Type 1 is Peek type (using Peek dissector)
Peek dissector is also update for Cisco AP, Pass info to peek dissector it is "Aruba PEEK" (with buggy FCS)
Add also check of signal value (when signal strength = 100%) it is a TX packet and there is no FCS
Bug:11204
Change-Id: I435e0e3275bc0a03fa534e49e86251114f568040
Reviewed-on: https://code.wireshark.org/review/8710
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add a check of signal value (when signal strength = 100%) it is a TX packet and there is no FCS
Only work for Type3 (no signal information on Type 0)
For type 0, Always display the FCS
Bug:11204
Change-Id: I837f8c01c0d0284ecb218b6b03fa9ac025fac5f2
Reviewed-on: https://code.wireshark.org/review/8569
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use a red-black tree instead of a hash map so as to take he current frame number into account
Only insert entries in the red-black tree on first pass
Bug: 11250
Change-Id: Ic6e4a5e4f3cd4a22c2df0b8851c6651695648fa8
Reviewed-on: https://code.wireshark.org/review/8763
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I555e4f487fb5aafa61dabfcab784dad5e71510ec
Reviewed-on: https://code.wireshark.org/review/8769
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
SSL traffic from tshark with -o ssl.keys_list.
For example, as used in a new test also added in this commit:
-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS"
Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e
Reviewed-on: https://code.wireshark.org/review/8746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
into a 32-bit value
Change-Id: Ib741ad1c4f237ca921c01c86a521a238cdf25e8f
Reviewed-on: https://code.wireshark.org/review/8761
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-pmproxy.c:93: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-pmproxy.c:94: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-pmproxy.c:95: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-rtpproxy.c:831: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: Ibf1491c1e56dfe6684fe2fe67edc1a721d5de56f
Reviewed-on: https://code.wireshark.org/review/8753
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Implements dissection for the Performance Co-Pilot proxy protocol. Its a
simple protocol that exchanges host and port information and then passes
all traffic via the usual PCP protocol.
Change-Id: I54fbf6b7755b7b1c60e0e1696ac9c4f0d98d8fe7
Reviewed-on: https://code.wireshark.org/review/8704
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Merge both 'positive reply' and 'version ack' processing into one block.
* Also use realsize where possible instead of recalculating packet's size
again.
* Add a bit more comments.
* Remove some 'magic' numbers. Use actual string sizes instead.
* Skip trailing zeroes inserted by some old SIP-servers.
Change-Id: Ie66aa4d6e807a1f351b62d36333301fdec1550fa
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/8738
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia6b62fae76ae76a2859ec47229e1c299bddb5a31
Reviewed-on: https://code.wireshark.org/review/8749
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Try to decode as many IP addresses as we can, even if they don't fit in the
table we store them in.
Only add IP addresses in the table once. We could theoretically reallocate
the table but the original code seems to assume the addresses should (in
non-fuzzed captures) only show up once per PDU. This part of the change fixes
the fuzz failure.
Bug: 11153
Change-Id: I56b9854ac1342080c9f32699a3f97750fa335696
Reviewed-on: https://code.wireshark.org/review/8748
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:11246
Change-Id: I303de72cda8e667dcd3ccd1af3f2989123718544
Reviewed-on: https://code.wireshark.org/review/8743
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- The starting offset for a consecutive frame search was off by 1
Change-Id: Ife77f9823e7e6d9a6601dba9c4cca74984e4ed40
Reviewed-on: https://code.wireshark.org/review/8741
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
use offsetof if defined or define it ourselfs as done in other
places in our code base.
Change-Id: Ia1c72c9648336e93ba8c14d4bc0371d782835370
Reviewed-on: https://code.wireshark.org/review/8735
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set column name to RTPProxy-ng if a new protocol is used.
Change-Id: I8c79ad5426808ad6944060e9c12fa4ac1f02e432
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/8737
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector was written in all macros, presumably to get just a single lines to display a field. The ptvcursor API is good for that, and using it over macros more than halves the object size. Real code (vs macros) is also much easier to use in a debugger. It also makes it easier for the check* scripts to find possible errors.
