In the SMB 3.1.1 dialect, this field is interpreted as the Flags field, which indicates how the SMB2 message was transformed:
Encrypted 0x0001
- The message is encrypted using the cipher that was negotiated for this connection.
In the SMB 3.0 and SMB 3.0.2 dialects, this field is interpreted as the EncryptionAlgorithm field,
which contains the algorithm used for encrypting the SMB2 message. This field MUST be set to one of the following values:
SMB2_ENCRYPTION_AES128_CCM 0x0001
- The message is encrypted using the AES128 CCM algorithm.
For dissection it's enough to expect SMB 3.1.1, as the value and the meaning
of 0x0001 is always the same (as AES128 CCM was the only possible algorithm before 3.1.1)
Change-Id: I4bd796bd1be38ed4a6481aa7bf68cb5b2e3637d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37785
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I5cb5598be557823cf3b39cda30bed6febee297d3
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37561
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The "true" string in a struct true_false_string is used only if the bit
is set to 1, so "if set to logic 1" is redundant. Just have the strings
say, respectively, what significance the bit being on ("set to logic 1")
has and what signficance the bit being off ("set to logic 0") has.
Use active voice.
Change-Id: If1fe7b35a0c85dcdb40ac348ca23a0ac5e3dc1da
Reviewed-on: https://code.wireshark.org/review/37753
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Guy Harris <gharris@sonic.net>
Right now, for eg., a -32767/32767 min/max gets dissected as 0/1 which
is wrong.
Change-Id: Iffc649e0af4490827e722cae7f692ec4d0c245b8
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37751
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Found by conflict check
Change-Id: Id14d12543902d75ae54b5b3944a44b63321dc479
Reviewed-on: https://code.wireshark.org/review/37747
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure we use g_warning to print each ENABLE_CHECK_FILTER warning.
g_warning automatically appends a newline, so there's no need for us to
do so.
Change-Id: I4ddb60f0e3e0382fb3ca6e996ad47410fe05d8be
Reviewed-on: https://code.wireshark.org/review/37748
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
packet-rtps-utils.c:85:6: warning: no previous prototype for ‘dissect_mutable_member’ [-Wmissing-prototypes]
Change-Id: Id87118f36e50db8bf4a27ca021bbceae220034d4
Reviewed-on: https://code.wireshark.org/review/37742
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-enip.c:1102:19: warning: no previous prototype for ‘create_connection_id_list’ [-Wmissing-prototypes]
Change-Id: I6e0caa29f5617a5688cddaa4d8001a260228294e
Reviewed-on: https://code.wireshark.org/review/37740
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the QT text codec support to add charset conversions for all character
encodings supported by QT to Show Packet Bytes and Follow Stream (Save As
will convert to UTF-8.) Note that this is dynamic and the exact list will
depend on the version of QT and if libicu support is enabled. This does
make the list of codecs pretty long, so hopefully it shows up well on all
the different QT styles.
This does not yet support when multibyte characters span more than one packet
in Follow Stream, though the current code doesn't do that for UTF-8 or UTF-16
already. This is probably most useful for HTTP captures.
Bug: 16137
Change-Id: I6d5cd761a5d9d914b7a787fe8eb02b07b19642e6
Ping-Bug: 16630
Reviewed-on: https://code.wireshark.org/review/37707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
value_range_string error: Reason (gsm_sms.dis.field_st_reason) entry for "Values specific to each SC" - max(15 0xf) is less than min(16 0x10)
Change-Id: Iaa1ceee018d873b13ddc8eac9bc530ee2b37ad6e
Reviewed-on: https://code.wireshark.org/review/37727
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
For Ethertype, use etype_vals (don't know how likely types not named as
examples in specs are likely to be seen).
Fixes warnings from previous range_string that tried to cover both types, but
where "not implemented" catch-all ranges preceded and hid individual types.
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 0 0x0 -> 255 0xff) (this="NCR": 129 0x81 -> 129 0x81)
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 0 0x0 -> 255 0xff) (this="Signaling Table": 130 0x82 -> 130 0x82)
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 2049 0x801 -> 34524 0x86dc) (this="VLAN": 33024 0x8100 -> 33024 0x8100)
Tested with dvb-s2_bb_example.pcap (where the only Protocol Type value set is for IPv4).
Change-Id: I7c8d8669c3f3e76974db8472783284975e063c12
Reviewed-on: https://code.wireshark.org/review/37711
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, the status code 125 is duplicated. This mistake was probably
introduced from Draft P802.11Revmd_D3.0.pdf. I have commented out that
status code while I get clarification on the real value.
