Dissector for Intelligent Transport System facility messages:
- Cooperative Awareness Message (CAM)
- Decentralized Environmental Notification Message (DENM)
- Infrastructure to Vehicle Information Message (IVIM)
- MAP (topology) Extended Message (MAPEM)
- Signal Phase And Timing Extended Message (SPATEM)
- Signal Request Extended Message (SREM)
- Signal request Status Extended Message (SSEM)
- Electric Vehicle Charging Spot Notification (EVCSN)
- Electric Vehicle - Recharging Spot Reservation (EVRSR)
- Tyre Information System (TIS) and Tyre Pressure Gauge (TPG) interoperability
Subdissectors:
- ITS version if ever the ITS PDU header is changed
- Version << 16 | MessageID to register new message dissectors
- RegionId << 16 | type to register regional extensions
AddGrpC regional additions already provided
TAP:
- its TAP with ItsPduHeader fields provided
Bug: 15148
Change-Id: I4c71d4dfa1d5d63cb57f61a4e1436a60a3482205
Reviewed-on: https://code.wireshark.org/review/31049
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On Windows, filename strings inside Wireshark are UTF-8 strings, so
error messages containing file names are UTF-8 strings. Convert from
UTF-8, not from the local code page.
Bug: 15367
Change-Id: I52f3de2606ec6a592e7cb82b1a9aaeeef8acecef
Reviewed-on: https://code.wireshark.org/review/31090
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When an open type is decoded in ASN.1 PER, one can define a dissector
for the content of the open type. Providing data to the inner dissector
is only possible through packet info private data or global vars.
Use the private_data field from ASN.1 context as the data for the inner
dissector. This avoids using packet info private data to communicate
with the inner dissector, especially if the data to be provided are only
"local" matter.
Ping-Bug: 15148
Change-Id: I8fd2cb69d52e371e7d713afe2cc4b2856fb39f7c
Reviewed-on: https://code.wireshark.org/review/31087
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When decoding an open type in ASN.1/PER and the content length is zero,
do not try to create a buffer. Doing so triggers an error in tvbuff.c.
Ping-Bug: 15148
Change-Id: If892e8c6a84cdfb268e3f6c50af0f7e30a89c59b
Reviewed-on: https://code.wireshark.org/review/31088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, let's propose by default to upgrade to Npcap when WinPcap
is intalled.
Change-Id: Id9aeb3a507127b5956185fba2b74c60cf1dfdf96
Reviewed-on: https://code.wireshark.org/review/31079
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to TS 29.274, ch8.38. the UE NR security capability coding
is specified in clause 9.9.3.53 of 3GPP TS 24.501
Change-Id: I4e5352bf7a5c75a3766b2d1162d8d85c3566da86
Reviewed-on: https://code.wireshark.org/review/31074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add ws_dofile() and ws_loadfile(), which are like the substitute
dofile() and loadfile() we provide, but that, on Windows, take a UTF-8
path rather than a path in the local code page.
Use that to load console.lua.
This means we can load console.lua on Windows even if the full path to
it includes non-ASCII characters.
Bug: 15118
Change-Id: Iaa00639563fe53a34e1e24e42022f3886a38e7c5
Reviewed-on: https://code.wireshark.org/review/31075
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also add the below minor fixes/enhancements:
- Fix O-bit in MT TLV (rfc5120)
- Add IPv4/IPv6 prefix string in a parent subtree
- Modify the IPv6 Reachability TLV dissector so that it would dissect in TLV format order
- Add a new SR Local Block TLV dissector (draft-ietf-isis-segment-routing-extensions-21)
- Fix offset in SID/Label sub-TLV
Change-Id: Ie317f094ff8f2ed3352e844c212eb59a677e18c6
Reviewed-on: https://code.wireshark.org/review/31069
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When creating the temporary capture file to store the imported data in
the file is created with the pcap format. To conform to the change to
using pcapng format by default it is only reasonable to generated a
temporary pcapng format file as well.