Also eliminate proto_tree_add_text.
Change-Id: Id07e015b5a2d1a98a4b36e40a426442d826d9a09
Reviewed-on: https://code.wireshark.org/review/8723
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ib94eabeea865ef5c5d9ce4cef26d9faa51c5659d
Reviewed-on: https://code.wireshark.org/review/8715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changes:
- Instead of special-casing masked and unmasked payload data, always
unmask the payload before using it. This fixes handling of SIP
requests which are masked and would previously not be dissected by
the SIP handle. (As a result, many fields are removed).
- Dissected text protocols (for example SIP) are now shown below the
Websocket layer instead of inside the payload tree.
- Use line-based text dissector as fallback for text decoding, and use
data dissector for binary decoding.
- Treat the optional close reason as UTF-8 instead of ASCII.
- Group the close fields (status code, reason) in a subtree below close
to avoid confusion. Make Close FT_NONE to avoid displaying hex.
- Split dissection of the payload in separate functions for control and
data frames.
Change-Id: I78b0078d51271bef94229d4b7c6c528b5e3a424d
Reviewed-on: https://code.wireshark.org/review/7294
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Part7
Fix last proto_tree_add_text (use expert info)
Change-Id: I9c4c053e5fc94f57608c7ee8355e6e16f8af6bd1
Reviewed-on: https://code.wireshark.org/review/8697
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 5
Update SAFNUM_LAB_VPNUNIMULC/SAFNUM_LAB_VPNMULCAST/SAFNUM_LAB_VPNUNIMULC
Simplify code but no tested on real pcap
Change-Id: I02fc1bc8d4b406f34918130d1eb24d514c24385c
Reviewed-on: https://code.wireshark.org/review/8695
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 4
Update BGP Type TUNNEL_ENCAPS_ATTR
Change-Id: Ib166cf42e4eee3513f4c2f64e18eb5de2ed4acf2
Reviewed-on: https://code.wireshark.org/review/8694
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a number of recent fuzz failures.
Bug: 11195
Change-Id: Ifa6cc380fd3f610469d3c795e234e6986cfaf674
Reviewed-on: https://code.wireshark.org/review/8699
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When specifying a filename preference (e.g. the SSL pre-master secret
log filename) don't warn about overwriting the file. Most of the time
we're reading the file and when we're not (e.g. for the SSL debug log)
overwriting it is kind of the point.
Preference descriptions are plain text. We display them in tooltips as
rich text. Convert them accordingly.
Fixup some of the SSL preference descriptions.
Bug: 11010
Change-Id: I4f1b1f3dd270c01648d9dd52ae20381c3c0d2e37
Reviewed-on: https://code.wireshark.org/review/8665
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Final part.
While there change deprecated tvb_length-xxx() calls
Change-Id: I8b0cf823c2d37a92c58fcb653f7fe1e8fdad5a79
Reviewed-on: https://code.wireshark.org/review/8642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id7ef95a56d9d8cc01f9a1a4556ad056b8bb7f8bc
Reviewed-on: https://code.wireshark.org/review/8654
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
remove also orig_offset (no longer needed)
Change-Id: Idc65b45fb67bae6acdca33962f3352a50296a6e5
Reviewed-on: https://code.wireshark.org/review/8650
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib7df1e2c40ad86866f5a3d6902a7a92144028be7
Reviewed-on: https://code.wireshark.org/review/8620
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's a FT_UINT_STRING field type
This reverts commit dc14e3ce0d.
Change-Id: I1185efbad459887fb9c16fb01e670bc43e6f2d84
Reviewed-on: https://code.wireshark.org/review/8623
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Pointed out by a warning in a compilation for ARM.
