In dcm_export_create_object(), don't assume that assoc->ae_calling and
assoc->ae_called are non-null; if we don't have an A-ASSOCIATE request
earlier in the capture, which we are not guaranteed to have, the called
and called AE titles won't be set.
Bug: 16748
Change-Id: I7d6d22d1c23e28b1f0967a803d0d89609a421712
Reviewed-on: https://code.wireshark.org/review/38077
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The "monitor mode" flag was called "netmon_802_11.op_mode.on", not
"netmon_802_11.op_mode.mon". Fix that.
Change-Id: I4a712c1d5fa7c7e43335d83c0f40ace4358a881c
Reviewed-on: https://code.wireshark.org/review/38069
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
"XXX isn't a valid time format" could be read as "XXX isn't a valid
format to use for times" in the sense of, for example, a format argument
to strftime() or strptime(). It's also a date *and* time, so just say
it "isn't a valid date and time".
Change-Id: I7e0f01914c5e16b7eaa89b798cf94a2964fc764c
Reviewed-on: https://code.wireshark.org/review/38068
Reviewed-by: Guy Harris <gharris@sonic.net>
Have separate Boolean flags to indicate whether the start and stop times
were specified, rather than having a value of 0 meaning it wasn't.
Change-Id: Ie9968ebd588df6b150062caa50f0b23e6f77f214
Reviewed-on: https://code.wireshark.org/review/38067
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Only check whether the start time is after the stop time if both a start
time and a stop time were specified.
Change-Id: I864480a789c52312dc934c217910e7b68597f066
Reviewed-on: https://code.wireshark.org/review/38066
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Use ws_strtou32() so that we're guaranteed to produce a value that fits
in a 32-bit integer (and don't get a narrowing warning on LP64 platforms
for converting a long to an int), and then make sure it's less than one
billion.
Note, while we're at it, that you can, for example, specify a date of
2020-10-40 and it won't produce an error.
Change-Id: I26c36d346cfa5c2bdc9ecdbdf821a9bc3529c940
Reviewed-on: https://code.wireshark.org/review/38065
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
I haven't been able to find the appropriate spec, but either there is a
limit to the number of features bytes to add and this patch is needed,
or the (i < 8) part should be dropped. As it is the other data and
expert info for 'unknown' fields will never be reached.
Detected by cppcheck:
epan/dissectors/packet-bthci_cmd.c:9183:72: warning: Condition 'i<8' is always true [knownConditionTrueFalse]
while (tvb_captured_length_remaining(tvb, offset) > 0 && i < 8) {
^
epan/dissectors/packet-bthci_cmd.c:9181:25: note: Assignment 'i=0', assigned value is 0
guint8 i = 0;
^
epan/dissectors/packet-bthci_cmd.c:9183:72: note: Condition 'i<8' is always true
while (tvb_captured_length_remaining(tvb, offset) > 0 && i < 8) {
Change-Id: Icfef0e9142a58aa1c525df9b7daf0aa820039167
Reviewed-on: https://code.wireshark.org/review/38049
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, take into account length of GUID before
adding expert info for not-decoded data afterwards.
Change-Id: I3e3ee2fc014bc7ace477015b21b2d6ca9127a6be
Reviewed-on: https://code.wireshark.org/review/38062
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When checking a filter the status message should always be pop'ed when
having an empty filter, regardless of having the clear button or not.
This will ensure the status message is removed when removing a display
filter using DisplayFilterEdit in other dialogs than Main.
Change-Id: I3c9a4933cd0c60ab624ea1939ffafecb58b3ffd5
Reviewed-on: https://code.wireshark.org/review/38052
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Allow user to specify time resolutions as fine as 1 nanosecond for the
start and stop times (-A and -B options) for editcap. Uses `nstime_t`
for the user options and `nstime_cmp()` to compare with packet
timestamps.
Change-Id: I2340bc4830c7d9a6b17a5e53fa4e8837e231bcb6
Reviewed-on: https://code.wireshark.org/review/38057
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This matches the description at
https://www.museek-plus.org/wiki/SoulseekProtocol,
where some fields are uint32 but many are just 'int'.
Change-Id: I192aaf9ca84ccee7b52d266083bbbd8baef28685
Reviewed-on: https://code.wireshark.org/review/38060
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix some status message and tooltip issues introduced when enabling
autocomplete on find packet search in g0162ba73.
