Field 15 was defined as a 6-byte fixed-length field but the spec shows
it as a 4-byte fixed-length field.
Bug: 16721
Change-Id: I25a61a5758e735a6da52417a584c770ef63d41b0
Reviewed-on: https://code.wireshark.org/review/37916
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In CSN.1, the message may be safely cropped at specific parts
of its definition called Null breakpoints or rather "message
escape" labels (see 3GPP TS 44.060, section 11.1.3.3).
These labels usually preceed the optional protocol extensions,
added in newer releases of 3GPP specifications. The following
IA Rest Octets (see 3GPP TS 44.018, section 10.5.2.16) sample
illustrates that:
IA Rest Octets
H... .... = First Discriminator Bit: High
.H.. .... = Second Discriminator Bit: High
..0. .... = Discriminator Bit: Packet Assignment
...1 .... = Discriminator Bit: Packet Downlink Assignment
Packet Downlink Assignment
.... 0000 0000 0000 0000 0000 0000 0000 0001 .... = TLLI: 0x00000001
.... 1... = TFI Assignment (etc): Present
.... .000 00.. .... = TFI_Assignment: 0
..0. .... = RLC_Mode: RLC acknowledged mode
...0 .... = Alpha: Not Present
.... 0000 0... .... = Gamma: 0 dB (0)
.0.. .... = Polling: no action is required from MS
..0. .... = TA_Valid: the timing advance value is not valid
...0 .... = Timing Advance Index: Not Present
.... 0... = TBF Starting Time: Not Present
.... .0.. = P0: Not Present
.... ..L. = Additions in R99: Not Present
.... ...L = Additions in Rel-6: Not Present
[Malformed Packet: GSM CCCH]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
In GSM, the maximum length of a MAC block (on xCCH channels) is
limited to 23 bytes, so the message was cut in the middle, and
the Rel-7, Rel-10, and Rel-13 additions did not fit. Although,
the message is still correct according to the specifications,
so we should not consider it as "Malformed".
Change-Id: I6920c87d3a3247f4342fea69a8bb40c28316f422
Reviewed-on: https://code.wireshark.org/review/37912
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from WinPcap's WpdPack SDK to a libpcap package built with vcpkg.
We explictly load wpcap.dll on Windows, so make sure we don't link with
pcap.lib.
Move timestamp code from capture-pcap-util-unix.c to
capture-pcap-util.c. Add timestap routines to capture-wpcap.c and make a
couple of other updates.
Change-Id: If0e3dbeb7378c42ed9e3f91b2f15add95d22a2bb
Reviewed-on: https://code.wireshark.org/review/37905
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This ASN.1 CHOICE has three items with the same tag. Without access
to the spec, assuming these are sequentially numbered change the tags
on the subsequent elements.
This is detected by conflict check.
Change-Id: I0d7e6ace53426ba2661b133f7e825c1a305338ef
Reviewed-on: https://code.wireshark.org/review/37697
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Ed Beroset <beroset@ieee.org>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
PID_UNICAST_LOCATOR6_EX extends the unicast locator PID by adding a
sequence of encapsulations.
Change-Id: I9583e3a61b1df6e6f83d7c65f37ae36b9b4c345e
Reviewed-on: https://code.wireshark.org/review/37885
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for SVCB and HTTPS resource records as defined in
draft-ietf-dnsop-svcb-https-01
Bug: 16715
Change-Id: I631246e32f6cb2c89fc953cef761585adfbb056b
Reviewed-on: https://code.wireshark.org/review/37896
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3550, "RTP SHOULD use an even destination port number and
the corresponding RTCP stream SHOULD use the next higher (odd) destination
port number".
However, nowadays, RTP and RTCP packets are often multiplexed onto a single
port, for the reasons explained in RFC 5761, so the port number might be
completely random.
WEBRTC connections are a classic example of this kind of deployment.
Therefore, remove port check in RTP/RTCP over UDP heuristics.
Note that RTP/RTCP heuristics over Stun are already correctly avoiding
checking the port number.
Change-Id: Ib63036954c5188936de8b38b0af146eb4bcde0ca
Reviewed-on: https://code.wireshark.org/review/37903
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rtps_util_add_type_element_module() does not set anything in the
dissector_info structure, so 1) don't pass it a pointer to that
structure and 2) don't add the info structure to the dissection_infos
table.
