.org/review/25226
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Another simple example of how to use preference effects to limit
the times a capture file is redissected unnecessarily.
Also clean up some of the grammar of preference effect descriptions.
Change-Id: I2db92e8e3ee913d3b37162916bd0ef7ac8ecd794
Reviewed-on: https://code.wireshark.org/review/25175
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've added more fields, increment the pre-allocation amount
Change-Id: If0e68697c797e8709349a59b86fbcd4397730476
Reviewed-on: https://code.wireshark.org/review/25220
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow LoRaTap syncword field to be used for "decode as".
Fix field types for LoRaWAN EUI fields to display as EUI-64 little endian.
Change-Id: I584f338031a4bc87e127d35a7bf8751a60e93d55
Reviewed-on: https://code.wireshark.org/review/25199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This interperates the main body of Lustre traffic.
This dissects all current Lustre OPCODES (as of Lustre 2.10.2)
This dissects MDS REINT sub-opcodes
This dissects LDLM Intent opcodes
This dissects LLOG EADATA
Conversation matching is just IP based and not IP/port based.
Only one lustre "instance" can be running on a given host at a given time,
and request / reply pairs aren't don't always match by port numbers.
Add exception for lustre_* structure names in PROTOABBREV.
We have several lustre.lustre_* because the internal lustre structre is
named lustre_ (i.e. lustre_handle or lustre_msg_v2)
This is still a work in progress, as there are missing FLAG values
and some LLOG EADATA structures that aren't fully decoded.
Change-Id: If57085e2692565336e49f40fb475ca1035da7a35
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24800
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the addition of power values to the top-level item for the TLV so
that it actually adds power values.
Make the list of power values in that item display correctly, without
extra commas.
Fail if the length of the TLV is less than 8. (We should really add an
expert info item for that.)
Change-Id: Ic4229c0652306f69156b8341c9fbb67cacc8154c
Reviewed-on: https://code.wireshark.org/review/25215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a recursion check to tvbparse so that we don't overflow our stack.
Bug: 14253
Change-Id: I0f667c3720311318267a1184b33e33253f8ff729
Reviewed-on: https://code.wireshark.org/review/25202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissecting of LS Types bytes for LS Requests was missing.
Dissecting of LS Types bytes for LS Acknowledgments have been implemented.
Bug: 14310
Change-Id: I13d5b564a1e97f0c5a33c749273b11f94c90cbc0
Reviewed-on: https://code.wireshark.org/review/25183
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Protocols of protocol type 802.2 (PT = 2) are encoded with the
"normal" ethernet type when PT length == 8.
Used reference: https://docs.fd.io/vpp/17.10/d2/d71/cdp__protocol_8h_source.html
Show IPv6 addresses as IPv6 and not as bytes.
Change-Id: I0f192e758bcc1a562f042609fa5d0d9527551bb8
Bug: 14311
Reviewed-on: https://code.wireshark.org/review/25168
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Smart Energy Tunneling cluster can carry various payloads.
The type of payload is determined when the tunnel is established.
However, we cannot be sure to capture the tunnel establishment and
therefore heuristics are used to determine the payload type.
The IP protocol is added as a heuristic dissector because the
specification allows IP in the tunnel payload. However, the only
real life payload type I am aware of is GBCS messages in
UK Smart Metering (https://smartenergycodecompany.co.uk).
Finally, if a heuristic dissector cannot be found, the Data
dissector is used.
Change-Id: I4942bf00d0d0efe7047db6494cd4f8a9d19c96b6
Reviewed-on: https://code.wireshark.org/review/25181
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is a simple example of changing preferences that don't
affect dissection to something else, so that changing them
doesn't cause a file to be redissected unnecessarily
Change-Id: I77c64c739e8bbc9f2a202f744f27cb07be4a822b
Reviewed-on: https://code.wireshark.org/review/25173
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We currently accumulate all of the object data in memory, so we can't
support objects whose size doesn't fit in a size_t; that means the
maximum object size is 2^32-1 bytes on ILP32 platforms, even though we
allow the size to be up to 2^63-1 bytes.
Change-Id: I2b45f2f1a6a4a68c97d34931aea6f5294db41b6e
Reviewed-on: https://code.wireshark.org/review/25174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add flags field to preference structure to help determine what
areas of Wireshark are affected by a preference changing. The
intent is to be able to distinguish dissection from GUI or other
changes that are not dissection.
The default is to have all preferences affect dissection, but their
flags can be changed. This patch doesn't change any flags from the
default.
Change-Id: Ied5ae961bc3f33f5b730b2892fff3fa0898380b8
Reviewed-on: https://code.wireshark.org/review/25171
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not add two "Handle:" in COL_INFO for opcode "Error Response".
Change-Id: I13dd5fc3bbef1762c2e868dfe885fa5d6437412e
Reviewed-on: https://code.wireshark.org/review/25152
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If on Long Header, the version field is set to 0x00000000, it is a version Negotiation Packet
with the list of all supported version (with some GREASE)
Bug: 13881
Change-Id: I56b7cecd112950fb557aadc434f367b74eebe07b
Reviewed-on: https://code.wireshark.org/review/25138
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With draft-08 Connection ID is changed to Omit Connection ID in Short Header frame
Bug: 13881
Change-Id: I9e53dc370ea692636143d2129754a3dc62d068bd
Reviewed-on: https://code.wireshark.org/review/25136
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Explicitly return 0 from make-dissectors on success. Hopefully this will
fix some Windows builder failures.
Change-Id: I0c172597584c52ced2380719135e8559ef83392a
Reviewed-on: https://code.wireshark.org/review/25150
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I05da9a546f5de81783e4c9d004aff7dbb3ead44b
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/25146
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 12457
Change-Id: Ie97747704b12a0ba70bb6adb1a8c251dfcaca08f
Reviewed-on: https://code.wireshark.org/review/25132
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add new offset field in BLOCKED and STREAM_BLOCKED frame
Add new stream_id field in STREAM_ID_BLOCKED
Bug: 13881
Change-Id: If030728c46607ea9ea3a500d925b30aaf9a841a8
Reviewed-on: https://code.wireshark.org/review/25121
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MAX_STREAM_ID is rename to MAX_STREAM_ID_BIDI
and there is a new paramter MAX_STREAM_ID_UNI
Bug: 13881
Change-Id: I99bcc559a133ded88f4caedd887f481147063496
Reviewed-on: https://code.wireshark.org/review/25120
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix for unused variable mq_MQPRI_vals
Fix test when displaying unique MQ Segment (vs multi MQ segment)
Changed my name in AUTHORS
Change-Id: I8ffa5523dbf8469d2814d2a90348eea61a05823a
Reviewed-on: https://code.wireshark.org/review/25106
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Do not add custom UUID dissectors to the DecodeAs "btatt.handle"
table because it does not work to DecodeAs this attributes using
the "BT ATT Handle" field.