Change-Id: Iab2748adbdc88c9e6749da1c3835896683a1a091
Reviewed-on: https://code.wireshark.org/review/8648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: If66a3951037d01c1aa502c0695ea11c62cc4d208
Reviewed-on: https://code.wireshark.org/review/8633
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I656fa2f69453916dd5466265220e2b4590d3631c
Reviewed-on: https://code.wireshark.org/review/8632
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
delete unnecessary initialisations
declare variables at the start of a function
Change-Id: Ib427790c51c1fc7433d0f3c17dc9fa4748585180
Reviewed-on: https://code.wireshark.org/review/8631
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
sort them by layer
wrap long lines
make the filter strings consistent
Change-Id: Ibbeb405c6356abe61dd9a0194af1c072d2c1c971
Reviewed-on: https://code.wireshark.org/review/8630
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I53f9df7bf193551e786ad4ece368f3de702ce8de
Reviewed-on: https://code.wireshark.org/review/8628
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I3905fb83f5f70ee80e54fba479c0e8caca5baa6c
Reviewed-on: https://code.wireshark.org/review/8627
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6648c20a003392a7435ca0461d2b004a1d415d51
Reviewed-on: https://code.wireshark.org/review/8626
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id3e6258036112a64e4111d0483c572697681eb89
Reviewed-on: https://code.wireshark.org/review/8625
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Stop out of tree builds picking up the in-tree version and config.h
Change-Id: Icadc46cab66db72af2d475eac31b28d0ca10df90
Reviewed-on: https://code.wireshark.org/review/8204
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic7385d0555d72aa8ea2b9beb284ca1f6a115b174
Reviewed-on: https://code.wireshark.org/review/8616
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifb404f5bab58d06d7e1f0106f284c7ae9858a502
Reviewed-on: https://code.wireshark.org/review/8617
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
coverity picked up on this being effectively dead code, and it's trivial to
prove it will never trigger
Change-Id: I5a2893671a764914f483d4ff6bcc835c9b0d3b28
Reviewed-on: https://code.wireshark.org/review/8615
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia56d41d3591f759619f13d6df679579f9d9888f7
Reviewed-on: https://code.wireshark.org/review/8621
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1ff863d0a4e114223b8fe283b1dc894e39fcefd7
Reviewed-on: https://code.wireshark.org/review/8618
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 8573
Change-Id: I65a71a2c12cda61ed4c4b52a8ea0441261782942
Reviewed-on: https://code.wireshark.org/review/8597
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is not an optimal solution, but fixes the reported problem.
The do_address functionality should probably be rewritten to
only use pinfo for storing data.
Bug: 11210
Ping-Bug: 8515
Change-Id: I2625cc4044ab93b6e943a3c2d2ffd1b26149da29
Reviewed-on: https://code.wireshark.org/review/8585
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
left shift of 1 by 31 places cannot be represented in type 'int'
Change-Id: I0135b73c14bab05153a9ba2f5477f8651388037d
Reviewed-on: https://code.wireshark.org/review/8588
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
NFSv4 attributes are transferred as a bitmask, followed by each of the
attributes in the bitmask. The offset and length of the dissected attribute
values should point at where the attribute values are; instead, they were
pointing at the bitmap. Fix that.
Change-Id: I4f93b7fffd7497306ae828a2fbd3c0e9b0accd1c
Reviewed-on: https://code.wireshark.org/review/8536
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The NFSv4.1 dacl and sacl attributes consist of a 32-bit acl flags field,
followed by an access control list in the same format as the acl attribute.
Bug: 11208
Change-Id: I5fb08f9764c21cd6abb4ee02265e4e6b4ed54f01
Reviewed-on: https://code.wireshark.org/review/8526
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A character "v" was mapped to a different command parameter. So we
should replace it.
Change-Id: Ia668b0b0bead7bb4c4ba0a60f51f53daf2095a36
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/8571
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Presumably it got the port when it became an RFC.
Change-Id: I0afb815bcfe4b36b896fa6f7e62f93047a36b05b
Reviewed-on: https://code.wireshark.org/review/8576
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As either Grace Hopper or Andrew Tanenbaum, depending on which claim you
read, said, "The {wonderful,good} thing about standards is that there
are so many to choose from." Which standard for Lawful Intercept headers
do you want?
Change-Id: I8633e3d3e3d9a205f643d63980a80986e59d43f4
Reviewed-on: https://code.wireshark.org/review/8579
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Trailing whitespaces, indent and typo fixed, used value_string.