Bug: 16717
Change-Id: I963b2da0c75124174396714ef5aa68ffe3862f3e
Reviewed-on: https://code.wireshark.org/review/37910
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The sshdump command is typically not invoked directly, and I need a
place to refer people to for configuring Wireshark.
Change-Id: I10fb3d88dbb3aea0bfcaf22aac90b36a7a8dc814
Reviewed-on: https://code.wireshark.org/review/37897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
There's no need parse the time field ourselves. proto_tree_add_item()
supports the encoding that is used here.
Change-Id: Ifd8cb77f1225b84b9eaccfb0cc23c9c413c6e77b
Reviewed-on: https://code.wireshark.org/review/37901
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix the composite tvb handling for zstd decompression in the same way as
we already did for lz4 and snappy.
Allocate the composite tvb only if we are cetain that data will be added
to it. Do not free the composite tvb ourselves, leave this to epan cleanup.
Change-Id: Iac74ea6e6d220b05858a7eb267276ff983b1b2ab
Reviewed-on: https://code.wireshark.org/review/37900
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If41dadf39694c0046a36ea6eaf819156f0cf5dc3
Reviewed-on: https://code.wireshark.org/review/37902
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
First, remove the unnecessary M_UNION there, and handle Fixed Allocation
Parameters are per older version of spec TS 44.060 with usual presence
bit + struct. The coding of the struct is left unimplemented as an
exercise for someone needing it in the future (since it's not supposed
to be used by current specs anyway).
Once this is cleared up, the rest of the message (Release 99 Additions)
are parsed fine.
Tested with a pcap trace containing a Pkt Ul ACK/NACK with R99 additions
and TBF_EST inside it.
CSN.1 Reference: 3GPP TS 44.060 Table 11.2.28.1
Change-Id: Ie22e99abdbc2bb3988e7a1930d459ba810a348ac
Reviewed-on: https://code.wireshark.org/review/37776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use pushStatus() in C++ code, improve translation support and end
each message with a dot.
Change-Id: I3f673da4736c3fe49203048da282afa1abf92337
Reviewed-on: https://code.wireshark.org/review/37887
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This results in tshark not printing "Reassembled" during the first pass.
Not printing "Reassembled" data source prevents use-after-free. Also,
"Reassembled" data source on first pass does not necessarily represent
complete reassembly as it is possible that data from subsequent packets
will be appended.
Bug: 16698
Change-Id: I8fa807c400dd6b269a2f491d7ea8d86f875ef873
Reviewed-on: https://code.wireshark.org/review/37868
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Same behaviour as ipv4 ones
Bug: 16709
Change-Id: I212c0e037f396896537fedd6c756818c1429cd3a
Reviewed-on: https://code.wireshark.org/review/37888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The script includes the following changes:
- Added pcap masking and anonymization support
- Support to mask/anonymize only portion of field
- Added reading from stdin
- Changed json to ijson library to support large files
- Migrated from text2pcap to scapy for pcap generation
- Added version to script
The development repo is located here
https://github.com/H21lab/json2pcap
Change-Id: I8fc5e282caa604e188f05818f7a2f8875afb8b73
Reviewed-on: https://code.wireshark.org/review/37371
Reviewed-by: Dario Lombardo <lomato@gmail.com>
add_libssh_info() can be used by ciscodump, sshdump. and any other
extcap program that uses libssh.
Change-Id: I60474bd610eeb7dfb6ec07fc1aaaf19c4f745cdd
Reviewed-on: https://code.wireshark.org/review/37882
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
We require 0.6 or later in CMakeLists.txt, and both ssh_version() and
LIBSSH_VERSION having to be fed to SSH_STRINGIFY() date back before 0.5,
so just assume ssh_version() is available and LIBSSH_VERSION has to be
fed to SSH_STRINGIFY().
Change-Id: I4f62a720424383f88e0410cad07dbe67d0c69297
Reviewed-on: https://code.wireshark.org/review/37881
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Guy Harris <gharris@sonic.net>
Thanks, libssh developers, for making it so straightforward!
This means we don't need to construct it in the CMake module that finds
libssh.