1. Enable or disable completion only when search type is changed.
This setting is used in checkDisplayFilter(), which used to be
called *before* changing allowCompletion in updateWidgets(), and
this was causing issues with wrong status messages.
2. Check filter (usually triggered by changes in the search line)
or reset filter syntax (added by DisplayFilterEdit) when search
type is changed. This will trigger an update of the status message
and the tooltip.
3. Stop checking display filter if not doing completion (not display
filter search). This will avoid setting a status message from a
previous illegal display filter.
Ping-Bug: 16638
Change-Id: I1534d9494cc4d7b7a0583cb845c091ae709458ae
Reviewed-on: https://code.wireshark.org/review/38061
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some heuristic functions (example: dtls over stun) perform exact checks on
paylaod length, so we need to skip any padding added by TURN layer
(RFC 5766, 11.5).
Bug: 16756
Change-Id: Iaaf3dc83fbc5f5f8d0af1cabfe94861480fe7c98
Reviewed-on: https://code.wireshark.org/review/38042
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Pop the filter syntax message in search frame when changing search type
and when hiding the widget to avoid having outdated status messages.
Change-Id: I87c63c070621cff0d5ecebc2fcd41f9d7c02adec
Reviewed-on: https://code.wireshark.org/review/38051
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibaa5b074a1d98a5be17e5f1514c5666a64fefafb
Reviewed-on: https://code.wireshark.org/review/38050
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
code to dissect PASSWORD-ALGORITHMS and PASSWORD-ALGORITHM attributes is
ready to go.
Change-Id: I6fcfb1da49c596a11b3c5b0e3dce51e47f1f7c1c
Reviewed-on: https://code.wireshark.org/review/38047
Reviewed-by: Guy Harris <gharris@sonic.net>
The current TECMP code shows embedded CAN or FlexRay frames but
does not allow other dissectors to further dissect them. This
patch adds this feature.
Bug: 16738
Change-Id: I7f886c8d42a52c4bd55bdb14aed7459eed1af42d
Reviewed-on: https://code.wireshark.org/review/37972
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Autokey was not properly supported, the v2 version check looked at the
wrong field (Code instead of Field Type). Since nobody noticed it, let's
remove it to simplify the code.
Improve the Extension Field (EF) heuristics to ensure that larger digest
sizes such as SHA-512 are recognized, and to support messages without
MAC. Previously only MD5 and SHA-1 were supported as these are the only
ones that are defined by the RFCs.
The ntp_ext_field_types array was generated by:
curl -s https://www.iana.org/assignments/ntp-parameters/ntp-parameters-3.csv |
awk -F, 'NR>=2{printf "{ %s, \"%s\" },\n", $1, $2}' | sort -n
Tested with md5_dgrams.pcapng and sha1_dgrams.pcapng (Bug 11580) and
NTP-with-mac.pcap (Bug 16640). Also checked against the NTS capture
(go_embeded.pcapng, bug 16222), but TCP reassembly is not supported so
the last part of the first segment is wrongly dissected as MAC.
Bug: 16640
Change-Id: I07fc46c6d8995e6c791952dd7cd84d798cddd21a
Reviewed-on: https://code.wireshark.org/review/38037
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable Link Time Optimization, also known as Interprocedural Optimization
if the compiler supports it.
Added a CMake option (ENABLE_LTO), defaulted to ON only on Windows
Change-Id: Iea02b00aac12cc9a62595eeb8ff52382f1c4ddcd
Reviewed-on: https://code.wireshark.org/review/37573
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bellcore (now Telcordia) GR-317 and GR-394 are used in the U.S. and are
more similar to ANSI ISUP than ITU Standard ISUP. This fixes decoding
the Jurisdiction (aka JIP) optional parameter.
"gr317" is listed in RFC 3204, Table 1 on Page 2. Telcordia's name for
this standard is "LSSGR: Switching System Generic Requirements for Call
Control Using the Integrated Services Digital Network User Part
(ISDNUP)".
"gr394" is the value used by our Ribbon (formerly Genband) C15 switch.