Fixed EOF Problem (Ubuntu Petri Dish failed)
Bug:11213
Change-Id: I4ecc11b17c34dd993a72903ad4314c51ada64e02
Reviewed-on: https://code.wireshark.org/review/8532
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 7496
Change-Id: Ic1648f1c111913b7370b2eaf5557c4d8ea078033
Reviewed-on: https://code.wireshark.org/review/8546
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Double space between Signal Strength and [percent]
Change-Id: Ibf645a9e44d2e642df8fd53afd0a6ccbbb2adde0
Reviewed-on: https://code.wireshark.org/review/8549
Reviewed-by: Anders Broman <a.broman58@gmail.com>
("And that, children, is why we always test different message types before submitting").
Change-Id: I29c730c01db4596a2326dcadfcffa3a20758569a
Reviewed-on: https://code.wireshark.org/review/8539
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ic5f87480273e0a097900ace6a7538c34b2a89444
Reviewed-on: https://code.wireshark.org/review/8545
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I02349c2e7aa00c1b105ab069a9fe9b66d130bc7d
Reviewed-on: https://code.wireshark.org/review/8543
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Added back code removed in commit for bug 8515.
Bug: 11210
Change-Id: I23bf56f88d8a1320da8404a82a8d9d3aacc3dace
Reviewed-on: https://code.wireshark.org/review/8537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 2
Update VPLS-BGP and BGP-AD
Change-Id: I6a311bfc69d9666be6f83e38042745162701aaac
Reviewed-on: https://code.wireshark.org/review/8485
Reviewed-by: Michael Mann <mmann78@netscape.net>
The next commit will use some of these definitions before their (previous)
point of definition.
Change-Id: Ic7c96bc48d338bb7b44bf295af3fadc3e7bec370
Reviewed-on: https://code.wireshark.org/review/8525
Reviewed-by: Michael Mann <mmann78@netscape.net>
Inspired by the patch in bug 3749, added better dissection of opcodes and better (but not complete) support of multiple messages in a frame.
Provided links to firebird source.
Bug: 3749
Change-Id: I403728d32d634c23e1af7ce842f9aaca4014ed78
Reviewed-on: https://code.wireshark.org/review/8494
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I422e8644445d7bb8a8ae43f426183db6b8974839
Reviewed-on: https://code.wireshark.org/review/8530
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
rename some variables and remove obsolete comments while we're at it
Change-Id: Ib400c371ea52c3681fbc1d25ef42791e4aeff9e4
Reviewed-on: https://code.wireshark.org/review/8529
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I593527fafa38312d5d4e8f778e9af0d6294bb3f8
Reviewed-on: https://code.wireshark.org/review/8528
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
if the response TPDU starts with 0x80 (T_SB), this is not an unknown
tag, it simply indicates that the optional header and body are absent
this bug was introduced in e597acdc48
Change-Id: I076a0c9f0ea124e11edbb7a0bc0e41d1ab6f374a
Reviewed-on: https://code.wireshark.org/review/8527
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It's already put there by dissect_ntlmv2_response(); no need to do it
again.
Also, rename "NTLM Client Challenge" to "LMv2 Client Challenge", as
that's what it is (ChallengeFromClient from 2.2.2.4 LMv2_RESPONSE), and
rename "Client Challenge" to "NTLMv2 Client Challenge", as that's what
*it* is (ChallengeFromClient from 2.2.2.7 NTLM v2:
NTLMv2_CLIENT_CHALLENGE).
Change-Id: If95e2c77323cb597df7e400bf9ffc045d94c60e2
Reviewed-on: https://code.wireshark.org/review/8524
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The "result" argument to dissect_ntlmssp_blob() is never null, so don't
check for it being null.
Have separate clauses for LmChallengeResponse and NtChallengeResponse,
and do the checks for NTLMv1 vs. NTLMv2 inside those clauses.
Do the copy to client_challenge within the AUTHENTICATE message parsing
only if we've already determined that it's an NTLMv2 message.
Add some comments to better explain what's being done and to ask some
questions.