Change-Id: Id41e1da953a28ca6b098f6c96d6410dff04dc6d7
Reviewed-on: https://code.wireshark.org/review/37708
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change field 'MIC' (nordic_ble.mic_not_relevant) to avoid using identical
true and false strings.
Change-Id: I204cc096e4af6d6000a6aa7e70e7885221fb211f
Reviewed-on: https://code.wireshark.org/review/37721
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We refer to part 1 of ETSI TS 102 606, i.e. to ETSI TS 102 606-1. Add
other parts if appropriate.
That ultimately ends up pointing to RFC 4326, which, in turn, mentions
two IANA registries.
Change-Id: Ief3ff36bd4c92ab6b94f07f0a6b6a3aeacb2fa12
Reviewed-on: https://code.wireshark.org/review/37716
Reviewed-by: Guy Harris <gharris@sonic.net>
The URL no longer works; use the Wayback Machine.
Change-Id: I80223dc675d0f578dd4f1d58848bc0eea17426c8
Reviewed-on: https://code.wireshark.org/review/37712
Reviewed-by: Guy Harris <gharris@sonic.net>
Try to clean up the composite tvb handling during lz4 decompression.
If we detect an error straight away before doing any lz4 decompression, we
don't allocate a composite tvb at all. The comments in the tvb code say
explicitly that we must not call tvb_new_composite() without adding at
least one piece of data.
If we start decompressing and run into problems after creating the
composite tvb and linking it to the packet's main tvb, we must not free
the composite tvb manually. The epan library will do this for us when
dissection of the packet is finished.
While at it, make sure that we always finalize the composite tvb if we
allocated it and added data to it.
Bug: 16672
Change-Id: I3e3fb303a823640d7707277a109019fc3aad22f2
Reviewed-on: https://code.wireshark.org/review/37696
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recent updates to the iso14443 specifications increased the maximum frame size
from 256 to 4096. This affects FSC, FSD and type b's max frame size.
Append the optional sizes >256 to the array of possible frame sizes.
Change-Id: I12ffb3a4bbd019dc38030de179526f7ec96b19cb
Reviewed-on: https://code.wireshark.org/review/37690
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit fe8744026c.
The commands that fe8744026c ("ISO14443: Update some commands") adds are
not part of iso14443. It seems that these are mifare commands.
(There's a couple of different mifare variants, not all of them support
those commands.)
Adding the commands unconditionally breaks iso14443 dissection.
An iso14443 block with a pcb byte of 0xA2 is an R-ACK block for block
number 0. This is not a "write block".
If we want to support mifare cards, we have to detect the card type
during activation. We can then add a mifare dissector which handles the
messages after activation if we are actually talking to a mifare card...
Change-Id: I86164cc4c1618204641ae00566694d0f98871785
Reviewed-on: https://code.wireshark.org/review/37689
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- After bug 16662 was reported it was discovered that Category 001
does not have all fields decoded, because at the beginning not
all fields were added due to lack of sample data. Later, for
other categories all fields were decoded, while 001 was left out.
Missing fields for Category 001 are added now.
Change-Id: I3711004e742dbdaa7f785b110c62e420280e71a4
Reviewed-on: https://code.wireshark.org/review/37652
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The field filter name and protocol name are identical, where
the field filter name has to adhere to the protocol.field format.
This is picked up by conflict check.
Change-Id: I8ea0f0845916666ac39726b16ef3d907737c38b3
Reviewed-on: https://code.wireshark.org/review/37694
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I27580222b0d0fb93a38254eba69676e90360f1cb
Reviewed-on: https://code.wireshark.org/review/37699
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Change-Id: I8f1a0fd7b0f3d06ebf4cf6b993c74cfd47a0db26
Reviewed-on: https://code.wireshark.org/review/37702
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
From cppcheck:
epan/dissectors/packet-dhcpv6.c:2276:20: warning: Condition 'optlen>=4' is always true [knownConditionTrueFalse]
if (optlen >= 4) {
^
epan/dissectors/packet-dhcpv6.c:2268:20: note: Assuming that condition 'optlen<4' is not redundant
if (optlen < 4) {
^
epan/dissectors/packet-dhcpv6.c:2276:20: note: Condition 'optlen>=4' is always true
if (optlen >= 4) {
Change-Id: Ia7e83e6712afe9756735b7bede5b58914d4f06bd
Reviewed-on: https://code.wireshark.org/review/37701
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Make some more static data itmes const while we're at it.
Change-Id: I0bc10cce22b57d9f405f97a7facc1231aa53e668
Reviewed-on: https://code.wireshark.org/review/37700
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
msgtype_vals_ext is an extended value string. Make sure we register it
as such.