Change-Id: I842431c1449751f8f2f3b85a47cab731de794c8a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31066
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With the change from Wireshark's default capture file format from
pcap to pcapng the suffix of the temporary file created in wiretap
was also changed from .pcap to .pcapng. This irrespective of the
actual file type requested. This change retrieves the registered
extension for the requested file type (in its uncompressed form)
and used that for the suffix. File types without a defined default
extension will get .tmp as suffix.
Change-Id: If809fef4325e483072c1fa4ee962125d991a197e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31065
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Just as IP addresses the IP ID is also an entity that is endianess
sensitive. Select the appropriate value in the same way as the IP
addresses.
Change-Id: Ib2f07ea7820b443d0bf6e58fdc5afd7fc429fe22
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31054
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_cip_cm_data() was getting hard to read so:
1. Pull out some some logic into separate functions
dissect_cip_cm_unconnected_send_req
dissect_cip_cm_fwd_close_req
dissect_cip_cm_fwd_close_rsp_success
2. Reduce the scope of some variables.
No functional changes
Change-Id: I40c3dd5d2505b29991589ede4752c383348006ec
Reviewed-on: https://code.wireshark.org/review/31051
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id720d7857328c1f464c4568b0a279a864921b031
Reviewed-on: https://code.wireshark.org/review/31052
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a MIN_MACOS_VERSION variable. Update it and sanity check it
according to CMAKE_OSX_DEPLOYMENT_TARGET and our Qt version. Use it to
set our minimum macOS version in various places.
Change-Id: Icaf0dbe463f34d182986868021e2b56d2239da38
Reviewed-on: https://code.wireshark.org/review/31048
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Reassemble TCP segment so that IMAP dissector is called on message elements.
Content of fetched messages are parsed by IMF dissector. Dissected fields
are available to "Export Objects" menu item.
2. Request/Response tracking with timestamp between request and response in response frame.
Bug: 15090
Change-Id: Icdbef8c237965d2a59aa7726c5e6a681602c71ce
Reviewed-on: https://code.wireshark.org/review/30876
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I22450f09490f3d508f3865984d710469a8d119f0
Reviewed-on: https://code.wireshark.org/review/31050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ensure that capture_stat_start always returns a non-NULL if_stat_cache_t
pointer. This keeps InterfaceTreeModel::updateStatistic from repeatedly
running dumpcap when we're unable to gather statistics, e.g. when we
don't have capture permissions.
Bug: 14284
Change-Id: Id408714a934abab2abdee1d4bb5e4bed872af016
Reviewed-on: https://code.wireshark.org/review/31038
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In IE User Plane IP Resource Information. If Associated Source Interface is present the length of Network Instance
is 1 octet less than the remaining length.
Change-Id: I4fc74f8ab69d0c441947d3d0149fe9e2106a2bc7
Reviewed-on: https://code.wireshark.org/review/31046
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Andreas Schultz <andreas.schultz@travelping.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reveals the actual build configuration.
Change-Id: Ie49cea4a07faaa1b942ff6a973b03893f36ca16f
Reviewed-on: https://code.wireshark.org/review/31043
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Travis now supports Ubuntu 16.04 (Xenial):
https://blog.travis-ci.com/2018-11-08-xenial-release
Simplify the environment:
- Clang 7 is default, https://docs.travis-ci.com/user/languages/c/
(ubuntu-toolchain-r-test is still needed because GCC 5.4 is default)
- libnghttp2-dev, libssh-gcrypt-dev and libmaxminddb-dev are available.
(No longer requires ppa:wireshark-dev/stable)
Upgrading to Xenial will also enable Libgcrypt 1.6 tests and includes
GnuTLS 3.4.10 which will be useful for future PKCS #11 tests.
Gitlab's rpm-centos-7 still covers Libgcrypt 1.5.3 and GnuTLS 3.3.29.
Coverage will be lost for GnuTLS 3.2.11 (Ubuntu 14.04, Trusty).
Change-Id: Ic28bf23707c75b2c97bedad66206e9c1f129164c
Reviewed-on: https://code.wireshark.org/review/31039
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replaced global vars with fPresentValue and wrapper functions.
Split bacapp.present_value dissector based on datatype for filtering.
Replaced char array buffers with wmem api calls.
Rebased commit onto latest master branch.