Change-Id: I6c173bf7c0671dfdfac423a7d01ecced7b69e851
Reviewed-on: https://code.wireshark.org/review/37878
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There were some cases which has zero remaining data
and it was causing an error.
Remaining Data length check added.
Change-Id: Ib0132d892e871c0f7980ff297d18c276aee26ba6
Reviewed-on: https://code.wireshark.org/review/37815
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
QString is no longer allowed to be append()ed to QByteArray.
Change-Id: I177e271d01c51d190b57f679f38d11b31b1f96c4
Reviewed-on: https://code.wireshark.org/review/37879
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Have the version parameter be just the version number; other code
expects it to be that.
Have additional parameters for the "compiled with" and "running with"
information.
Add a extcap_version_print() routine to show the version message,
printing
{exename} version {version}
and then printing
Compiled with {compiled_with}
if "compiled with" information is supplied and printing
Running with {running_with}
if "running with" information is supplied.
This fixes some messages, as well as fixing the display of extcap
modules in the About dialog.
Change-Id: I3d298d30e83bd363abd599d75adfc780a90f34fd
Reviewed-on: https://code.wireshark.org/review/37877
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Just use extcap->exename.
Change-Id: I85cfda2afaf776f3222cf362bcd6c675b4ff1504
Reviewed-on: https://code.wireshark.org/review/37876
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If we have ssh_version(), then ssh_version(0) will return a string for
the version being used.
Change-Id: I0717f6d4d5c3fa04aa7938dc6bc0d4c8abfa95fd
Reviewed-on: https://code.wireshark.org/review/37875
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Extcap binaries are not part of default install.
Normal (graphical) allows them to be selected for installation.
Add flags to allow install when doing command line (silent) install.
Ping-Bug: 16562
Change-Id: I6ce0fa3b46f9820dc7f66945cda963a3f629579b
Reviewed-on: https://code.wireshark.org/review/37185
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When installing ChmodBPF on macOS, assign the access_bpf group to the first
free GID greater than 100, rather to the default which starts at 500. Using
a GID less than 500 hides it in the System Preferences Users & Groups pane.
Bug: 6402
Change-Id: I62ed63bc64cb2721880467ffd0dc290ea57c8461
Reviewed-on: https://code.wireshark.org/review/37676
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use the existing (possible hidden) column when doing "Apply as Column"
on a field which is already used as a custom column. This will help
prevent having multiple equal custom columns, where all will be hidden
at startup and profile change when only one of them are configured as
hidden.
Multiple equal columns can always be manually configured using
"Preferences -> Appearance -> Columns" if this is intended.
Change-Id: Ib03893facfa3f194f3b3303645fb3f9313ec9e91
Reviewed-on: https://code.wireshark.org/review/37861
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not display "A RX payload: <MISSING>" as it suggests something is wrong
with the packet. It is perfectly valid for RX packets to only contain modem
status.
Ping-Bug: 11743
Change-Id: I9b3417ec9404758fdc093b01ea0e7761822615f2
Reviewed-on: https://code.wireshark.org/review/37862
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
When loading a capture file in the GUI, this change causes the list of
available file types to be sorted alphabetically. "Automatically detect
file type", pcap, and pcapng remain at the top of the list.
Unlike my prior crack at this in change #36862, this is done directly in
the file open dialogs (open_file_hook_proc() for Windows,
CaptureFileDialog::addFormatTypeSelector() and CaptureFileDialog::open()
for Qt). No changes to wiretap.
It's not a huge deal if you folks decide this isn't necessary, I just
think this gives a bit of extra polish to the load-file dialog. It also
makes it easier for the user to spot the format they want if they aren't
aware that the file-format dropdown accepts keyboard input.
Change-Id: Ie81c6d99e83fe862f20b413318ac8ce76463a766
Reviewed-on: https://code.wireshark.org/review/37749
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some packets (as the ones generated by oss-fuzz) can reach the
reassembly code without pinfo->src/dst defined. We need to prematurely
exit in those cases and handle the reassembly code accordingly.
Bug: 16696
Change-Id: I6d0c6c95ba8123879e9c9e3e06bfc139425d9ddd
Reviewed-on: https://code.wireshark.org/review/37859
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot