Association analysis causes long loops if there is a lot off
associations or IMIT ABORTS. On a 679K packets trace loading with
amalysis takes 3.31.660 without 0.3.275. The culprit is the for loop
in find_assoc_index().
Change-Id: I07ae0e826c08aded3eb0e7dc3474dcf5cdd556f9
Reviewed-on: https://code.wireshark.org/review/34333
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Existing Apache Kafka support in Wireshark ends at version 0.10.
The version 0.11 (June 2017) brought significant changes to the message
format. This change makes the Wireshark Kafka dissector obsolete.
The recently released Kafka 2.3 has a lot of additions to the wire
protocol, which should be also addressed.
Major changes:
* Applied Kafka protocol changes since 0.10
* Zstd-packed message decompression (since Kafka 2.1)
* Added support for Kafka over TLS decryption
Bug: 15988
Change-Id: I2bba2cfefa884638b6d4d6f32ce7d016cbba0e28
Reviewed-on: https://code.wireshark.org/review/34224
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added missing time offset to GetProfileResponse end time.
Change-Id: I47f31cea709ccc600c9ea182c4bf6cf96410ff78
Reviewed-on: https://code.wireshark.org/review/34322
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Usage of USB address dissector creates several challenges. In order to
improve user experience let's create a custom address dissector.
This allows us to not only drop the busid parameter but also replace
endpoint parameter with hub port for SPLIT transactions.
The address may be one of 3 forms:
- host
- <device address>.<endpoint>
- <hub address>:<hub port> (for SPLIT transactions)
This also adds 3 new fields (source, destination and addr) with
exactly the same meaning as in usb. It also renames current addr field
to device_addr.
Strongly based on initial work by:
Maciej Purski <maciej.purski@gmail.com>
Ping-Bug: 15908
Change-Id: I5702295d7ef9076c3e0373de35ea4ac3cb2a0709
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Reviewed-on: https://code.wireshark.org/review/34279
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the optional HCS field to the snapshot marker (only send on
when non-zero for disk snapshots).
Also, remove the durability timeout field from DCP_PREPARE as it is
not sent and the UI warns about invalid extras length.
Change-Id: I46955e2a719d28a70377bc6addb65fa3356ea1d4
Reviewed-on: https://code.wireshark.org/review/34323
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Passing the appdata dissector via the data parameter caused crashes due
to type confusion, use an alternative, indirect method instead.
Change-Id: I1de3de4e7daf4504c176a6ad8947037606aa20bb
Depends-On: I4770d03f912dd75f92878dd74ad830ebb7eb1431
Reviewed-on: https://code.wireshark.org/review/34312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For use by EAP-TTLS which embeds TLS.
Change-Id: I4770d03f912dd75f92878dd74ad830ebb7eb1431
Reviewed-on: https://code.wireshark.org/review/34311
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support for decoding 29bit CAN IDs. Much of the
existing code was in place for handling 29bit IDs but lacked the
ability to check for the correct 29bit request and response IDs.
This patch adds that ability and correctly selects for use of either
11bit or 29bit CAN IDs.
Change-Id: I7cf10a56aa93d951c3ffa45734139689b3f3af4c
Reviewed-on: https://code.wireshark.org/review/34297
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If9bdc776e249e969f76fdbf86313e7095266ae66
Reviewed-on: https://code.wireshark.org/review/34251
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A subframe number is not as useful as in LTE due to the different
sub-carrier spacing in NR; use the slot number instead.
While we are at it, uniformize a bit the label and info display.
Change-Id: I432546ab38b07e7f256493ece25595a10613841d
Reviewed-on: https://code.wireshark.org/review/34314
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Those generated fields are linked to the dns.qry.name field, so highlight
the same bytes.
Bug: 15999
Change-Id: Ia989b79a9ec14140472b79fdf7acea6e67baee68
Reviewed-on: https://code.wireshark.org/review/34299
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
LSC_DONE messages should dissect the Status Code field.
Status Code provides error code information to client devices.
Bug: 15997
Change-Id: I40f3b2835189047ee428cfc8376065c5eaff6eb4
Reviewed-on: https://code.wireshark.org/review/34280
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Created the Microsoft Diameter file based on MS-CHAP-* AVPs listed at
https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10
Many values are displayed as bytes for simplicit. The MS-CHAP2-Success
attribute could for example be dissected further as 1 byte followed by a
string, but that requires more effort.
Allow padding to be missing since the eap-ttls-mschapv2.pcapng capture
would throw a Malformed Packet exception otherwise.
Bug: 15603
Change-Id: I9efc322a86802e78bb6cd4bc3df1c1282a45fe9e
Reviewed-on: https://code.wireshark.org/review/34291
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested with the three captures from the linked bug: eap-peap-gtc.pcapng,
eap-peap-md5.pcapng, eap-peap-mschapv2.pcapng.
Bug: 15597
Change-Id: Idb1fb2809d05648a3b961af8dbdd9b35c3284c13
Reviewed-on: https://code.wireshark.org/review/34294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for dissecting the decrypted TLS payload as Diameter.
Add support for dissecting the EAP-Message attribute as EAP.
Disable retransmission detection when EAP-Message is detected (EAP in
TLS in EAP) since this results in false positives.
Tested with captures from Bug 15603:
* eap-ttls-pap.pcapng - ok, User-Name and User-Password AVPs.
* eap-ttls-eap-gtc.pcapng, eap-ttls-eap-md5.pcapng - EAP-Message AVP.
* eap-ttls-mschapv2.pcapng - partially supported, does not conform to
Diameter AVP requirements as it is not padded. Microsoft vendor types
are also not yet supported. To be fixed later.
* eapttls-diameter-avp.pcapng (Bug 12880) - EAP-Message AVP.