Change-Id: I52345eaeac4252d928b2e477751817084bf4e363
Reviewed-on: https://code.wireshark.org/review/8523
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not all requests have them, so check for them to avoid crash.
Change-Id: I265fb8ad9f63132bee6eeb1aa521cae8b8df82b9
Reviewed-on: https://code.wireshark.org/review/8521
Reviewed-by: Michal Orynicz <michal.orynicz@tieto.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icf1686e9f1530a602ec5b03572be53d4f245d70c
Reviewed-on: https://code.wireshark.org/review/8520
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4f78a3a15aa04c52042f7461d11b31c95f7e9590
Reviewed-on: https://code.wireshark.org/review/8519
Reviewed-by: Michael Mann <mmann78@netscape.net>
HCI Commands in most cases generate response in Event queue, so try
to map event to command and give user response time information.
Change-Id: Ib4956829b7d0064ab528aa3202f8f959d8d371b7
Reviewed-on: https://code.wireshark.org/review/8514
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
New event will be added later, for now all number are useful.
Change-Id: I83b77627dfb0c511710c3080aaac0f6857f76137
Reviewed-on: https://code.wireshark.org/review/8513
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Check previous dissector before cast data parameter.
That also causes Head overflow too.
Change-Id: I8f6ce2ec183e4c757613fd7e1959d9d0e4cfc89e
Reviewed-on: https://code.wireshark.org/review/8512
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It is used to distinguish SCO streams.
Stream Number increase any time when new SCO connection is created.
Change-Id: I6cf68914112980cdbad345e52469bf2baf214551
Reviewed-on: https://code.wireshark.org/review/8510
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
API used by this field is implemented, so field can be enabled now.
Change-Id: Ifc8de81157c9b125ba769d14ec57a498d9810c5f
Reviewed-on: https://code.wireshark.org/review/8507
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also map some Types to Dissector Table dissectors.
Change-Id: I1a1924924ac569368b3a4fafdc05c98e4a8d4841
Reviewed-on: https://code.wireshark.org/review/8506
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It will be useful for analysis. Also support partialy known path,
unknown part is shown as "?".
Change-Id: I0299e64d233022d1941b364afc4a6be0c9f4d23e
Reviewed-on: https://code.wireshark.org/review/8505
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The values make more sense swapped (and the code is super-old) so I'm assuming
this was just a long-uncaught typo. Fixes a valgrind error at any rate.
Also replace a malloc+memcpy with a memdup for simplicity.
Bug: 11203
Change-Id: I74c0aff548b844cf90610db56a143f3eac172658
Reviewed-on: https://code.wireshark.org/review/8493
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
There's all sorts of interesting stuff out there on the Intertubes if
you happen to be searching for the right thing.
Change-Id: Ib5e18ece5dfaa284ece8cfda23887a9408c8318e
Reviewed-on: https://code.wireshark.org/review/8503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 2771
Change-Id: Ic2904c981a182be5859c3840025e7ffa9ea387ed
Reviewed-on: https://code.wireshark.org/review/8501
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Give better comments describing the 5 different formats Aruba equipment
can use.
It's "Aruba Networks", not "ARUBA" anything.
Change-Id: I300d77375e8182b60e830cb545d8802c1a49569c
Reviewed-on: https://code.wireshark.org/review/8500
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I0b19d4576b652dc9dd94346c75945e0bdc554a0e
RFC7540: Hypertext Transfer Protocol Version 2 (HTTP/2)
RFC7541: HPACK: Header Compression for HTTP/2
Reviewed-on: https://code.wireshark.org/review/8478
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ib533bd2526c27cf5f1161616fcf52136e40c827a
Reviewed-on: https://code.wireshark.org/review/8484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix an infinite loop when no transaction end offset is present and
`megaco_tvb_find_token` returns -1.
Bug: 11193
Change-Id: I82c7b795e522efca674787e504427f64b8c28fc4
Reviewed-on: https://code.wireshark.org/review/8483
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
No need to run them through the "raw IP" dissector.
