Fix the field names and the filter strings accordingly.
Change-Id: I4275abc04962a364dfea2ea76ca9877d82e0ae06
Reviewed-on: https://code.wireshark.org/review/33354
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The aeron hartbeat frame is a data frame with zero length. The rounded
length is used to report back consumed bytes. Set that to the real
length of a heartbeat frame, being 24.
Sample captures show trailing zero bytes after a heartbeat frame. Make
sure trailing zero bytes are not tested for additional frames.
CID 1439592
Change-Id: I99580179830b6de0886a1d57f994f4a9c5a1ae6d
Reviewed-on: https://code.wireshark.org/review/33243
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
remove the _U_ tag
Change-Id: Id0cfb160903cf3a72adee20fa5c388d68c991a56
Reviewed-on: https://code.wireshark.org/review/33353
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
ENC_UTF_16 does *not* go with ENC_NA; ENC_NA is for cases where the byte
order is "not applicable", such as a 1-byte number or a character
encoding where every character is encoded in 1 byte, but UTF-16 isn't
one of those cases, as a character is encoded in either 1 or 2 2-byte
values. This being a Windows thing, the byte order is little-endian.
Change-Id: Iab0db3fa2c5d2c25be209e4ed0ebd57827edbcd8
Reviewed-on: https://code.wireshark.org/review/33347
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Code page numbers are generally referred to by their number in decimal,
not hex.
Change-Id: I1dee3df09cf7b5efaca2f4144ee5fcbc8d3ee44c
Reviewed-on: https://code.wireshark.org/review/33343
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, add the Euro to code page 1251, expand the comments
for 1250 and 1251 and some DOS code pages, and add support for code page
1251 to tvb_get_stringz_enc().
Change-Id: I053d58f87cac26ad7c109e2f1cd8807ffec0622d
Reviewed-on: https://code.wireshark.org/review/33342
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a rule for interpretation of the length field of counted-string and
counted-octet-string fields. This means it's 1) not a general rule for
interpreting integers and 2) not a character encoding, as it also
applies to octet strings and, even for character strings, it's
*orthogonal* to the character encoding.
Therefore, it should *not* be one of the character encoding values; it
should be a bit flag.
Make it so. This means that
1) a character encoding can be specified for Zigbee Cluster Library
strings (they appear to have multiple character encodings possible);
2) the test of it that tested it as if it were a flag will no longer get
confused by character encodings that set one or more of the bits in the
old encoding value;
3) you don't have to special-case the encoding value passed to
get_uint_value().
Put in a comment emphasizing that values that aren't character encodings
should *not* be placed in the set of character encodings.
Change-Id: I8f50aaee8ca60b0781044287e9b38111de38c81f
Reviewed-on: https://code.wireshark.org/review/33341
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On macOS, <build directory>/run/wireshark is a wrapper script that execs
run/Wireshark.app/Contents/MacOS/Wireshark so that Launch Services will
activate our application properly. We don't need to worry about this for
our other executables. Make them symlinks so that we can run things like
`lldb run/tshark` with impunity.
Change-Id: I4e656d778040ece722f873b1a7f6e6e60d21e2a6
Reviewed-on: https://code.wireshark.org/review/33071
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dynamic cast may yield NULL pointer, hence must be checked before
dereferencing it. Easy enough in a conditional.
CID 1435488
Change-Id: I8359ab5865795f1b1bea6980b023ff636d6719a6
Reviewed-on: https://code.wireshark.org/review/33316
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use realpath() to resolve our program file directory on macOS. This lets
us create symlinks to the program files in our application bundle
without affecting our plugin and other paths.
Change-Id: If77cbd7da56e01f2cd602334d361c8aa52afeae0
Reviewed-on: https://code.wireshark.org/review/33151
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
DCP_COMMIT, DCP_ABORT and DCP_SEQNO_ACK no longer include two seqnos,
just a single one.
Add missing status codes for durability-related statuses.
Change-Id: I97b847dd43c59405d69410ef28b0b362111c0fbd
Reviewed-on: https://code.wireshark.org/review/33339
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changed type for the RatingGroupId fields, from signed32 to unsigned32.
This fixes the problem of getting "-1" values at G_MAXUINT32.
Change-Id: Ia1113901657bedc8d9c231aa1fe38b63170b2257
Reviewed-on: https://code.wireshark.org/review/33338
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Uploaded a LLDP test file, Bug 15793
Change-Id: I65bdf496df64a5a957b132a402c6535bec60cf84
Reviewed-on: https://code.wireshark.org/review/31598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wrong offset was used in the Additional entries
Change-Id: I408de47e31c2faec5fbc7f8c562949b1a5c348e9
Reviewed-on: https://code.wireshark.org/review/33336
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcapng.h defines some typedefs for its structs for more readability.
Use them in dumpcap.
Change-Id: I7f4cc47819314732ddcd5076b38f68c52aedb071
Reviewed-on: https://code.wireshark.org/review/33329
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I46d0822b2939793990b7e0ef6a34bd421335c919
Reviewed-on: https://code.wireshark.org/review/33337
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way if we try to decode non IP data as IP (due to preference
setting), this does not prevent the end of the packet from being
dissected.
While we are at it, let's improve the heuristics.
Change-Id: Ic5b76cd84554fcbd10c3cf59294783933196163a
Reviewed-on: https://code.wireshark.org/review/33331
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
With the addition of handling the rtcp and rtpc-mux media attributes
(see cde023c3c5) the default behaviour
of presenting the media attribute value itself was lost. This change
adds this back.