Bug: 12880
Bug: 15603
Change-Id: Ie7ea282d05c1d3ff8463c34bf259107562714440
Reviewed-on: https://code.wireshark.org/review/34281
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For use by EAP-TTLS which knows the next protocol that must be set.
Similar to the ssl_starttls functions, but simpler as the caller does
not switch the transport protocol to TLS.
Change-Id: Idadb6f33e5e1182bf7b3b0b5134df9af2717a592
Reviewed-on: https://code.wireshark.org/review/34293
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The EAP length field must cover at least Code (1 byte), ID (1 byte),
Length (1 byte) and not have missing data afterwards.
Bug: 14406
Change-Id: I829e2aa33e5f286d55d2e8249457e118e7c3ebcc
Reviewed-on: https://code.wireshark.org/review/34292
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This protocol is a non-standard, ad-hoc protocol to pass baseband GSM
bursts between the modem (osmo-trx) and the encoder / decoder
(osmo-bts-trx). Osmocom inherited this when forking OsmoTRX off the
OpenBTS "Transceiver" program.
Change-Id: I31f5071d08eff1731f1d602886e204c87eed107c
Related: OS#4081 (https://osmocom.org/issues/4081)
Bug: 14814
Reviewed-on: https://code.wireshark.org/review/26796
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
One giant switch starts being very hard to read so let's move its
parts to dedicated functions to improve the readability.
Change-Id: I12861f110a0df862667f59a96710f6d3371c8fa7
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Reviewed-on: https://code.wireshark.org/review/34275
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Remember the most recently seen Identifier field for the authenticator
and peer. Flag packets that mismatch and skip further processing if it
could modify the state as is the case for EAP-TTLS.
Bug: 5056
Change-Id: If439d5ef2ae390208f678ff271d3036efaf9fa7f
Reviewed-on: https://code.wireshark.org/review/34261
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field control field was handled in the same way for QueryNextImageRequest,
ImageBlockRequest and ImagePageRequest, but none of these fields
are defined in the same way according to the specification.
Also the optional MinimumBlockPeriod field in ImageBlockRequest was missing.
Change-Id: Ibd5c7adbcc6493771baf0a099661cbd2282ee71d
Reviewed-on: https://code.wireshark.org/review/34257
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7cbc670b08d0198f0afd466ddedd1dd9888d8000
Signed-off-by: Tom Haynes <loghyr@hammerspace.com>
Reviewed-on: https://code.wireshark.org/review/34259
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Items as SSIG, NSEC and DNSKEY had no descriptive. Add these.
Bug: 15970
Change-Id: I95916e628505c227338346c7aca8ae2dd5050f95
Reviewed-on: https://code.wireshark.org/review/34256
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Incorrect token index being passed to Thread CoAP dissector.
Change-Id: Ic64060134c655a5e7cfdee0cd0b78b98b60f090e
Reviewed-on: https://code.wireshark.org/review/34154
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
TLS requires unique conversations for every TLS session. With EAP-TTLS
over EAPOL, only a single conversation was created, breaking TLS.
Force a new conversation at the start of the EAP protocol to fix this.
This alone was not sufficient, the right conversation was not always
matched. This happened due to wildcard matching in EAP (NO_PORT_B) while
TLS does not use NO_PORT_B. TLS ended up setting a dummy port via
"conversation_set_port2" because PT_NONE is considered connection-less.
Even after treating PT_NONE as *not* connection-less in conversation.c,
the EAP Success message was not correctly matched against a conversation
and resulted into creation of another conversation.
To avoid all of that mess, just use the same conversation matching logic
as TLS, without NO_PORT_B. The original conversation tracking logic in
EAP was presumably added to avoid multiple conversations for EAP over
RADIUS (UDP), but that requirement does not seem necessary.
Verified with `tshark -2r eap-tls-bug-cert.pcap -otls.log_file:out.txt`,
two different `conversation =` values exist for the two sessions.
Bug: 15983
Change-Id: I3376624ee3ea627eaa6233d39ae3c1d19bdc98bb
Reviewed-on: https://code.wireshark.org/review/34247
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A frequent question is what Wireshark version to use for a particular
QUIC draft version. These are documented on the QUIC Tools wiki, add a
reference to help users looking at the source code.
Change-Id: Ieb008d1fa5bfb91e11cb64613336b8bf3e98a5e8
Reviewed-on: https://code.wireshark.org/review/34239
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of these links are broken, but most of the information is severely
outdated. Replace it my a more up-to-date list of references.
Change-Id: I2a7a6041317c281f56ee86fe720a63332d493943
Reviewed-on: https://code.wireshark.org/review/34238
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This avoids multiple dissections on the second pass which could
potentially break decryption and TLS handshake reassembly.
Bug: 15982
Change-Id: I9f83fbd51c732140b831f7d5f29f46e9694e405c
Reviewed-on: https://code.wireshark.org/review/34237
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The new approach for radiotap headers is TLVs. Let people know there
are no more bits available for headers and point them to the correct
place: www.radiotap.org.
Change-Id: I8393c6ea32edd3cb09bcbf8c5e624c222b422c06
Reviewed-on: https://code.wireshark.org/review/34233
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The f5ethtrailer TLS diagnostic information is able to provide
TLS state information from the clientssl and serverssl profiles.
Render the correct info to properly formatted keylog entries
that could in turn be used to decrypt the TLS session in Wireshark.
Preference added to f5ethtrailer to allow disabling the
generation of keylog records
Bug: 15948
Change-Id: I69c02f45827f71d4dd26b733cdd87f99e71bc00d
Reviewed-on: https://code.wireshark.org/review/34141
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Anders Broman
Harald Welte