Change-Id: I63639651873f00326a20b88a08ecb4ab3b9a83b3
Reviewed-on: https://code.wireshark.org/review/8459
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's completely normal that there's no link information when you're dissecting
raw packets. This does leave the Raw protocol tree without any children
(which looks a little funny) but I don't want to take it out and I don't see
anything useful to put under it.
Also change the Raw protocol item to cover all the bytes of the TVB (like the
frame item).
Change-Id: I44c1ac954c9989273d0c461ba366caba0a480ea6
Reviewed-on: https://code.wireshark.org/review/8454
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make a union of the 4 bytes of the address and the address as a 32-bit
integer, and fill in the bytes differently based on whether it's an
interior or exterior route. Rather than just casting a pointer to a
byte to a pointer to a 4-byte integer - which may not be safe, as the
byte array might not be properly aligned - just use the integer member
of the union.
Change-Id: Ic0e78a832cedb9a5a8d435a6c911409b17e41685
Reviewed-on: https://code.wireshark.org/review/8443
Reviewed-by: Guy Harris <guy@alum.mit.edu>
*seq[slength - 1] means *(seq[slength - 1]), where seq points to a
"const gchar *", so it fetches the pointer at an offset of slength - 1
from the pointer to which seq points, and dereferences that pointer.
What's wanted is (*seq)[slength - 1], i.e. fetch the pointer to which
seq points, and fetch the byte at an offset of slength - 1 from the byte
to which said pointer points.
Change-Id: I7246f5e6093d035bad59be530893f3fc54dad97e
Reviewed-on: https://code.wireshark.org/review/8441
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is useful when people export displayed packets of a USB sub dissector (like MBIM) without keeping
the USB setup requests and still expect to have "Decode As" functionality working
Change-Id: Iad32ddc7b87544ff568a091f03e393a106f38554
Reviewed-on: https://code.wireshark.org/review/8430
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I455a4f81798c7a99a48551ae362dabf2b697cf88
Reviewed-on: https://code.wireshark.org/review/8427
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Have megaco dissector display fields as their are "interpreted", not as raw data with "interpretation" as a subtree
2. Replace/remove proto_tree_add_text
3. Convert some "numeric string fields" into numeric values.
4. Add some more dissection discovered while looking for sample captures.
Bug: 6732
Ping-Bug: 10909
Change-Id: Ie051a8a16ef2355681a24be8789bae0971632cd1
Reviewed-on: https://code.wireshark.org/review/8382
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use proto_tree_add_item when it is possible
Add display of reserved field...
Change-Id: Id47c237f06e28e7d5dfbd92848dc26a7496cf799
Reviewed-on: https://code.wireshark.org/review/8398
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rewrite display of PIM(v1) Address and remove last proto_tree_add_text call :)
Change-Id: I020970e80338d15dbe68e32713b8ada31fd0a4e2
Reviewed-on: https://code.wireshark.org/review/8397
Reviewed-by: Anders Broman <a.broman58@gmail.com>
only 2 proto_tree_add_text calls, (it will be remove on another patch)
Change-Id: I670e37bbbe1cc3ae740a94cd620fa14f20cb9feb
Reviewed-on: https://code.wireshark.org/review/8396
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since Diameter does heuristic checks before calling tcp_dissect_pdus() we
have to "manually" ask for more data if the tvb is too short for our
heuristics.
Bug: 11183
Change-Id: I14c36042306b532b53df80cc3971866b76094084
Reviewed-on: https://code.wireshark.org/review/8405
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
- ensure that MBIM tree is not below URB setup one
- do not try to dissect an empty tvb
Change-Id: I8c6655727eec7df84882fd861d5581848340e0f3
Reviewed-on: https://code.wireshark.org/review/8410
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
http://www.bitterfilms.com/rejected.html
1) There is *NO* guarantee that you can safely dereference a misaligned
pointer.
2) There is *NO* guarantee that you are running on a little-endian
machine, so that an attempt to fetch a 32-bit integer through such a
pointer will fetch it in little-endian form.
Instead, fetch it using tvb_get_letohl(), which 1) doesn't care about
alignment and 2) always fetches in little-endian order.
