The existing PEAP support does not decode the inner attributes, this
commit adds that support by introducing packet-peap.c which recreates
a 'pseudo' EAP header before looping the TVB back into the EAP dissector.
Decode TEAP's O-flag.
We also update the diagram and references as PEAPv0 has a different view
of how the flags are used compared to the RFCs and drafts.
libsinsp currently only supports string and unsigned 64-bit integer
field types. For string fields that might contain a parseable address,
add ".v4" and ".v6" subtree items with a corresponding field type.
For example, the ct.srcip field now dissects as
Sysdig Event 1: 880 bytes
Falco Bridge
cloudtrail Plugin
[ ... ]
Source IP: 3.92.225.50
[Source IP (IPv4): 3.92.225.50]
Add get_configuration_namespace() and use it in code that writes
"generated by" comments at the top of various configuration files.
Update our Logwolf colorfilters.
Tarballs created by git archive have the commit ID stored in their
header. Only preserve a preexisting tarball if that commit ID matches
that of the current commit, even if the versions match.
Fix the creation of a temporary commit for when the working directory
does not match the tree. (When git diff-index is called without
--quiet or --exit-code, the exit code is success even when there
are differences). Use git stash create, as it is intended for scripts
like this; it creates a temporary stash not stored in the ref namespace
which does not require being popped later, and does nothing and outputs
the empty string instead of a commit ID if there are no local changes.
This helps when generating tarballs or building rpm packages repeatedly
out of a changing working tree.
Prepare for adding reusing code where only descriptive name differs.
But the numbers are encoded using the same rules.
"E.164 number (MSISDN)" & "E.164 number (ISDN)" for example.
The End of LLDPDU TLV is optional, should not as malformed even if missing.
Resolve it by checking whether the total length of each TLV reaches the total length of TVB.
Close#18029
Fix
epan/conversation_filter.h:43:11: warning: parameter 'A' not found in the function declaration [-Wdocumentation]
* @param A valid protocol name.
^
epan/conversation_filter.h:43:11: note: did you mean 'proto_name'?
The extract_fields struct and calling convention changed, so update to
match. Extract all of our fields at once, which noticeably speeds up
dissection here.
Add support to display filters for matching a specific layer within a frame.
Layers are counted sequentially up the protocol stack. Each protocol
(dissector) that appears in the stack is one layer.
LINK-LAYER#1 <-> IP#1 <-> TCP#1 <-> IP#2 <-> TCP#2 <-> etc.
The syntax allows for negative indexes and ranges with the usual semantics
for slices (but note that counting starts at one):
tcp.port#[2-4] == 1024
Matches layers 2 to 4 inclusive.
Fixes#3791.
The word range is used for different things with different
meanings and that is confusing. Avoid using "range" in code to
mean "slice".
A range is one or more intervals with a lower and upper bound.
A slice is a range applied to a bytes field.
Replace range with slice wherever appropriate. This usage of
"slice" instead of range is generally correct and consistent in
the documentation.
Packet info already contains the notion of layer depth for the
current protocol, among all the protocols in the frame. This
adds an extra layer number for the protocols that are the same
as the current one. Obviously this will only go above one if
the protocol is repeated in the stack, such as with IP tunneling.
Adds extra logic to track numbers for each protocol in the frame
and update them when calling a dissector.
The total layer number and protocol layer number are store in
the field info structure so they can be used after dissection,
namely by display filters.
- The latest version of the Wi-SUN FAN specification has added
a number of Information Elements that need to be supported by
the dissector.
- Following changes and additions have been included:
- New Header IEs: LUTT, LBT, NR, LUS, FLUS, LBS, LND, LTO, PANID
and RT.
- New Payload IEs: POM, LCP, LFNVER and LGTKHASH
- New frame types: LFN PAN Advertisements, Solicits and time
synchronization frame types.
- Update to the channel spacing names to incorporate the new
ones defined in FAN 1.1
Create resources/share/wireshark and resources/share/logwolf. Move
various data and configuration files to resources/share/wireshark and
add resources/share/logwolf/colorfilters.
The handshake hash is used to derive TLS decryption keys when the
Extended Master Secret (EMS) extension is in use.
ssl_calculate_handshake_hash updates this hash only when the master
secret has not been determined yet.
During TLS renegotiation, there are two master secrets: one before, and
one after. Before this fix, the second calculated master secret is
wrong because the second Client Hello is missing in the handshake hash.
It was missing because the handshake hash was not being updated since
the master secret for the first handshake was still present, and the
decryption state was only reset after that hash update.
To fix this, make sure to clear the SSL_MASTER_SECRET flag before
updating the handshake hash when needed. Additionally, clear the
handshake hash when processing the Client Hello just to make sure that
any previous state is gone.
Fixes#18059
Fix some deprecated and obsolete syntax from the rpm specfile that
modern distributions complain about:
Don't specify the BuildRoot
Don't have a %clean section
Don't remove the BuildRoot at the start of %install
Don't repeat Name in summary
Version the Obsoletes
Have a %build section
Escape macros in changelog
Remove comment about user setting _smp_mflags since rpm does that
automatically better now
Be consistent about spaces and tabs (tabs are used)
SUSE 15.1 moved to out of source builds, and sets a builddir
appropriately, but it makes some decisions about automatically
entering the build dir when building or installing that are
handled by the distribution's various Make and Ninja macros
differently than other distributions and later SUSE releases.
Work around it, so that both ninja and make builds work on
SUSE 15.1 (both OpenSUSE and SLES)
Related to #17910
All currently supported Linux distributions have a version greater
than 1.11.0 (and our macOS and Windows versions are also much greater),
and this allows us to use nghttp2_hd_inflate_hd2(), which replaced the
deprecated nghttp2_hd_inflate_hd()