In RTPS, regular samples are serialized with the format
<encapsulation, serialized data> and thus, the dissection of the
encapsulation was suggested to be done in the custom dissector.
However, batches are serializing the encapsulation only once as
<encapsulation, sample 1, sample 2>. This makes us need to dissect
the encapsulation in the RTPS dissector and providing as (void*) data
to the custom dissector. This way we support the regular samples
dissection as well as the batches dissection.
I have defined rtps_dissector_data in packet-rtps.h and I suggest
we include that header file when we want to write a custom dissector.
Bug: 12029
Change-Id: I74ed4c31484f9a99ad6c44c6c34cc52be2adb7c8
Reviewed-on: https://code.wireshark.org/review/13413
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-path mutation responses can have a variable number of values
encoded in them:
- Successful requests have 0..N values, one for each mutation which
wishes to return a value (e.g. SUBDOC_COUNTER)
- Unsuccessful requests have 1 value, specifying the index and status
of the first failing mutation
Add support for decoding a variable number of response values.
Change-Id: Ia1f682f7f701829bd808a44ee142ffe912095e15
Reviewed-on: https://code.wireshark.org/review/13688
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
get_dirname may return NULL instead of the original string, so avoid
patterns like get_dirname(strdup(x)). Writing to
cf_path.toUtf8().data() is fine btw, toUtf8() returns new memory.
This fixes two memleak reported by LeakSanitizer via fileset_add_dir and
MainWindow::captureFileReadFinished (both via cf_callback_invoke).
Change-Id: I0f1528763e77e1f55b54b6674c890a9d02302ee8
Reviewed-on: https://code.wireshark.org/review/13691
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by LeakSanitizer:
Direct leak of 18 byte(s) in 3 object(s) allocated from:
#0 0x55ec8c5ffec8 in __interceptor_malloc (run/wireshark+0x145dec8)
#1 0x7f4d021e4328 in g_malloc /build/src/glib-2.46.2/glib/gmem.c:94
#2 0x7f4d021fd0de in g_strdup /build/src/glib-2.46.2/glib/gstrfuncs.c:363
#3 0x55ec8c6ce514 in extcap_parse_interface_sentence extcap_parser.c:670:26
#4 0x55ec8c6ce7ad in extcap_parse_interfaces extcap_parser.c:683:13
#5 0x55ec8c6b6781 in interfaces_cb extcap.c:313:5
#6 0x55ec8c6b4ce6 in extcap_foreach extcap.c:206:26
#7 0x55ec8c6b62a6 in extcap_interface_list extcap.c:415:5
#8 0x55ec8c6b7fab in extcap_register_preferences extcap.c:437:9
#9 0x55ec8c63104a in main wireshark-qt.cpp:847:5
#10 0x7f4ce8f4460f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
#11 0x55ec8c569ed8 in _start (run/wireshark+0x13c7ed8)
Change-Id: I0ef89e647b2cc9aab495a80f6c638e9b67cf3ad1
Reviewed-on: https://code.wireshark.org/review/13692
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Userlog is user flow logs of H3C device.
Flow logging records users' access to the extranet. The device classifies and
calculates flows through the 5-tuple information, which includes source IP address,
destination IP address, source port, destination port, and protocol number,
and generates user flow logs. Flow logging records the 5-tuple information of
the packets and number of the bytes received and sent. With flow logs, administrators
can track and record accesses to the network, facilitating the availability and
security of the network.
examplecapture: https://wiki.wireshark.org/SampleCaptures#UserLog
Bug: 11878
Change-Id: If3b5ca75bdd6cd8dc12af4a35401c5a6aa193a73
Reviewed-on: https://code.wireshark.org/review/8148
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-Add AES-CMAC encryption need to check MIC when deriving TDLS keys (802.11)
-Tested against NIST test vector for AES128-CMAC
Bug: 11312
Change-Id: Id4fd839bdedd3aa135823334e59d98271aea7c2b
Reviewed-on: https://code.wireshark.org/review/13663
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Use same API as SHA-1
- Tested against NIST's test vectors (byte oriented implementation)
Bug: 11312
Change-Id: I7fea7d13c43da059138153b17de7084ef9d81ac5
Reviewed-on: https://code.wireshark.org/review/13662
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
specified in the EtherCAT mailbox header.
Change-Id: I661c62af915b9455da1df49f5746953d41dc527a
Reviewed-on: https://code.wireshark.org/review/13595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'openflow.ofp_match.pad' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
Change-Id: I514bdf6a77ddbf9f8d7e614ea6f4ecf04a664453
Reviewed-on: https://code.wireshark.org/review/13677
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'ospf.mpls.bc' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT8
'ospf.v3.lsa.link_local_interface_address.ipv6' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
Change-Id: I6a014c072c05bdb30ae30d56a6718062fccc75c7
Reviewed-on: https://code.wireshark.org/review/13681
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I58192af77c8e9af94183e5d82d282e22dc91b49e
Reviewed-on: https://code.wireshark.org/review/13659
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 11933
Change-Id: I7ac03166c4c69a2366da26c44a89aee60116ac7f
Reviewed-on: https://code.wireshark.org/review/13674
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
parsing
Change-Id: I55d0b435ae1b12e14a20dd9ea18ba05188b0e378
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13666
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Only marginally useful in this case.
Change-Id: I62eace56128b10f409b6139599f098e6604675cd
Reviewed-on: https://code.wireshark.org/review/13672
Reviewed-by: João Valverde <j@v6e.pt>
Don't just display every field that's not a STRING as a lump of hex
bytes; display them (and make them filterable) according to their data
type.
Change-Id: I5717c45bc970616ba9438277e1bcaae46c3cbdf8
Reviewed-on: https://code.wireshark.org/review/13669
Reviewed-by: Guy Harris <guy@alum.mit.edu>
De Morganize an expression.
Clear the selection at start. Selecting the first item (104apci) seems
to confuse people.
Change-Id: I8fcd1f068f1801042a2658940175b46bdfb2b462
Reviewed-on: https://code.wireshark.org/review/13647
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
the code in question deals with the scenario where the length field's
value is larger than the number of remaining bytes
we can simply stop the dissection if truncation of the data is expected
if not, we continue disecting and we'll get an exception when we reached
the end of the data...
Change-Id: I3f29df694d9ea7d41f19511d267ef6b785527e3c
Reviewed-on: https://code.wireshark.org/review/13624
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
into consideration.
This makes it possible to differentiate between packets on different
vlans and can be expanded to handle tunnels.
Change-Id: Id36e71028702d1ba4b6b3047e822e5a62056a1e2
Reviewed-on: https://code.wireshark.org/review/13637
Reviewed-by: Anders Broman <a.broman58@gmail.com>