Change-Id: I44721cbf3c4456797990cc741836c9dd8c6c3696
Reviewed-on: https://code.wireshark.org/review/8423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
http://www.bitterfilms.com/rejected.html
1) There is *NO* guarantee that you can safely dereference a misaligned
pointer.
2) There is *NO* guarantee that you are running on a little-endian
machine, so that an attempt to fetch a 32-bit integer through such a
pointer will fetch it in little-endian form.
Instead, fetch it using tvb_letohl(), which 1) doesn't care about
alignment and 2) always fetches in little-endian order.
Change-Id: I30ad6607b7c6d5047245bfcfdcbe757b02d02172
Reviewed-on: https://code.wireshark.org/review/8422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That field is just a void *, so there's no need to cast them, and at
least one of those casts generates alignment warnings with -Wcast-align.
Change-Id: I88e22a794a8c990b01e7ed8f45951a2665febbc1
Reviewed-on: https://code.wireshark.org/review/8421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There is *no* guarantee that it's aligned on a 4-byte boundary, and
there is *no* guarantee that you can safely dereference an unaligned
pointer. See bug 11172 for a crash on Solaris/SPARC caused by those
assumptions both being false.
Change-Id: I30d97aebd42283545f5b8f6d50fa09c5b476ec47
Reviewed-on: https://code.wireshark.org/review/8412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Hopefully, that'll convince Microsoft's static analyzer that nr will
always be >= 1, so you can safely subtract 1 from it and use it as an
array index.
Get rid of the vht_mimo_control_t structure in favor of a few variables
for the bitfields we actually use.
Make some tables static - no need to initialize them every time we enter
the routine.
Change-Id: Icde05a768ea1a9c897b69003afcab1dddeffaaf5
Reviewed-on: https://code.wireshark.org/review/8411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Part 1
Change-Id: Icbc73690370eba07e77b35d2815346f1d5a44347
Reviewed-on: https://code.wireshark.org/review/8386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
CDR strings appear to be both counted *and* NULL-terminated in many cases,
which is rather weird, so if we see a NULL-terminator, ignore it in the count;
otherwise we print a trailing '\000' on all the strings we put in the tree.
Bug: 11126
Change-Id: I45b6b414683a6f646d37c2e2001b7319d5c80be5
Reviewed-on: https://code.wireshark.org/review/8390
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modified CIP Motion parser to include newly-defined Axis Safety related
fields in the status data set section.
Change-Id: I70c6dd345ae9353b87e6f7c1300b60687f41a1f6
Reviewed-on: https://code.wireshark.org/review/8342
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, put back some debug logs that were removed in g1439eb6 (otherwise msgbuf is no more initialized)
Change-Id: Ie34c4f2e638bc3ee77a0565446de37a15385dc0d
Reviewed-on: https://code.wireshark.org/review/8389
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I2488a505e6634da5cbcaf2e86505414d34823b8e
Reviewed-on: https://code.wireshark.org/review/8381
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If2f5ee4629b48fe0ffbe76c49952de8fb14fb64e
Reviewed-on: https://code.wireshark.org/review/8380
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Add separate ett for all possible information elements.
It's better to expand only necessary subtree but not all
Change-Id: If84359e28547ce5dcf753dc1bee691ece7f29ace
Reviewed-on: https://code.wireshark.org/review/8054
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Hopefully that'll make it a little easier to make sure that we're not
overflowing arrays.
Change-Id: I770df045ef9a45fd486c1271ea424b3334bb39d2
Reviewed-on: https://code.wireshark.org/review/8370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Mistake when remove proto_tree_add_text calls
Change-Id: I820264b7a90a2563f846b6e6472416cd3e3278a4
Reviewed-on: https://code.wireshark.org/review/8368
Reviewed-by: Michael Mann <mmann78@netscape.net>
- fix PLSP-ID parsing, is a 20 bits field
- fix SID parsing, is in network order on the wire
- fix PATH-SETUP-TYPE and SR-PCE-CAPABILITY code points
Change-Id: If26035181462a9cad77a4a594aab3c007b4d00a2
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/8351
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>