This removes some of the artificial protocols which is generated
from BT attributes, and avoids adding new ones when extending
the custom UUID dissection support.
Change-Id: I8384a56b49cac2ea64508470d67c67b6ec7cd13e
Reviewed-on: https://code.wireshark.org/review/25107
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The IEEE 802.15.4 dissector is built-in and will never be not present,
and if disabled then call_dissector() will call data handle.
Change-Id: Ie8d2a1bed1ba540df1a5bc239b57e475b346c8f1
Reviewed-on: https://code.wireshark.org/review/25103
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From/to Server/Client
Store the port destination to found key need to be used
Change-Id: If7f2edcdb21f5b5aa9de28431db8dc3ec6d76602
Reviewed-on: https://code.wireshark.org/review/25083
Reviewed-by: Anders Broman <a.broman58@gmail.com>
not longer negotiated version on Client Hello but on encrypted extensions
Missing add new TransportParameterId (ack_delay_exponent and initial_max_stream_id_uni)
Bug: 13881
Change-Id: I5d76662b8c7767c48fdec460e2249d49c6693f18
Reviewed-on: https://code.wireshark.org/review/25018
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
using varint for Stream ID/Offset/Length
Bug: 13881
Change-Id: I9c9524e494e6cb8785d919fee596f94401b12fed
Reviewed-on: https://code.wireshark.org/review/24991
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Used to support variable length in QUIC protocol
Bug: 13881
Change-Id: Ia274b1530152376c5fb4e364fc4cf5ab246be1b3
Reviewed-on: https://code.wireshark.org/review/24990
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improve display of ID Struct for FAP Lvl 13
Improve display for Segmented MQ Mesages
Add also the ReasonCode of the ASYNCH_MESSAGE in column and tre node
Added various new CONST for display
Change-Id: I458296e466d0744627e0b4f645d634b0c6d930de
Reviewed-on: https://code.wireshark.org/review/25009
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Idad6411139226cb6694b8dad5cb2107882f90848
Reviewed-on: https://code.wireshark.org/review/25102
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When capturing on hardware with segmentation offload enabled IPv6
payload size can be reported as zero.
This commit adds a preference to dissect such frames.
Heavily based on the TSO code of packet-ip.c
Bug: 14155
Change-Id: Ibec3c35c739d8673fa655bde4f66198a22f567c4
Reviewed-on: https://code.wireshark.org/review/24900
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic77d12ac07f82ea315734782f97b035376b8b2e8
Reviewed-on: https://code.wireshark.org/review/25099
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I360bc4f802e28e9fc64cbd5cc06e514cbaf3b25f
Reviewed-on: https://code.wireshark.org/review/25091
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Uppercase a lot of "index" words in strings to quieten checkAPI.
Removed some redundant double spaces.
Change-Id: Ica5915095037ec3da1d7c92d05c3a4d155bb302c
Reviewed-on: https://code.wireshark.org/review/25092
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
assignmnet => assignment
update message to show its the length value in error
Change-Id: Ic320dafb00d4e6ceb7b3b7addaf2bff25739851f
Reviewed-on: https://code.wireshark.org/review/25089
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add support for new objects g0v196-210
Rework handling of g0 objects
Change-Id: I64c46cf4709799711a7cc6ca77fe356e47dced62
Reviewed-on: https://code.wireshark.org/review/25086
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Missing Handshake and need to fix dissection of payload with varint change...
Bug: 13881
Change-Id: Ib8fb6321436d72c8c4dba172dd43ef31288615d9
Reviewed-on: https://code.wireshark.org/review/24962
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I365e40d1e0c287ecfcee30fb72538d360926b827
Reviewed-on: https://code.wireshark.org/review/25068
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It seems using gcry_strerror() should be correct,
it also fix building when --without-gnutls (when -lgpg-error is not added):
/usr/bin/ld: epan/.libs/libwireshark.a(packet-ipsec.o): undefined reference to symbol 'gpg_strerror@@GPG_ERROR_1.0'
Change-Id: I142e2e553fd7da501bd57635b8826ff42e114085
Reviewed-on: https://code.wireshark.org/review/25064
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new Long and Short Packet type
Set version field before packet number
Bug: 13881
Change-Id: I894bc5ada0d5d0269c8d12749533eaa07c553635
Reviewed-on: https://code.wireshark.org/review/24961
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Updated InformationElements as defined at
https://www.iana.org/assignments/ipfix/ipfix.xhtml
Includes updates for RFC8038 and RFC8158.
Change-Id: I66411428d0faee4290b5134b1c31c84b49996f2e
Reviewed-on: https://code.wireshark.org/review/25013
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
evaluate_sdnv_64() returns gint64 and does indeed return -1 for errors.
Use a gint64 variable to hold the return value, cast to guint64 if necessary.
Change-Id: I2aa6f95302cf20f758a872c00c3d49857f2faea4
Reviewed-on: https://code.wireshark.org/review/24989
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patchset involves the changes done to decode header and trailer
extensions correctly. There were places where the frame offset was
not handled properly leading to the improper decoding of the subsequent
fields.
Also, the subtree name for Trailer extension was not proper.
Change-Id: Ia38ddddbcd83435ce8aaa73791a2f5a14918b48f
Reviewed-on: https://code.wireshark.org/review/24140
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Putting up for review, though I am not completely convinced that
file_gets() can return an empty line.
Bug: 14295
Change-Id: If36761ea511b66c01a9f167809a218a7eadbfcc5
Reviewed-on: https://code.wireshark.org/review/24997
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some fields in the header are in the byte order of the host that wrote
them; one of them is a 32-bit AF_ value, and those are not likely ever
to be > 65535, so they should never have any of the upper 16 bits set,
and are also unlikely ever to be AF_UNSPEC, i.e. 0, so they should have
at least one of the lower 16 bits set. This means that they will have
at least one of the upper 16 bits set iff the host that wrote the file
has the opposite byte order of the host that's reading the file; use
that to determine whether to byte-swap the address-family or flags
fields. (The SPI field is in *network* byte order.)
Change-Id: I2d483c75d5c6bbab8fd16c5dc0a800f8710f764c
Reviewed-on: https://code.wireshark.org/review/24998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add interface to expand the QUIC cleartext secrets
(quic_derive_cleartext_secrets),
an interface to create the cleartext ciphers
(quic_create_cleartext_decoders),
an interface to decrypt messages using this cipher
(quic_decrypt_message).
Change-Id: Id546150be2964959388b7ef69984b891521e5caa
Reviewed-on: https://code.wireshark.org/review/24435
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Shouldn't have led to problems so far, assuming sane overflow behavior
and sizeof (int) == sizeof (guint32), but better safe than sorry.
Change-Id: I1e154b311b9f0e3113bc9c7b4d8456ede16804ef
Reviewed-on: https://code.wireshark.org/review/24930
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Adding support for URNTI mapping when UE is moving from PCH/FACH to DCH
Change-Id: Iad67d7a88aac619171886cf35285e03d848146ae
Reviewed-on: https://code.wireshark.org/review/24963
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia396355d706f08772a597ecc45746d8d4bb0b0c1
Reviewed-on: https://code.wireshark.org/review/24952
Reviewed-by: Anton Glukhov <anton.a.glukhov@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5364e3deed22f98b77e2a6390e4cce6de3a9c7bd
Reviewed-on: https://code.wireshark.org/review/24918
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Warn that it is subject to change, although there is an experimental
Linux patch using it, so it's probably *unlikely* to change.
Update another comment while we're at it.
Change-Id: I4d5eb1461a83b990b75312ebab9471c2fe4749af
Reviewed-on: https://code.wireshark.org/review/24985
Reviewed-by: Guy Harris <guy@alum.mit.edu>
CentOS 6 ships with glib 2.28.8 which do not support
g_ptr_array_new_full (make-taps/make-dissectors) and need to link with
wsutil for glib-compat.
g_thread_new was only introduced with GLib 2.32 (not 2.31), so adjust
the check accordingly. Abort in case thread creation fails (as
documented). Properly initialize threads or it will abort on runtime
(this also requires linking epan with gthreads in CMake, autotools
already includes it with GLIB_LIBS).
Change-Id: Ie81d6df7b3b26aaa4eb25e23719a220755e2c13c
Reviewed-on: https://code.wireshark.org/review/24978
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some compilers are more picky than others and I eliminated the use of a
value_string array that I should not have in reorganizing the Extended
Capabilities info.
Change-Id: I1dcb09bf9f8df69445ebde8b88897482ddd1fa82
Reviewed-on: https://code.wireshark.org/review/24984
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
"dissectors.c.in" is an input file for "make-dissectors" which outputs
"dissectors.c", but does not contain C code. Rename it to
"dissectors.in.txt" instead.
When a dissector is removed from the list, the dissectors.c file was not
properly generated even if CMake was re-run. Fix this by adding an
additional dependency on the input file. autotools likely suffers from
the same problem with removed files, I have not tried to fix that.
Restore's João's original approach using file(GENERATE) to avoid using
configure_file, this requires CMake 2.8.12.
Change-Id: Id07cd8ef502186a90d41b3bb77ed0d9c94845af9
Fixes: v2.5.0rc0-1763-gfe0c2b0485 ("Rewrite make-dissector-reg.py in C")
Reviewed-on: https://code.wireshark.org/review/24659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
packet-ieee80211.c:2326:27: error: ‘vht_max_mpdu_in_amsdu’ defined but not used [-Werror=unused-const-variable=]
static const value_string vht_max_mpdu_in_amsdu[] = {
Change-Id: If4cc416b7fe92dc7915e26d2d89abaa17b081c09
Reviewed-on: https://code.wireshark.org/review/24977
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
with some old (and buggy) compiler (gcc 4.8.5)
Change-Id: Ie5e4f71d3f4a12f786f2c8b139bba7a0688a8d29
Reviewed-on: https://code.wireshark.org/review/24973
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SCSI requires parameter data to be passed into the tap. Provide
a new dialog that can handle SCSI commands.
Bug: 14144
Change-Id: I4561f251ec38753a28befee33b8b994b04b92230
Reviewed-on: https://code.wireshark.org/review/24955
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change handles both 8-byte and 9-byte extended capabilities fields
by handling them as an 8-bit field if there are only 8 bytes, but handling
them as a 16-bit field if there are 9 bytes. This is because one field
straddles the bytes, but I have seen captures where only 8 bytes are
present.
Change-Id: I624fe34dd9c8ba7f25a451a172048897d867fcb5
Reviewed-on: https://code.wireshark.org/review/24971
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that HE Information is starting to be used in radiotap headers we need to
start defining and showing these. More will be comming, especially the dissection
of the header itself and carrying info in the ieee_802_11_phdr structure.
Change-Id: I94c2184e83243656764147029295ad4ce4254416
Reviewed-on: https://code.wireshark.org/review/24945
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The offset must be advanced or else dissection of the following
extensions will result in a malformed packet exception.
Bug: 14292
Change-Id: I8b5cb2f377c8d3e01677b76f5bb6c3126dea64f9
Reviewed-on: https://code.wireshark.org/review/24970
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and update FT_CONNECTION_CLOSE
Change-Id: I2758fb5b2b036d01c4fce3ef90bcafa0b000ee7d
Reviewed-on: https://code.wireshark.org/review/24431
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of the TDS_BUF_LOGIN (aka TDS4/TDS5 login) packet.
Add some support routines to remember the endian nature of each connection.
Dissecting the TDS5 login requires dissecting the TDS_CAPABILITY token as well.
Change-Id: Id92dedeaf4b5d192bab7ec99775e371f229db3e3
Reviewed-on: https://code.wireshark.org/review/24831
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I960c1e1860bf4ec80260a105b7a5abbf5d8db386
Reviewed-on: https://code.wireshark.org/review/24958
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The ArtTrigger packet is used to send trigger macros to the network. The
most common implementation involves a single controller broadcasting to
all other devices.
Please see page 41 of the referenced PDF for the packet definition of
the ArtTrigger OpCode.
https://www.artisticlicence.com/WebSiteMaster/User%20Guides/art-net.pdf
Change-Id: Iec2e749732e5462cf04b9c6942df7379e4247255
Reviewed-on: https://code.wireshark.org/review/24936
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add Object-Security option handling to CoAP.
2. Add RFC8132 defined codes.
3. Fix indentation.
4. Use macros for masks.
Change-Id: I48c71513db14e79133fe323578123f99946cbaa9
Reviewed-on: https://code.wireshark.org/review/24913
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
* TEIDIR should use the UINT8 type (its only 3 bit really)
* Network Instance length needs to take the already decoded
bytes into account
3GPP TS 29.244 Section 8.2.82
Change-Id: I6772ca726f5e5d65c68a6d3dae8eff43e72196e0
Reviewed-on: https://code.wireshark.org/review/24940
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Enterprise ID is included in the length. Don't skip it twice.
3GPP TS 29.244 Section 8.1.1.
Change-Id: If601309c0008775268e399bbedf7ab956ae0ec6b
Reviewed-on: https://code.wireshark.org/review/24939
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PDN Connection Set Identifier is two bytes.
3GPP TS 29.244 Section 8.2.43
Change-Id: I6ac1dab341e4ae54cbbdcbcbe8583a6a49293269
Reviewed-on: https://code.wireshark.org/review/24938
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Node ID is encoded as DNS label according to RFC 1035. That RFC
states that a label can have maximum length of 63 characters.
3GPP TS 29.244 Section 8.2.38 and RFC 1035 Section 2.3.4.
Change-Id: I54ba4a204e2bf010b5b61b4be7f6ca483d7210b9
Reviewed-on: https://code.wireshark.org/review/24937
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjusted bitmask in both IEs to correct order of bytes
3GPP TS 29.244 Sections 8.2.19 and 8.2.41
Change-Id: Ia9409c0d33b8821d459faf1d502f833883416b40
Reviewed-on: https://code.wireshark.org/review/24929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Matej Tkac <matej.tkac.mt@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
HF is related only to single -5th- octet
3GPP TS 29.244 Section 8.2.58
Change-Id: Id0d4dd644cc4f94dec2a7ab73cea7b02bff1fc9f
Reviewed-on: https://code.wireshark.org/review/24926
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In accordance with 3GPP TS 29.244 Section 8.2.62
Change-Id: Id3663817f64cab60713e02ca9e9a26349fe1a29a
Reviewed-on: https://code.wireshark.org/review/24925
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before if (al_obj & 0x02) was incorrectly being used to test if it was a
variation with a timestamp.
Now it is done in the same manor as Object 21 with a switch statement
that falls through if it isn't a timestamp variation.
Change-Id: I9adaf9c0be3ad01f1cf87ba09f47257daeadb47c
Reviewed-on: https://code.wireshark.org/review/24915
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic599195cbbcdbf229b126a7f95ef5a4de8aea0ec
Reviewed-on: https://code.wireshark.org/review/24919
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
A number of the bits have become reserved and what were reserved fields now
have meaning.
I will have to deal with bytes 8 and 9 differently because there is a 2-bit
field that spans those two bytes now, but it is clear some STAs don't include
byte 9. If not included those two bits probably have no meaning.
Change-Id: I5ea17d7d6710a693f9153a3370813dbb3ae01fa1
Reviewed-on: https://code.wireshark.org/review/24887
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If parse_CM_Req parses a IP_CM_Req_Msg, export just the payload,
instead of the ip_cm_sid and the payload.
Change-Id: I67258d2f6d240885e48ea537906d2769eafe3bae
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24796
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some of the ASN.1 dissectors process their data indirectly through
dissector tables. Add dissector_try_string_new so that they can do so
without appending duplicate entries to frame.protocols.
Change-Id: If9e12d81f9d0cc5b3bf19816e675a0fb79d904a6
Reviewed-on: https://code.wireshark.org/review/24886
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Qt log output changes in g6a5e90f2 changed the Qt message handler
to use g_log. Lua logging already used g_log. The Qt variant of
funnel logger, which is used by Lua as g_log backend, is currently
using qDebug and this gives recursive calls to g_log and thus an assert.
Rewrite the lua logging to not use g_log.
Change-Id: Icf4f0022a11cb32d2b4f413f76d946f2506e283d
Reviewed-on: https://code.wireshark.org/review/24888
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I618df2f2608adcd1be5da02262c5296e4d86cfba
Reviewed-on: https://code.wireshark.org/review/24866
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
There is a problem where one field decodes differently
depending on another fields content.
A code has been added to save information for 021_150_IM field.
When the next field 021_150_ASPD is decoded, the
stored information determines how it shall be scaled.
This is a special case for I021/150 only.
The same way as this change, other changes shall be done for
fields that are dependent on other fields.
Bug: 14076
Change-Id: I51f2c8f79bc6bde9efc0429e54fbea36818e9b36
Reviewed-on: https://code.wireshark.org/review/24734
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. SOCKSv5 dissection was broken if authentication was used since the
used state machine states were initialized, but not saved correctly, and
the first server state transition was wrong.
I also fixed the GSSAPI variant analogously, but could not verify this
since I have no traces of this.
2. SOCKSv5 actually has a different "subnegotiation field" for the
authentication messages. This is added, and the original SOCKS version
is added as a generated field (i.e. for filtering).
3. Info column setting is moved to the *_display_socks_* routines to fix
two-pass dissection (as used by GUI Wireshark), since only here the
correct per-packet state is used. The hash_info (as used by the
*_state_machine_* functions) is already fully populated on second pass.
Change-Id: Ib39434dafce08188cd2da347118d0509a7613915
Reviewed-on: https://code.wireshark.org/review/24712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These items are now in 802.11 2016 so they are no longer draft items.
Change-Id: I89b694f30700e08d9edc2e3707f36f8cf30dd0f2
Reviewed-on: https://code.wireshark.org/review/24877
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEEE802.11-2016 standardized those bits, so it's no longer a draft standard.
I am slowly getting these things correct as I prepare for support for
IEEE802.11ax D2.0.
Change-Id: I3fc4497f2b85bae78043b9fd997379a44898f3db
Reviewed-on: https://code.wireshark.org/review/24860
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to RFC 5492 [1], paragraph 5, Data field of BGP
notification for Open message error/unsupported capability must
list the set of unsupported capabilities
Bug: 14274
Change-Id: Iacd33b5c83bc234652d2a5444f0029640d33e1c5
Reviewed-on: https://code.wireshark.org/review/24829
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not give an uninitialised error pointer to g_dir_open(), this
will give a crash if g_dir_open() fails.
Remove wslua_dir.dummy because it is not used by anyone.
Change-Id: I044eee021393f2ea2aa022138bbf6fd099eb0908
Reviewed-on: https://code.wireshark.org/review/24840
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently, the function assumes the input is represented as
a string representation of the hex string of the addresses.
Instead, the parameters are sent as plain text IPs.
We reactivate the helper functions that convert the addresses
from the latter to th former representation and add support
for handling masks in the input.
Bug: 14229
Change-Id: I750a546b39404a1fbc86cee604a33e506f7240d8
Reviewed-on: https://code.wireshark.org/review/24469
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I66f9dc050735fd0a73b9938a9db0c5978cec40a4
Reviewed-on: https://code.wireshark.org/review/24834
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Free some variables in error handling.
Change-Id: I0d0653962b11f760c31872aa7e5b5f1d20c54dcb
Reviewed-on: https://code.wireshark.org/review/24842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add default type handling in proto_custom_set() to prevent crashes when
trying to use FT_IPXNET, FT_AX25 or FT_VINES items as custom columns.
