This change adds a protocol dissector for the Management Component
Transport Protocol (MCTP). This is a failry simple datagram-based
protocol for messaging between components within a single platform,
typically over I2C, serial or PCIe.
This dissector just implements the header fields, and sequence-number
based message reassembly. Inner protocols will be added as follow-up
changes.
Linux has support for AF_MCTP data, so decode from the MCTP SLL ltype.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
It's not a general key for looking up arbitrary conversations - that's
what an array of conversation elements is for - it's just a pair of
address/port endpoints. (It's not even hijacked for conversations
identified by a circuit ID any more.)
And change them to say "set" rather than "create"; they do more than
just allocate an array of conversation elements, they stuff a pointer to
that array into pinfo, which may affect what other dissectors do.
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
The endpoint elements pinfo->conv_endpoint and pinfo->conv_elements
cause find_or_create_conversation (via find_conversation_pinfo) to
look for conversations based on those endpoints. It should also
make it create conversations based on those endpoints, so that
subsequent calls find the same conversation it just created instead
of repeatedly creating new ones.
Since the endpoint_by_id code uses elements and not the old
endpoint structure, it shouldn't set pinfo->use_endpoint to
TRUE when creating, and it should check if pinfo->conv_elements
is NULL, not pinfo->conv_endpoint.
Fix
```
*** CID 1505356: Null pointer dereferences (REVERSE_INULL)
/builds/wireshark/wireshark/epan/conversation.c: 1427 in find_conversation()
1421 * conversation with the specified address B and port B as the
1422 * first address and port, and with any second address and port
1423 * (this packet may be going in the opposite direction from the
1424 * first packet in the conversation).
1425 * (Neither "addr_a" nor "port_a" take part in this lookup.)
1426 */
>>> CID 1505356: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "addr_a" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1427 if ((addr_a != NULL) && (addr_a->type == AT_FC)) {
1428 DPRINT(("trying wildcarded match: %s:%d -> *:*",
1429 addr_b_str, port_a));
1430 conversation = conversation_lookup_no_addr2_or_port2(frame_num, addr_b, port_a, etype);
1431 } else {
1432 DPRINT(("trying wildcarded match: %s:%d -> *:*",
```
Convert the address+port conversation code to element lists. Make our
conversation keys element lists. Document more of the conversation API.
Update the Conversation Hash Table dialog to use the new API.
Describe an alternative key type and data structure at the top of
conversation.c.
Switch the non-endpoint *_by_id conversation routines to use element
lists. Change the ID type from guint32 to guint64. None of them used the
address+port option flag arguments, so remove them.
Rename conversation_lookup_hashtable to conversation_lookup_addr_port.
Add a new conversation_lookup_hashtable that consolidates some duplicate
code and takes a general set of arguments similar to the other
conversation_*_hashtable routines.
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
Check for null conversations in conversation_add_proto_data,
conversation_get_proto_data, and conversation_delete_proto_data.
Document them as well. Ping #18043.
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code can be called by the GUI, outside of the scope validity.
Bug: 15810
Change-Id: I1f394cb3d1f978d6e99fe15d8238153aad62ebee
Reviewed-on: https://code.wireshark.org/review/33499
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit ba202ef362.
Creating endpoints, and corresponding conversations, for protocols atop which TCP or UDP runs can potentially cause attempts to look up the conversation to find the conversation for that protocol rather than for TCP/UDP, which can confuse protocols running atop TCP or UDP.
Change-Id: I3ca522e54e67cc4f996d0ee841c6bb40ee6a9976
Reviewed-on: https://code.wireshark.org/review/28912
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add conversation_new_pinfo(), which uses the endpoint if present, and
have find_or_create_conversation() use it rather than
conversation_new().
Remove find_or_create_conversation_by_id() - it's no longer needed.
Bug: 15018
Change-Id: Ib13e539751af0f071aede4ee0ed751d0cb72ba3f
Reviewed-on: https://code.wireshark.org/review/28908
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That isn't working, because it depends on the notion that for every
"endpoint type" there's a "port type" for the packet_info structure;
that's not true for ISDN channels.
The whole point of "use the packet_info structure when trying to find a
conversation and create it if it doesn't exist" is to use address
information *already filled in by somebody for use by other dissectors*;
we don't do that with the ISDN channel number, because there's no *need*
to do so.
So just add a new find_or_create_conversation_by_id() routine, which
passes the packet_info structure to get the frame number, and explicitly
passes the endpoint type and ID. Use that in the ISDN dissector.
Bug: 15018
Change-Id: Id0e997254b0eaf7cbc9261a2adff639ecbf083c0
Reviewed-on: https://code.wireshark.org/review/28904
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For various attempted matches, print what we're matching against.
Change-Id: Ib915aa9bc6e6e1ea6cc7a273f261db2a4952c0c4
Reviewed-on: https://code.wireshark.org/review/28900
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't show address or ports that aren't provided; this is especially
important for address 1, where its absence is indicated by the pointer
being null, so we can't blithely dereference it.
Show ports as unsigned, because that's what they are.
Change-Id: I162b6f08a3973c0cded0742c267a016dbb5ee31a
Reviewed-on: https://code.wireshark.org/review/28543
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pass empty (AT_NONE) addresses to find_conversation and
conversation_create_endpoint instead of NULL, similar to the LBTxx and
other dissectors.
Bug: 14394
Change-Id: Ia4573b276551a9c3d2da155faf786e8d15229100
Reviewed-on: https://code.wireshark.org/review/25620
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Replace with conversation API that limits the "endpoint" to a single
uint32 value.
The intention is to eventually have "layered" endpoints, because circuit_id
was used in cases where src/dest port have already been populated (and
are used for layers above). Those src/dest ports should just be treated
as just another endpoint, but we currently only have support for one.
Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960
Reviewed-on: https://code.wireshark.org/review/24369
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8752123a740c47f9328e0144624d4fbf4e200165
Reviewed-on: https://code.wireshark.org/review/24314
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the few necessary conversation APIs to make conversion possible.
Change-Id: I775f23005c48cacd2be342bdc704af4738f0789c
Reviewed-on: https://code.wireshark.org/review/24310
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id5857a58513c38dd0ab5b30b61113bcc14e1ecee
Reviewed-on: https://code.wireshark.org/review/24258
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iab03ebbfc982bf7182851f63c17fa59bc71d7709
Reviewed-on: https://code.wireshark.org/review/24219
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add endpoint information to the packet_info structure for dissectors
to potentially use as their data to create conversations.
This patch includes a simple "example" of using conversation_create_endpoint
with TDMoP. The assignment of the PT_TDMOP "port type" has been replaced by
setting ENDPOINT_TDMOP within the endpoint structure. Then when subdissectors
of TDMoP call find_or_create_conversation(), it implicitly picks up the
conversation information set by TDMoP
Change-Id: I11dc29989cccd3b0f0349ee901babb455ca02d19
Reviewed-on: https://code.wireshark.org/review/24190
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Andrew Chernyh <andrew.chernyh@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>