Change-Id: Icd0b6280ee3d6df45078afb8eecd174b8bb6d6fd
Reviewed-on: https://code.wireshark.org/review/37698
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
- An error is corrected, where hf_019_010 is used instead
of hf_011_010.
- An error is corrected for field names in 011_290_01 PSR.
- An error is corrected for field name in 011_610 Bank number.
Change-Id: I8d0bd7a3f6baad4e94b4d09538dbf1b792893491
Reviewed-on: https://code.wireshark.org/review/37692
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Large data (for example big DVB-RCS2 tables) can be fragmented at the
GSE level. Reassembly is required to properly decode the data.
Change-Id: I555148e99d43e610208bd87fc64a4bc212fea4b2
Reviewed-on: https://code.wireshark.org/review/37592
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Add DTLS connection ID extension based on
draft-ietf-tls-dtls-connection-id-07, excerpt:
A CID is an identifier carried in the record layer header that gives the
recipient additional information for selecting the appropriate security
association.
* Support session tracking based on connection ID, i.e. a connection ID
list is built then looked up to retrieve the session of a packet, then
the related conversation is updated with this session.
Bug: 16600
Change-Id: I050d7b5b09dad33eb39d506aca67ee839b3b7181
Reviewed-on: https://code.wireshark.org/review/37351
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Routine "dhcpv6_domain()" of packet-dhcpv6.c has the following
issues:
a. It is unaware of partial (relative) domain names which unlike
FQDNs must *not* be root terminated(0); otherwise, the resolver
interprets them as top-level domains (TLDs) such as "com." and
"org.".
b. Malformed errors are not thrown when they should be and when
thrown, it does so for the wrong reason.
c. No detail is provided as to the nature of a malformation.
d. The routine does not know the difference between an "empty"
and "root-only" domain name.
Routine "dhcpv6_option():
The meanings of flags octet of the in the OPTION_CLIENT_FQDN
option sent by the client are different that those of the server.
These differences are not reflected in the display. In addition,
the description of the 'N' bit is incorrect in either case. The
sender type must be determined in order to label them correctly
and to detect conflicts among them.
These changes fully address the above issues. Six types of
domain name errors are now detected. I believe the unusually
large amount of detailed comments with RFC references and
explanations were needed in this case due to the introduction
of concepts such as partial domain names that were not
recognized as such and thus improperly handled and labelled.
The subtree option headers have been converted from "Text only"
to named fields (dhcpv6.option.type_str). Example captures are
attached to the bug report.
The msgtype global variable has been eliminatd.
Bug: 16627
Change-Id: I8d9bf1164835ece2272cc92dd0917322024422d2
Reviewed-on: https://code.wireshark.org/review/37661
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Cal Turney <cturney111@gmail.com>
As we're now checking the first *few* packets of the file, we must allow
*all* Packetlogger packet types when checking whether the purported
packet type is valid.
Put a note in the Packetlogger dissector so that, if anybody adds a new
packet type, they know that they have to add it to the reader code as
well.
Bug: 16670
Change-Id: Id83493f678182fd3e1b5537f4dfa295fe26dfcb1
Reviewed-on: https://code.wireshark.org/review/37675
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
- Rename Key ID Context header field.
- Account for ID Context in max info length calculation.
Change-Id: I6f61055dba74294ace275eb852e34ea6caa32627
Reviewed-on: https://code.wireshark.org/review/37642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Technically Enhanced Capture Module Protocol (TECMP) allows the
transport of data recorded on different technologies (e.g. Ethernet,
CAN, LIN, FlexRay). A typical usage scenario is data recording in
vehicles, e.g. for validating and testing autonomous driving.
Bug: 16661
Change-Id: If7c08529049cc1d30d9a5640b4216eac83546800
Reviewed-on: https://code.wireshark.org/review/37610
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 48.058 (version 15.0.0), section 9.3.5,
3GPP TS 44.018 "Mobile Allocation" IE shall for compatibility
reasons be included but empty, i.e. the length shall be zero.
It does not mean that the Mobile Allocation IE should not be
decoded by Wireshark though. Some BSC implementations may still
be sending it with length greather than 0.
Let's expose de_rr_mob_all() and use it in dissect_rsl_ie_ch_id().
If the length is greather than 0, raise a protocol warning.
Change-Id: Idd0f2b3cd1e684f2c812b566fde71a1cc727c2c4
Signed-off-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-on: https://code.wireshark.org/review/37575
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixing EAP WLAN identity dissection to account for
identities that contain periods. Also fixed an issue
with the identity unknown data field where it would
incorrectly calculate the number of remaining bytes
in identity messages. In that same vein, renamed the
field from hf_eap_identity_unknown_data to
hf_eap_identity_padding as it is only null bytes appended
to the end of identity strings. Lastly, I corrected
the EAP WLAN identity MCC and MNC lookup logic. It
wrongly assumed that NAI Realm MCC and MNCs should only
exist or dissect with permanent EAP identities which
is not the case. The algorithm used to perform lookups
would also not resolve all MCC/MNC pairs for the MNC value.