This will also work as a safeguard when adding new types.
Change-Id: Iaf3b48aec72f0e5c10332b0e6d5f7221b0196e15
Reviewed-on: https://code.wireshark.org/review/24836
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I857cdcc3a15cd01c3b5cc7e31be043048ef5f1ed
Reviewed-on: https://code.wireshark.org/review/24784
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We always pass a GHashTable * to plugin_if_gui_cb so don't cast it to a
gconstpointer. This should fix the following and related warnings:
main_window.cpp: In function ‘void plugin_if_mainwindow_apply_filter(gconstpointer)’:
main_window.cpp:121:44: warning: cast from type ‘gconstpointer {aka const void*}’ to type ‘GHashTable* {aka _GHashTable*}’ casts away qualifiers [-Wcast-qual]
GHashTable * data_set = (GHashTable *) user_data;
Fix another const warning while we're here.
Change-Id: Ia9225188bfb913feb4fef4369f10fd5791fc8dc9
Reviewed-on: https://code.wireshark.org/review/24830
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This is useful to implement language bindings (Lua, Python, etc) and
good practice in general.
Non-breaking change to the API.
Change-Id: I8d16c14880e5aa53212af8418c468a6ec3aa8954
Reviewed-on: https://code.wireshark.org/review/24814
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Allow epan itself to be extended by plugins. Adds the following new plugin
interfaces:
void plugin_epan_init()
void plugin_epan_dissect_init(epan_dissect_t *)
void plugin_epan_dissect_cleanup(epan_dissect_t *)
void plugin_epan_cleanup()
void plugin_epan_register_all_protocols(register_cb, gointer) [OPTIONAL]
void plugin_epan_register_all_handoffs(register_cb, gointer) [OPTIONAL]
Any one of these can be an empty function but the first four must be
present.
The motivation for the change is a better way to implement a language binding
other than registering a fake protocol and stuffing everything into a single
dissector call (and maybe require an extra packet_info field) but I expect
there would be other interesting use cases.
Change-Id: I215d50750ac7561fe25fdcdcfbc6a3f351984785
Reviewed-on: https://code.wireshark.org/review/24813
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
So far decode just packet headers
Change-Id: I7a01f3c83b97882f4c669122ad94b2bdab0ab251
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Reviewed-on: https://code.wireshark.org/review/24583
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will make the code easier and removes the use of a generic
"Expert Info" as name.
Change-Id: I57ad2adb851726106ddc5009f3c6ca61721f647a
Reviewed-on: https://code.wireshark.org/review/24792
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the mode bit is zero, we have to do different things than if
it is 1.
Change-Id: I5ed8bec1d350c02b736818cad5ab864748145686
Reviewed-on: https://code.wireshark.org/review/24775
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change the expert info registry to use summary text as field name instead
of blurb to show the correct column header tooltip in custom columns.
Preserve backward compability by not use empty summary text.
Change-Id: Ibbaf142165be0d9f42d1e2476f39f8d251ea0593
Reviewed-on: https://code.wireshark.org/review/24788
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This is valuable when adding a expert info field as custom column,
but will also make sense for other FT_NONE types.
Change-Id: Ib1a14c59a5450f2e713f190aecf3484586d116c4
Reviewed-on: https://code.wireshark.org/review/24787
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change from the text "Yes" to a utf8 check mark to indicate the
precense of a protocol in custom columns.
Change-Id: I9510333fc12148bf1f61aa2ddea2c6d390a9491a
Reviewed-on: https://code.wireshark.org/review/24783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Dissect the Venue URL element. More to come.
Change-Id: I64330b3f90f9f6222df0fb00d3ea277f59424e98
Reviewed-on: https://code.wireshark.org/review/24776
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 14259
Change-Id: Iab6b494bebaa913267f94d41b7950b67dd406cb6
Reviewed-on: https://code.wireshark.org/review/24705
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use the previous recorded version as version and set field as generated.
Bug: 14262
Change-Id: I0872ed826ccd8a5a1b75b071d810404d08ddc7b3
Reviewed-on: https://code.wireshark.org/review/24741
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fields I009/080 were wrongly represented for CAT009. 8 and 16 bit
long fields were represented as 24 bit.
Change-Id: I5bd1c1f006292f58d0290ced80dde22324cb4002
Reviewed-on: https://code.wireshark.org/review/24746
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14267
Change-Id: I23eb82a2f9bb2d57952f71870cc0fc8f12f036df
Signed-off-by: Anton Glukhov <anton.a.glukhov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/24735
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I395d0c168a6ba2fc8fad85598e6355493b897a7a
Reviewed-on: https://code.wireshark.org/review/24748
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Two settings had the same string "Select the CAT001 version".
One should be CAT002.
Change-Id: Iee6204a1064af786338d1b53c7b983763b985a0c
Reviewed-on: https://code.wireshark.org/review/24745
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the routines that create them take a pointer to a struct
packet_provider_data, store that in the tvbuff data, and use it to get
the wtap from which packets are being read.
While we're at it, don't include globals.h in any header files, and
include it in source files iff the source file actually uses cfile. Add
whatever includes that requires.
Change-Id: I9f1ee391f951dc427ff62c80f67aa4877a37c229
Reviewed-on: https://code.wireshark.org/review/24733
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have separate packet_provider_data structures and packet_provider_funcs
structures; the latter holds a table of functions that libwireshark can
call for information about packets, the latter holds the data that those
functions use.
This means we no longer need to expose the structure of an epan_t
outside epan/epan.c; get rid of epan/epan-int.h.
Change-Id: I381b88993aa19e55720ce02c42ad33738e3f51f4
Reviewed-on: https://code.wireshark.org/review/24732
Reviewed-by: Guy Harris <guy@alum.mit.edu>
libwireshark now expects an epan_t to be created with a pointer to a
"packet provider" structure; that structure is opaque within
libwireshark, and a pointer to it is passed to the callbacks that
provide interface names, interface, descriptions, user comments, and
packet time stamps, and that set user comments. The code that calls
epan_new() is expected to provide those callbacks, and to define the
structure, which can be used by the providers. If none of the callbacks
need that extra information, the "packet provider" structure can be
null.
Have a "file" packet provider for all the programs that provide packets
from a file.
Change-Id: I4b5709a3dd7b098ebd7d2a7d95bcdd7b5903c1a0
Reviewed-on: https://code.wireshark.org/review/24731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use QTextLayout to draw each line in ByteViewText instead of drawing
fragments ourselves. Build our pixel-to-byte-offset map when we draw our
first line, which should hopefully make it more accurate. This should
fix layout and hover issues on some systems.
Start moving common code to DataPrinter.
Mark prefs.gui_hex_dump_highlight_style GTK+ only.
Bug: 11844
Change-Id: Ifda16ae7dc1a5ea22570c0bfd0eb20cee621bfc9
Reviewed-on: https://code.wireshark.org/review/24717
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add support for the netlink messages used by userspace conntrack
helpers.
Change-Id: I37d3829399834f578a0ab0f08eab99f119445ff5
Reviewed-on: https://code.wireshark.org/review/24695
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix indentation while we're at it.
Change-Id: If8acaa944fd4c1aae848faa3a99f7566e003e801
Reviewed-on: https://code.wireshark.org/review/24707
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by scan-build.
Change-Id: I89b56bac951ccb7054d494592928306a860f9e5e
Reviewed-on: https://code.wireshark.org/review/24697
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't make sure we have the full server entry before trying to dissect
it; that way, a malformed frame that was really too short on the network
(as opposed to being cut short by a snapshot length) will get reported
as such.
Change-Id: Ib7f0d909645a698162ebcd9b3fe8dd2d520983b7
Reviewed-on: https://code.wireshark.org/review/24696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The split isn't necessary now that epan no longer uses the capture_file
structure.
Change-Id: Ia232712a2fb5db511865805518e8d03509b2167f
Reviewed-on: https://code.wireshark.org/review/24693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Embed one of those structures in a capture_file, and have a struct
epan_session point to that structure rather than to a capture_file.
Pass that structure to the routines that fetch data that libwireshark
uses when dissecting.
That separates the stuff that libwireshark expects from the stuff that
it doesn't look at.
Change-Id: Ia3cd28efb9622476437a2ce32204597fae720877
Reviewed-on: https://code.wireshark.org/review/24692
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have the top-level protocol tree item for a server entry cover the
entire entry, rather than just the server name. Have the server name be
just another entry under that top-level item.
Change-Id: I8089f3e132a0f388c87ba04caa3d15f5146c2303
Reviewed-on: https://code.wireshark.org/review/24688
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have cfile-int.h declare the structure, and use it in files that
directly access the structure.
Have cfile.h just incompletely declare the structure and include it
rather than explicitly declaring it in source files or other header
files.
Never directly refer to struct _capture_file except when typedeffing
capture_file.
Add #includes as necessary, now that cfile.h doesn't drag in a ton of
Change-Id: I7931c8039d75ff7c980b0f2a6e221f20e602a556
Reviewed-on: https://code.wireshark.org/review/24686
Reviewed-by: Guy Harris <guy@alum.mit.edu>
As stated in https://tools.ietf.org/html/rfc6388#section-3.2
MP2MP uses the same structure as the P2MP FEC element.
Bug: 13171
Change-Id: Ia619deac6075f5eb27dff2144edbbb60b440cc46
Reviewed-on: https://code.wireshark.org/review/24677
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Fix detection of TDS7 Prelogin responses to have fewer false positives.
This was causing regular responses to be recognized as Prelogin responses if they
happened to begin with a DONEINPROC token.
- Define symbolic constents for the Prelogin options.
- Apply the version_convert processing to the relevant prelogin options as well as
to the loginack_progversion.
- Correct the display of the program version in version_convert.
- Factor out the setting of tds7_version so it can be called from the dissect_tds7_login
as well as dissect_tds_login_ack_token. This is needed to correctly handle tokens
which come before the loginack token in the login response.
- Fix the wording of a comment in my last commit.
Change-Id: I57615bbb1e780db37cda25d8d5d7f964f68b337e
Reviewed-on: https://code.wireshark.org/review/24664
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I1007fdff01b370c06a8ccfb1145fd162ffde9a94
Reviewed-on: https://code.wireshark.org/review/24674
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now also trying to resolve C-RNTIs in FACH from the global RNTIs map
Change-Id: If9ce5b73d6855271c15001fd73d8acaaaf9d1864
Reviewed-on: https://code.wireshark.org/review/24665
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
RXLEV and RXQUAL fields in RSL "Uplink Measurements" use same scale
format (0-63, 0-7) as RXLEV and RXQUAL in RR. RXQUAL value-string is
moved to packet-gsm_a_common.c in order to use it in both protocols.
Change-Id: Idadd9505225353fec76b9605e2045a5222669475
Reviewed-on: https://code.wireshark.org/review/24663
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
While we are at it, let's add a partial dissection of
PLMN-IdentityWithOptionalMCC-r6 IE.
Bug: 14248
Change-Id: I20b76bc74c248914db21629f8ce77799fccb1612
Reviewed-on: https://code.wireshark.org/review/24661
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Decompressed header" tab contains some human-readable text, but no
field was associated with it. Instead, the fields were attached to raw
compressed headers which, all with the same offset and length.
Ensure that each byte in the decompressed header tab is accounted for.
The only fields that are still pointing to the raw compressed buffer is
the http2.header field (covering a full raw header), the representation
type (a few bits, at most 1 octet) and the index length (guessed length,
an exact value is probably not worth the cpu cycles).
Change-Id: Ic0118e9ed583841a2d353f8b8c28dcafea3401f2
Reviewed-on: https://code.wireshark.org/review/24660
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Slight adjustment to I394fa91a5cfa1700fb12441d4884c0367b39df8b
Change-Id: Id097a39265f49a79f3d39855ef6b5c95ffe8c4f1
Reviewed-on: https://code.wireshark.org/review/24654
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added a link inside the Topic Information feature so users can
quickly go to the discovery data associated with the writer sending
this submessage.
Change-Id: I3a89630a275e5d857e8bbf86dc5171c9f0921d5b
Reviewed-on: https://code.wireshark.org/review/24646
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia827c43b161a2b64804b0eac220b428eb853d255
Reviewed-on: https://code.wireshark.org/review/24647
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of calling wmem_strbuf_finalize, which frees the strbuf
structure and makes it unsuitable for reuse, call wmem_strdup +
wmem_strbuf_truncate. This fixes a heap-use-after-free.
Bug: 14248
Change-Id: I498e10ed9f9afa7fa72b607eb43f68c710de777e
Reviewed-on: https://code.wireshark.org/review/24650
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure process_netbios_name doesn't write past the beginning of its
buffer.
Bug: 14249
Change-Id: Idb294ba2362e48b879bc4c0c0ddaf64fcf1b5d72
Reviewed-on: https://code.wireshark.org/review/24651
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Missed out some that would probably result in too many links.
Added FT_FRAMENUM_RETRANS_PREV and FT_FRAMENUM_RETRANS_NEXT to enum,
these display as arrows like REQUEST and RESPONSE do.
Change-Id: I6e8d222955f2ba59a713e8a389837b55a1c7f262
Reviewed-on: https://code.wireshark.org/review/24600
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
"file(GENERATE ...)" is only supported since 2.8.12, since the list of
sources is fixed at cmake time, just use "file(WRITE ...)".
Change-Id: If4a547803ab536cf8d131045692d3e58301b0cd2
Fixes: v2.5.0rc0-1763-gfe0c2b0485 ("Rewrite make-dissector-reg.py in C")
Reviewed-on: https://code.wireshark.org/review/24638
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since v2.1.0rc0-2202-g6b54fbf3bf, wslua is also not necessary in the
include path, so remove that too.
Change-Id: Ib227b71b08da9fc397d6618b60100ab819570b86
Reviewed-on: https://code.wireshark.org/review/24640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Match closer the behavior of autotools which does not include epan in
its include paths by default.
Change-Id: I885bc7942490a5674c6ac75f9a8ea221555e3784
Reviewed-on: https://code.wireshark.org/review/24639
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Also add some more errors checks, we only pass valid files to make-dissectors.
Change-Id: I9c068e47f35ee6c3da0112ee9ce905af35030475
Reviewed-on: https://code.wireshark.org/review/24625
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Join the protocol registration threads so that they call g_thread_unref
which in turn detaches/terminates the thread. This gets rid of many TSan
and DRD errors here. The remaining ones appear to be false positives.
Add g_thread_new to glib-compat (untested).
Change-Id: I4beb6746ed08656715cf7870ac63ff80cf1ef871
Reviewed-on: https://code.wireshark.org/review/24619
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise we can call CRC functions with a negative value, leading to
a segmentation fault.
Bug: 14250
Change-Id: I394fa91a5cfa1700fb12441d4884c0367b39df8b
Reviewed-on: https://code.wireshark.org/review/24621
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reserved values are a bit of a hack. (If this were Swift....)
Change-Id: I243e8f497345f44d94af6106287556b8831fba92
Reviewed-on: https://code.wireshark.org/review/24633
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I7ca67ceaf72a1e4cc1c7b3ccc8fed79fafefe575
Reviewed-on: https://code.wireshark.org/review/24614
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Draft -22 moved the server version to an extension and makes HRR look
like a SH. SH is now interpreted as TLS 1.2. Detecting TLS 1.3/HRR
requires scanning SH extensions before parsing the message, so do that.
Changes:
- Add draft 22 version identifier.
- Recognize special Server Hello magic for HRR.
- Dissect SupportedVersions for SH/HRR, rename the field to match spec.
- Recognise new Server Hello format (including legacy fields).
- Move version detection up to handshake message dissection to allow
HRR (disguised as SH) to be detected as such. DTLS does not have HRR
and fragmentation makes it harder, so use its version as usual.
- Ignore ChangeCipherSpec again for draft 22 (do not add expert info).
- Allow NST ticket_nonce to be empty.
Change-Id: I9d5f7dba173e1b5c901bf9a6917c65520ee60a2f
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/24340
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't just do it if we're actually creating protocol tree information
for the "Frame" protocol; that information is used even when we're *not*
creating protocol tree information for "Frame".
Bug: 14245
Change-Id: Ie3754e15754fb6a73529e20d8fa68956e206a994
Reviewed-on: https://code.wireshark.org/review/24593
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now maps for all channels and not only E-DCH
Change-Id: I51099e887830e5142b58fd624775d395e354b012
Reviewed-on: https://code.wireshark.org/review/24572
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the ArtPollReply the field order of the style and 3 spare bytes
was wrong, according artnet spec 1.4 page 25 the order should be
spare, spare, spare, style.
Change-Id: I5683e5a8e97643a7bb1962178178c175d485098c
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/24584
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14236
Change-Id: I15f1bc70978d1e5ae3b4bba1ff87b590726cfaa1
Reviewed-on: https://code.wireshark.org/review/24578
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The existing TDS "netlib" packet reassembly code only handles situations where the
netlib header has a valid non-zero packet number. This does not always occur for older
clients, in particular when TDS 7 is not in use.
This has been tested with:
DB-Library 4.6 talking to Sybase
CT-Library 5.0 talking to Sybase
jConnect 5.0 talking to Sybase
.NET 4.5 talking to SQL Server with TLS login
Freetds CT-Library talking to SQL Server with unencrypted login
- I'm not sure of the version of this, in the protocol it appears as 8.0.341.
Change-Id: I1690ba191ba3f4bd10569ab1a26dae82c5bbf260
Reviewed-on: https://code.wireshark.org/review/24470
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Similar to the TLS fix in v2.5.0rc0-1805-gd790c524b4, ensure that the
correct master secret is calculated when extended_master_secret is
enabled with client auth and a decrypted RSA premaster secret.
Bug: 14243
Change-Id: I3d8cecef0f0cc3ec73537053489adc2d0d45c947
Reviewed-on: https://code.wireshark.org/review/24564
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
DTLS decryption works for single-pass dissection, but breaks in the
second pass. Turns out that "curr_layer_num" has decremented in the
second pass, resulting in a failure to lookup the decrypted data.
This decryption issue was triggered by v2.3.0rc0-3740-ge1f84f985e
("Fix Decode As for protocols that may use tunneling.").
The first time the UDP dissector invokes "dissector_try_heuristic", the
second time "call_heur_dissector_direct". The first one increments
"curr_layer_num", so do the same in the second case.
Change-Id: I62679b817b02f42d073cfc07b88ec36d5bec5f04
Bug: 14243
Fixes: v1.11.4-rc1-468-g2cfda31ff0 ("Change the signature of dissector_try_heuristic() to return hdtbl_entry")
Reviewed-on: https://code.wireshark.org/review/24565
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14200
Change-Id: I6d8ac6aae952db21e69fa323fb1e74782d95d1c4
Reviewed-on: https://code.wireshark.org/review/24362
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14241
Change-Id: I5e66b034cf5cd14e2557e5b7bfa3045c2232d1ae
Reviewed-on: https://code.wireshark.org/review/24553
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
This will prevent the file from being created with shell redirection
in case of error and allow printing informational messages to stdout
instead of stderr.
Also improve dissectorc.c Makefile recipe to abort on errors.
Change-Id: I64722927721887b57a7dbe69fd2625c2e4648ad4
Reviewed-on: https://code.wireshark.org/review/24545
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
require.
Add alternate code to fix the build for our minimum required version.
Change-Id: Ia0911c5a6be3af68330ac41a3336d7d47b87b7a9
Reviewed-on: https://code.wireshark.org/review/24535
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When extended_master_secret is enabled with client authentication,
decryption using an RSA private key file would fail because the wrong
master secret is derived. This happens due to an excess
CertificateVerify message in the handshake hash.
