When built with -DCMAKE_BUILD_WITH_INSTALL_RPATH=1, make-taps and
make-dissectors fail to run because they cannot locate libwsutil.so.0.
Since v2.9.0rc0-178-gbb81bef535 ("glib: Get rid of GLIB_CHECK_VERSION as
we now require 2.32.0") wsutil is definitely no longer needed.
Change-Id: Ida269fdb5f2cba979e3776f57c1a6bf3d546fe5d
Reviewed-on: https://code.wireshark.org/review/27329
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie0aa418e0515b56f0abfbab4f4c5ebc9edd7b81b
Reviewed-on: https://code.wireshark.org/review/27314
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add attribute table similar to the other CIP related dissectors. Currently, this just adds 2 attributes. More will come in separate reviews. (Still clarifying some information in the Spec)
2. Minor wording updates to match spec
Change-Id: I667b8e465d576020471c8e7fc10b43e25ea573dd
Reviewed-on: https://code.wireshark.org/review/27180
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
added flag 6/2 PDIU
Change-Id: Iab0cf7a1def8d0c9949df83b41478ac1f23b3844
Reviewed-on: https://code.wireshark.org/review/27318
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
flags are uint8 but the whole list was set as uint16
Change-Id: Ie52d621d35b68897919d5451c93b6c82e1d45649
Reviewed-on: https://code.wireshark.org/review/27300
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spec states that connSupervisionTimeout = Timeout * 10 ms
Change-Id: I89494c74d80b63c85f001540ea79850736457b21
Reviewed-on: https://code.wireshark.org/review/27255
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Some preference modules did not exist, so importing would not work.
While vuze-dht used to have a configurable protocol name, it no longer
supports that, so remove it from the list.
Add some sanity checks to prevent bug 14316 from going undetected again,
and to ensure that dead code is removed when prefs are removed.
Change-Id: I5df809af66a6c19f9eb9a6b75d5e60c96008cde4
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27227
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They were flipped. See https://wiki.wireshark.org/SampleCaptures,
Bluetooth_HCI_and_OBEX_Transaction_over_USB.ntar.gz, packets 153136/153140
for an example.
Change-Id: Iaac853fad16e97ff88ba38a7b4c5cbbdd13052b3
Reviewed-on: https://code.wireshark.org/review/27206
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Loading an old Wireshark profile with certain deprecated preferences
could result in a crash due to type confusion. If the new preference was
a range type, then four bytes of the pointer (address) to the range was
overwritten with the numeric value of the deprecated preference.
Minimal reproducer:
tshark -opgm.udp.encap_ucast_port:0 -r ../test/captures/empty.pcap
Bug: 14316
Change-Id: Ia8dc24f81f6b2e6494448dadffe810606765cb9e
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27226
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apple bsdpd uses the same routine to parse BSDP suboptions as it uses to parse
the DHCP options, which means that the "pad" (0) and "end" (255) options (as
described in RFC 2132) are also accepted as BSDP suboptions. Just like when
used as DHCP options, they do not follow the usual TLV template: They do not
have a length field and do not have any value, so they always consume exactly
one byte.
This change enhances the BSDP suboption dissector to accept the "pad" (0) and
"end" (255) suboptions, without any stored length or value.
Apple firmware/software does not issue BSDP "pad" or "end" suboptions, but will
tolerate them in received packets. At least one 3rd-party BSDP implementation
(the Dell KACE K2000 appliance) includes a BSDP "end" suboption in packets it
sends. Prior to this fix, function dissect_vendor_bsdp_suboption was expecting
a length for these suboptions, leading to dissection failing with error
"Suboption 255: no room left in option for suboption length".
For further discussion -- in which the exact same issue is found to affect
VMware virtual machine firmware -- refer to the VMware Communities forum thread
at https://communities.vmware.com/message/2459144#2459144 .
Interestingly, when Apple's bsdpd finds an "end" BSDP suboption, it simply
records that an "end" was encountered, and continues parsing until the whole of
the vendor options blob is consumed. The BSDP suboption dissector required no
modification to match that behavior.
Testing Done: Built Wireshark on Linux amd64. Loaded a BSDP ACK[LIST] from a
Dell KACE K2000 appliance; Previously it would issue an error about there
being insufficient room for the length of the "end" suboption, and now it
parses correctly. Modified the packet to include a string of "0" and "255"
suboptions, and observed that they were parsed as expected: One byte each,
no subtree, no length, and parsing continues afterwards. 200,000 iterations
with tools/fuzz-test.sh using the original BSDP packet, 4,000 of which were
under Valgrind.
Change-Id: I1786414b2ef0b8726d989a566d0e8a3525d516b8
Reviewed-on: https://code.wireshark.org/review/27210
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_ldss_transfer had a trivial read overrun: "line" was not
NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
any leading whitespace, so a malformed LDSS packet (with only whitespace
characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
trigger a read overrun.
Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
of the input characters (which, it seems, must always be ASCII), and produces a
neat NUL-terminated string.
Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
without the fix (to reproduce the failure), and then with the fix, and
observed that no errors were reported anymore after the fix. 60,000 iters of
fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
of the "ldss and tcp" packets; All looks good.
Bug: 14615
Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
Reviewed-on: https://code.wireshark.org/review/27204
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I541bd728c159e95c2d5daa8ce0bfea3961ff1db9
Reviewed-on: https://code.wireshark.org/review/27203
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>