Bug: 16524
Change-Id: I1d9955618dab0c70de9fcd88088a4390989653c7
Reviewed-on: https://code.wireshark.org/review/37250
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Universal CRT supplies stdint.h, so there's no reason to define our
own types.
Change-Id: I40d4216136aaecae1dc07b0b32ac31032a74b632
Reviewed-on: https://code.wireshark.org/review/37648
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix regression due to different dissector function called.
Change-Id: Ibf3bfc5ac1cb740e71afa89018d57808c418cdab
Reviewed-on: https://code.wireshark.org/review/37638
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As this message does not include the Handover Type IE, let's use the
dissect_target_ng_ran_container_as preference
Change-Id: If220e22ee9cfb6ef0c794ff0f1bd6d75a0fdcf88
Reviewed-on: https://code.wireshark.org/review/37636
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since bbframes can contain ethernet packets, it is sometimes a bit
annoying to write filters handling multiple layers of ethernet/ip/...
This option allows disabling dissection of the inner packets to focus
only on the outside layers.
Change-Id: I9409d5b671b616477fe7cfcfaabe1f33f0d528c1
Reviewed-on: https://code.wireshark.org/review/37585
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The M bit is used in Block1 Option in a request and in Block2 Option
in a response. Use this to determine when to prefix the block number
information with "End of".
Change-Id: I11c741b15f97f68d668d6cbec97660a6ea392dc1
Reviewed-on: https://code.wireshark.org/review/37629
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
DVB-RCS specifies an NCR (Network Clock Reference) which can be included
in the GSE stream and used to synchronize the return channel.
Change-Id: Ie9c99c8964e44245258a4a446755b2c59379088f
Reviewed-on: https://code.wireshark.org/review/37584
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add items for block_payload and block_length to be used for block
analysis when reassembly is not complete.
Change-Id: I969cac9a50903431c727a2fc424eca464f0167d7
Reviewed-on: https://code.wireshark.org/review/37622
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
I002/070 dissection is broken in two ways
- According to spec the name is "Plot Count Values"
- The bitfield for IDENT is interpreted incorrectly
Bug: 16663
Change-Id: I224a53bcecf11a3cbc98bfaa3533caf51bea21ec
Reviewed-on: https://code.wireshark.org/review/37615
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also simplify some boolean logic in packet-dcerpc.c.
All reported by cppcheck.
Change-Id: I2075f2ec10dc777ad7635da4ef056d17fc5b0be0
Reviewed-on: https://code.wireshark.org/review/37609
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Remove an "if(tree)" test in order to ensure that our offset always
advances.
Bug: 16029
Change-Id: I5bb38f2eccfbf3c44a06682a17aafcba9d8fa0c6
Reviewed-on: https://code.wireshark.org/review/37611
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace a couple of REPORT_DISSECTOR_BUG instances with
proto_tree_add_expert_format. This should hopefully keep the fuzz
builder from complaining.
Bug: 16597
Change-Id: I0ec281bf69244f339cdcbbe49632130f17124419
Reviewed-on: https://code.wireshark.org/review/37600
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pass Length=0 to proto_tree_add_item will cause get_uint_value
to throw error of 'Trying to fetch an unsigned integer with length 0'.
Change-Id: I0fb457d175b719517419291adaedef5cacc9544a
Reviewed-on: https://code.wireshark.org/review/37614
Reviewed-by: Zhenhua Hu <fattiger1102@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting response values with a non-zero status, the length
calculation was incorrectly using the entire bodylen and not the
actual value_len. This is likely due to an error in adding support for
flex_frame_extras, before which bodylen == valuelen.
Change-Id: I1d622bea582abcfafc5e97881d94fd7a7db6c80a
Reviewed-on: https://code.wireshark.org/review/37598
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Both of these opcodes can have XATTRs present in the binary
encoding. Add them to the set of opcodes for which we decode XATTRs.
Change-Id: Iee09c720dc4306b8e9c4ebb07673b2709f079a24
Reviewed-on: https://code.wireshark.org/review/37597
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding the CreateAsDeleted flag for subdocument
doc_flag.
Also add some Hello feature flags which were missing (VAttr and
Point-in-Time Recovery).
Change-Id: I7ae1b6e787ee038b5d0f1dbd416f3675eb3be697
Reviewed-on: https://code.wireshark.org/review/37593
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>