Bug: 14243
Change-Id: I02f8302ac4a85422f7df52a234bdddfcb5fe3307
Reviewed-on: https://code.wireshark.org/review/24543
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't need to unnecessarily wrap proto_tree_* functions.
Change-Id: Id2853cfb9059cd90af81e529bcec57eba10e6ab3
Reviewed-on: https://code.wireshark.org/review/24540
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before, the topic information feature showed the topic information
only for DATA submessages. Now it is working for all the submessages.
Change-Id: Ic2fe0ac1de2377a1db627f6498ac6d5159c9cb13
Reviewed-on: https://code.wireshark.org/review/24442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added cluster names to binding requests and match descriptor. Cluster IDs now display in HEX.
Change-Id: I1be4339e324ba4c98ce65016f5a2e60590235d71
Reviewed-on: https://code.wireshark.org/review/24437
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added dissectors for payloads of Calendar cluster.
Change-Id: I5c71078714521e25ad4db82b7ffe5166965d5280
Reviewed-on: https://code.wireshark.org/review/24201
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The $(file ...) function is only available since version 4.0.
Until something breaks or someone complains use the shell to
write dissectors.c.in.
Change-Id: Icfe260004ca04d825c370bb642fcdc4b4be8516f
Reviewed-on: https://code.wireshark.org/review/24532
Reviewed-by: João Valverde <j@v6e.pt>
Add the "special handling" of length = 0xFF for single byte or 0xFFFF
for uint16 value means size of field to follow is 0.
Ping-Bug: 14138
Change-Id: I0baa40f63152b9420a6569ca6cc5eba638fbc790
Reviewed-on: https://code.wireshark.org/review/24428
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a preference to the DNS dissector to specify how many seconds can
elapse before a DNS query is considered a retransmission because the
transaction ID is shared with a previous request.
If retransmission is found, add expert info and hf_ field linking to
the original request.
If a retransmission of a response is found, add expert info and hf_ field
linking to the original response.
Bug: 14178
Bug: 13313
Change-Id: Idd77ab7f7638f5056d5690633c787a4d52285aee
Reviewed-on: https://code.wireshark.org/review/24525
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It doesn't appear to be too expensive of a calculation, so
have preference enable it by default.
Bug: 14182
Change-Id: I330dc99d871424d17c60ab8cff59ba0828dd069a
Reviewed-on: https://code.wireshark.org/review/24529
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added DRLC cluster dissector: cluster, attribute and command names.
Change-Id: Ic678052aaecffce3a4b8fd99d4e2b1eb91051f11
Reviewed-on: https://code.wireshark.org/review/24440
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added Energy Management cluster dissector: cluster, attribute and command names.
Change-Id: If6985ca59c314de4eb3d439999ea31fe167bb3e7
Reviewed-on: https://code.wireshark.org/review/24441
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14230
Change-Id: I008a0fb60c441c5f71788d695b398b73b76c0d69
Reviewed-on: https://code.wireshark.org/review/24450
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Display LACP Port Key/root Bridge Priority in Dec and Hex
mSTP => MSTP
Change-Id: I7079250da134e4bb60d2d5373bfdf2f31235f07a
Ping-Bug: 14200
Reviewed-on: https://code.wireshark.org/review/24401
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Follow-up to b695b3e2f7.
Change-Id: I7e36519f2c3806c1205d05437671325080974257
Reviewed-on: https://code.wireshark.org/review/24524
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Check if mqtt_msg_type is within boundaries of hf_rcode and gives
a valid hfindex.
Change-Id: Ib8ea710d7cd6c61ec493e218d64b50f6faa720c4
Reviewed-on: https://code.wireshark.org/review/24509
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
This reverts commit ed9d085520.
It's causing a segfault on our Windows buildbots.
Change-Id: I3cdd31955bdec7be3ad91cff4af8dc3efdc9e8b7
Reviewed-on: https://code.wireshark.org/review/24510
Reviewed-by: João Valverde <j@v6e.pt>
RCs and their text descriptions are added by this
patch. We use defines for the values and descriptions
because they are shared by many Control Packets, so
in this patch we parameterize them to avoid writing
the descriptions multiple times.
Change-Id: I0afc2cbe69e8cfffa4f65df0b72f09045bb9b3a1
Signed-off-by: Flavio Santes <flavio.santes@1byt3.com>
Reviewed-on: https://code.wireshark.org/review/24263
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Preemptively try to be more resilient for files with spaces in them
(for Windows).
Use newlines to separate file list. Clean up duplicate PIDL file entries.
Change-Id: Ib506cca785836e05e4665e911de0d45ab4da1165
Reviewed-on: https://code.wireshark.org/review/24507
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The output compares equal to make-dissector-reg.py and the regex
should be more robust (multiline, complete start of function definition).
The primary motivation is to clean up the python script. This small
binary results in much cleaner code. The python script is used only
to generate plugin code, therefore it is renamed.
Also in my casual measurements the C code is much faster (without cache)
than the python script with the cache.
Change-Id: Id4e8cac3c836d56775aba4819357a95ef19bcb85
Reviewed-on: https://code.wireshark.org/review/24497
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ide5d7f2241db4ac87ed516f91f0bcaca347bb546
Reviewed-on: https://code.wireshark.org/review/24496
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's just a FT_UINT16, not need for 2 encodings.
Change-Id: I502a61a2ff2a1fd05f1efa48912119f98d10e636
Reviewed-on: https://code.wireshark.org/review/24498
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This sets the scope of the static build option to Wireshark support
libraries only.
Before the patch:
Static plugins don't work with CMake and autotools.
autotools static build is broken, and most likely will always be, as
building Wireshark all-static is difficult and time-consuming.
After the patch:
For CMake Wireshark will be built with static or shared libraries and
dynamic plugins. Everything just works. CMake apparently doesn't want
you building static and shared libraries at the same time.
For autotools Wireshark will be built with shared libraries by default.
--disable-shared and --enable-static options work as usual. Dlopened
plugins are not built if --disable-shared is given to configure (to
disable shared libraries). This is a limitations imposed by libtool.
Tested on Linux. This removes broken support for building plugins
statically.
Change-Id: Ib8e8176976f136eea93a2ce8f9857b6cf9bec64c
Reviewed-on: https://code.wireshark.org/review/24241
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
There is more potential for conversation data than previous circuit data
so ensure h223 conversation data exists in retrieved conversation.
Bug: 14233
Change-Id: I7074b1c110d40b4727812d0ef4f5391b6d2c0c33
Reviewed-on: https://code.wireshark.org/review/24492
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
AndersBroman
Pau Espin