Bug: 15791
Change-Id: Ib0084b99961bfadf1d89c70b54bd4a0805f9b9f6
Reviewed-on: https://code.wireshark.org/review/33314
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DPNSS specification for the Service Indicator Code
Synch/Asynchronous Information field states that the lower three bits of
this field define the Data Type. This requires a filter of three bits,
in this case 0x7, instead of 0x3 which is two bits.
CID 1159107
Change-Id: I38eec252c771adf085f98c3be077c9de102a37d2
Reviewed-on: https://code.wireshark.org/review/33317
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current development builds and next official release of USBPcap will
feature generic unknown URB Function capture. When USBPcap notices URB
Function code that it does not understand, it'll write the USBPcap
pseudoheader with transfer type 0xFF (URB_UNKNOWN). The pseudoheader
will contain the IRP ID, status code, URB Function code, bus id, device
address and PDO->FDO or FDO->PDO flag. Other fields in the pseudoheader
will be 0.
Capturing such packets serves multiple purposes:
* Makes it clear that the USBPcap capture is incomplete
* Combined with expert info, makes casual users able to report device
whose driver does issue IRPs with unhandled URB Function codes
* Shows that USBPcap can be improved to capture such data
Bug: 15792
Change-Id: Ib44c6bf05dd9f025617368e44b7dc80b5910aacd
Reviewed-on: https://code.wireshark.org/review/33307
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The _open_osfhandle() does take ownership of the handle and thus the
underlying handle gets closed at the same time as the file-descriptor.
As we want to preserve the underlying pipe handle, create a duplicate
handle and use the duplicate handle with _open_osfhandle().
Change-Id: Iaa52fbae8e72b1ba74ab8ea9a44def8dc2ab4570
Reviewed-on: https://code.wireshark.org/review/33251
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: Ic9f9e323420bf6add83c7a8f7b56a6206eeb2c67
Reviewed-on: https://code.wireshark.org/review/33295
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The content of the list returned by g_hash_table_get_values() is owned by
GHashTable and should not be modified or freed. However, the list itself
should be freed using g_list_free().
Change-Id: Ie4a1da290f25dbd6dc2f3a01f051bfca13bb01d3
Reviewed-on: https://code.wireshark.org/review/33281
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
As for debian/rpm/bsd add a script that helps the user to setup
a development environment for alpine.
Tested on s390x alpine.
Change-Id: Ib4e002385ce748b764ae7ff51f39a9cfce61590c
Reviewed-on: https://code.wireshark.org/review/33268
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It was using the same index into the input and output strings, which
means that if it escaped any character, it would skip the next two
characters in the input sring.
It was also not clearing is_reserved before testing whether a character
was reserved, so once it saw a character that neede dto be escaped, it
would escape all subsequent characters.
It was only used in get_key_string(), which was never used, so it was
dead code, but let's at least fix it, even if we end up removing that
code, so that if we bring it back, we bring back a non-broken version,
and so that if anybody *else* uses it, it's not broken.
Change-Id: I36588efad36908e012023bcfbd813c749a6a254f
Reviewed-on: https://code.wireshark.org/review/33287
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make a configurable preference to show the publish message as text
to bring back the old behavior.
Ping-Bug: 15738
Change-Id: I90ff4ab4c8fe857fa7ea585f67aef516d84c22c1
Reviewed-on: https://code.wireshark.org/review/33284
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
There may need to be more of these.
Bug: 15740
Change-Id: I5d3a97ed50d66dfcb85df0ab7053e8a44c531134
Reviewed-on: https://code.wireshark.org/review/33280
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This value is used when checking if the file was generated on a
machine with different endianess. The error message changes from
"Unrecognized pcapng format or not pcapng data."
to
"dumpcap: Interface 0 is big endian but we're little endian."
Fix dumpcap.c and pcapio.c.
Ping-Bug: 15754
Change-Id: I3a31f873f01bcb3f1324410e70f29f285e56c715
Reviewed-on: https://code.wireshark.org/review/33274
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Found by clang with -Wextra-semi
Change-Id: I259f168759caab239c0e67526afbfa62c032b8b6
Reviewed-on: https://code.wireshark.org/review/33283
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Since the "quic " label was dropped in draft -17 (which happens to be
our minimum supported QUIC draft version as well), the QUIC and TLS 1.3
base secrets are the same again. Temporarily accept both the QUIC_xyz
and xyz labels, hopefully we can drop the "QUIC_" label soon.
Change-Id: Ib3919997db75c2e9652239a5d6400876df745fdb
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/33275
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use the standard TLS 1.3 Key Update variant (broken since draft -13).
Fix key_phase change detection (gboolean is signed, and 1 != -1, so it
would always trigger a key update when KP1).
Fix typo that breaks Key Update for the client (server_pp -> pp_state).
Tested with attachment 17132 from the linked bug.
Bug: 13881
Change-Id: I0246816e99d2e3ed509aa3ebb8a57b753399dde4
Reviewed-on: https://code.wireshark.org/review/33279
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch adjusts the inconsistent usage of the is_mandatory flag
passed to the dissect_* functions for optional IEs, which fixes the
issue of incorrectly parsed RSL ERR REP optional IEs and the equally
broken BCCH INFORMATION optional IE parsing.
Bug: 15789
Change-Id: I94ea8fe110d8d6aa6ebd0cec5013d3cc8fd55311
Reviewed-on: https://code.wireshark.org/review/33269
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove duplicate defition of extcap_free_toolbar_control() and
extcap_free_toolbar_value().
Change-Id: Ia4c8ca6160017d769616579db158419426e664b7
Reviewed-on: https://code.wireshark.org/review/33224
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>