Telcordia's name for GR-394 is "LSSGR: Switching System Generic
Requirements for Interexchange Carrier Interconnection (ICI) Using The
Integrated Services Digital Network User Part (ISDNUP)". The difference
from GR-317 is "Call Control" vs "Interexchange Carrier Interconnection
(ICI)". These calls are indeed interexchange calls.
Given that only "gr317" is listed in RFC 3204, arguably our Ribbon C15
should be sending this as "version=gr394; base=gr317" or just as
"version=gr317", but I have no control over that and would like to
decode the traffic as seen in the wild.
Bug: 16752
Change-Id: I24c7b2e175606e1c91bcb2e96a3372f62055e293
Reviewed-on: https://code.wireshark.org/review/38038
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
generate_merged_idb() can generate multiple IDBs, so rename it to
generate_merged_idbs().
Change-Id: I4c54326f69ff0de16f0a716b7c82beefdda99cbd
Reviewed-on: https://code.wireshark.org/review/38040
Reviewed-by: Guy Harris <gharris@sonic.net>
Make the DCE/RPC heuristics a bit more discriminating by checking
a few more header fields for illegal values. Reduces false positives.
Change-Id: Ic3d6c7ce62b64b2042922adb104294600b0db673
Reviewed-on: https://code.wireshark.org/review/38028
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include stdlib.h for bsearch(). This is needed when building on RPi.
Change-Id: Ia0969d7785b59b4adfd10a332a20beb26a99fcb7
Reviewed-on: https://code.wireshark.org/review/38036
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reduce the minimum systemd journal block size from 212 to 35. The larger
minimum was based on the Journal Export Format file reader, but we don't
need to be as strict here.
Update some comments.
Bug: 16734
Change-Id: Iad7227f29ff22f908e2fd49be0f11c9ad03fa7b9
Reviewed-on: https://code.wireshark.org/review/38035
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 44.014, section 8.1, type of the TCH loop is
edcoded in bits 2..6, so we should exclude bits 1, 7, and 8.
Before the patch:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 0100 = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
after:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 010. = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
Change-Id: Ie8ee23c6ce0a487d6a96b27324537372449946cb
Reviewed-on: https://code.wireshark.org/review/37981
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We have two places where we want to dissect some fields as being in the
opposite byte ordere from the host on which we're running; move the
definition of ENC_ANTI_HOST_ENDIAN from packet-socketcan.c to proto.h,
and use it in packet-enc.c.
Change-Id: I1d0f9b037fe3b8ca6ed774a11063ba518a3922bf
Reviewed-on: https://code.wireshark.org/review/38023
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Change-Id: Id2b1cbc9e5416c24556c1c2f42d68e4012e29e24
Reviewed-on: https://code.wireshark.org/review/38017
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ifad2e02ef6e710c67801ea8479495736bf310d29
Reviewed-on: https://code.wireshark.org/review/38020
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the fiels that are claimed to be in "host endian byte order" are
also used for the Linux USB/IP protocol, where they're big-endian.
Change-Id: I8e17d6d6e848ba9cd3465bb3b1debe385c522392
Reviewed-on: https://code.wireshark.org/review/38022
Reviewed-by: Guy Harris <gharris@sonic.net>
We now have ENC_HOST_ENDIAN, so we can use it to add host-endian fields
with proto_tree_add_item().
Instead of fetching field values directly, use
proto_tree_add_item_ret_{}int() to get the value.
Change-Id: I96b9a55174594bf04f805af559c2521cd813e8f3
Reviewed-on: https://code.wireshark.org/review/38021
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The type for this field really can be -ve - it corresponds to errno.
Change-Id: I842664b692ffd944a0c02ad5de750b321b247dbf
Reviewed-on: https://code.wireshark.org/review/38019
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
_ret_uint() doesn't work for UNIT_BYTES and UINT_STRING. In these cases,
what was wanted was the total length in order to increment the offset.
(Note _ret_length() includes the fixed width length field; these were
written wanting only the value in the length field, not the total length.)
Change-Id: I9c7c2bc644c414d02eec3fff481e8863778f51fa
Reviewed-on: https://code.wireshark.org/review/38006
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The field does seem to be an int (kernel/srouce/drivers/usb/mon/mon_bin.c),
so item type (FT_INT32) is correct, but was using uint API.
Change-Id: I3c45785d18f890c362c96deb06120904ffea2081
Reviewed-on: https://code.wireshark.org/review/38014
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>