Convert SCTP port preferences in dissectors starting m-z.
Preferences that were already the name of the table can just
be removed from the dissector and they will migrate. Preferences
with a different name are added to deprecated_port_prefs in
epan/prefs.c (Since that function handles them there is no
need to mark them as obsolete.)
Also change a few TCP and UDP single ports reigstered with
preferences and callbacks that used the sample dissector as
a template.
Uses more auto preferences, makes more port preferences ranges,
and reduces the number of preference callbacks. Ping #14319
A few more protocols that have callbacks to retrieve auto preferences
for request/response determination. Convert them to getting ranges,
since all these are ranges now. Ping #14319
Improve the ESP NULL autodetection, and get it closer to the
heuristics in RFC 5879:
Detect multiple ICV lengths - 12, 16, 24, and 32
Check padding length validity
Check padding values
Reject if the subdissector rejects the packet
Still does not attempt to properly detect ENCR_NULL_AUTH_AES_GMAC,
which has a nonzero IV.
Fix#13730.
The flag of unsigned fields is either 0x0 for signed integer fields or
0x80 (128) for unsigned integer fields.
The code expected 0x0 for signed and 0x1 for unsigned to match the right
dissector for the field, causing no match to be found.
Example client code:
```c
int main(int argc, char **argv) {
MYSQL *con = mysql_init(NULL);
if (mysql_real_connect(con, "127.0.0.1", "root", NULL, NULL, 4000, NULL, 0) ==
NULL) {
printf("%s\n", mysql_error(con));
mysql_close(con);
exit(1);
}
MYSQL_STMT *stmt = mysql_stmt_init(con);
mysql_stmt_prepare(stmt, "DO ?", 4);
MYSQL_BIND bind[1];
int my_int = 1;
bind[0].buffer_type = MYSQL_TYPE_TINY;
bind[0].buffer = (void *)&my_int;
bind[0].is_unsigned = 1;
bind[0].is_null = 0;
mysql_stmt_bind_param(stmt, bind);
mysql_stmt_execute(stmt);
mysql_stmt_close(stmt);
}
```
The port pref value is used in a callback, so convert that to
retrieving a range. Also, remove the old preference (it was
converted to use an auto preference some time ago but the
duplicate preference wasn't removed.)
Ping #14319
Update the dns_pkt_addr_resolution, use_external_name_resolver, and
use_custom_dns_servers names to be more consistent. Make it more clear
that use_external_name_resolver uses you're system's DNS settings.
When a single port is added to a dissector along with an auto
preference, make it create a range preference (defaulting to
that single value.) This converts the rest of the auto port
preferences to ranges.
Ping #14319. Still to do are converting other non-auto port
preferences to auto preferences (e.g., sctp ports), and maybe
some minor cleanups.
Dissect the receipt info object that may appear in the tlv container of a
zvt message.
Define an ett value for receipt bitfields and use it for receipt info and
receipt param. We shouldn't be using the ett for the tlv tag.
The code checks for state=LOGIN, but the state is set to RESPONSE_OK,
which is not correct in case of TLS as the packet following the non-TLS
LOGIN is another LOGIN, but on TLS. The first LOGIN is not really a
LOGIN, but more of a STARTTLS situation.
Closes https://gitlab.com/wireshark/wireshark/-/issues/10346
Make add_for_decode_as_with_preference create a range preference,
instead of a single uint preference. Decode As allows multiple
ports to be set for a dissector, so a range preference is correct.
This prevents an odd situation where the quasi preference only
holds the last value set in the Decode As table, and changing it
only changes that one value, not all the other values. Moving
the preference to a range also means that the empty string clears
the result instead of doing nothing. (With uint preferences
inputing 0 is required to not dissect.)
This moves a lot of the automatic port preferences over to ranges.
Ping #14319. Fix#15554.
Releases 98 and 99 are older than version 8. Also fix the
extra length added for RADIUS so that it properly accounts
for the lack of allocation-retention priority in RADIUS.
Previously it was off by one, which caused errors in Release
98. Fix#10688 again.
The TCP and UDP follow conversation filter functions should
only retrieve a conversation and conversation data, not
create new conversations or new stream numbers. (That should
only happen during actual packet processing.) So they should
match on the endpoint type and not look up endpoints (since
TCP and UDP don't use the endpoint API.)
They still don't work with tunneling, or any other situation where
the addresses and ports have been changed (see #18231), but this
at least works when some other protocol _has_ used the endpoint
API, and also avoids creating nonsensical streams.
Making them work properly with tunneling either requires adding
packet info to each packet with the stream information, or using
the endpoint API (after finishing it to allow more than one endpoint
on the packet, and a way of searching for endpoints other than
the most recent.)
Add the currency codes for CHF, GBP and USD to the list of currency codes.
ZVT is used mainly in german speaking countries. The currencies above plus
EUR should cover most use cases. If necessary, we can add more currency
codes from https://en.wikipedia.org/wiki/ISO_4217.
Remove the redundant BASE_FLOAT field display type. The name
BASE_FLOAT is meaningless and the value aliased to BASE_NONE.
Require BASE_NONE instead of BASE_FLOAT (corresponding to
the printf() %g format).
Add new float display types using BASE_DEC, BASE_HEX and BASE_EXP
corresponfing to %f, %a and %e respectively.
Add support for BASE_CUSTOM with floats.
For QUIC, we explicitly know the server direction. Use that
in order to correctly mark which packets are from the server
verus from the client, instead of assuming that the first packets
in a stream are from the client (which is true for a connection
generally but not necessarily a stream). This also allows us to track
direction across connection migration instead of marking all
packets after migration as from the server.
Similar to commit 2eb7b05b8c,
replace the RTP payload type preferences with automatic
dissectors.
This reduces the number of preference module callbacks.
ISO C Std § 6.7.2, 5: "for bit-fields, it is implementation-defined
whether the specifier int designates the same type as signed int or the
same type as unsigned int." (See also the note in § 6.7.2.1 and ISO C
Std Appendix J.3.9.)
A gboolean is a typedef'd gint. Therefore, many implementations,
including gcc and clang, treat a gboolean bitfield of width 1 as
signed, meaning that it has two possible values: 0 and -1, any time
the integer promotions occur (which is all the time.) Constructs like this:
dgram_info->from_server = TRUE;
if (dgram_info->from_server == TRUE) ws_warning("True");
will not work as expected, though gcc (but not clang) will give an
error:
/home/johnthacker/wireshark/epan/dissectors/packet-quic.c:3457:37: error: comparison is always false due to limited range of data type [-Werror=type-limits]
3457 | if (dgram_info->from_server == TRUE)
|
proto_tree_add_debug_text(quic_tree, "Connection: %d %p from_server:%d", pinfo->num, dgram_info->conn, dgram_info->from_server);
Connection: 1 0x7fc4b47f2be0 from_server:0
Connection: 2 0x7fc4b47f2be0 from_server:-1
Connection: 3 0x7fc4b47f2be0 from_server:0
Connection: 4 0x7fc4b47f2be0 from_server:-1
At worst this can cause buffer overruns.
If a bitfield is desired, to guarantee expected behavior the standard
_Bool/bool should be used instead.
Pascal Quantin