Removed date and time present_value field dissectors.
dissectors added:
bacapp.object_name
bacapp.to_state
bacapp.from_state
bacapp.notify_type
bacapp.error_code
bacapp.error_class
bacapp.event_type
present_value dissectors added:
bacapp.present_value.null
bacapp.present_value.boolean
bacapp.present_value.uint
bacapp.present_value.int
bacapp.present_value.real
bacapp.present_value.octet_string
bacapp.present_value.char_string
bacapp.present_value.bit_string
bacapp.present_value.enum_index
Change-Id: I3ba9327ee22787da59190204e808f8c10dc8fabd
Reviewed-on: https://code.wireshark.org/review/30847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Implements V2X protocol dissectors:
* Geonetworking (network layer):
Dissector is registered on top of Ethernet (ethertype=0x8947). Secured
Packets are dissected up to the basic header, the rest is shown as data.
GN_ADDR address type is registerd and provides resolution of station
type and country code in the address. MID is shown as an ethernet address.
All the fields are dissected for non Secured Packets.
A subdissector table named "geonw.ch.nh" is provided on the next header
field. IPv6 is automatically registered. Heuristic dissectors is not
supported. If no dissector is foundd, payload is shown as data.
A preference boolean allows to enable/disable sequence number checking.
Tap "geonw" gets headers of all packets (with most fields).
Expert info tests if and provide feedback on:
- version is zero (no other version possible),
- reserved fields are zeros,
- payload_len matching with reported length of buffer,
- Remaining Hop Limit is 1 for Beacon and SHB,
- low RHL or RHL > Max Hop Limit,
- country code is less than 999 (3 digits ITU-T E.164),
- latitude, longitude, heading and angle limits,
- (suspected) duplicate packets,
- LS_REQUEST/LS_REPLY matching.
* Basic Transport Portocol:
BTP-X (X=A or B) dissectors are registered on top of Geonetworking.
Subdissector tables "btpx.port" allow to register for a given port,
while heuristic dissector can register to "btpx.payload". Decode as
capability is supported.
"btpx" taps get headers of all packets with ports/@ infos.
"btpx_follow" taps get the payload.
Bug: 15148
Change-Id: Iab5f4486d4c38068d9ad4361e77296b747f9b1bb
Reviewed-on: https://code.wireshark.org/review/30992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group RAN-Secondary-RAT-Usage-Report and decoding of Secondary-RAT-Type
Change-Id: I33c1a0e21be64b5b5b4b9a4a40e9e718d89c9943
Reviewed-on: https://code.wireshark.org/review/31036
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6bd309134ebbd27e90b2bf92a2df1abfdfe45a5
Fixes: v2.9.1rc0-3-g4803390686 ("Add new "rsa_keys" UAT for storage of RSA private keys")
Reviewed-on: https://code.wireshark.org/review/31031
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This fix prevents that a BoundsError is thrown in function try_decrypt for
packets with captured length less than packet length. Otherwise, some data
is not dissected.
Change-Id: I0dcd89b85b959f5712ff58b184bfa2e064746d0b
Reviewed-on: https://code.wireshark.org/review/31026
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Type of field wlan.ext_tag.ess_report.ess_info.thresh
must be FT_INT8 instead of FT_UINT8.
Change-Id: Icd1a121832d6a660550023a91d0b732385f68b60
Reviewed-on: https://code.wireshark.org/review/31016
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recent Qt installations include the entire 3-tuple version string
(e.g. 5.9.7) for the parent folder name directly above the clang_64
folder. Use the entire version string when constructing the
recommended build environment export statements.
Change-Id: I779d487a3b794dde57214639a79727edb111835f
Reviewed-on: https://code.wireshark.org/review/30983
Reviewed-by: Anders Broman <a.broman58@gmail.com>
v5 of sFlow has another bitmask for output interface
as v2 and v4.
This commit dissects v5 output interface according to
https://sflow.org/sflow_version_5.txt
Bug: 15325
Change-Id: I1c0f1958e5491a7683c716538e103a5d6b49869e
Reviewed-on: https://code.wireshark.org/review/30999
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke