This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
If vendor dissector does not decode all bytes - it seems to be
unexpected parameter.
Also move vendor dissection tree under root as it is done for HCI CMD.
>>> CID 1247678: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "dissector_try_uint_new(hci_vendor_table, hci_vendor_data->manufacturer, tvb, pinfo, tree, 1, bluetooth_data)".
>>> CID 1247679: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "dissector_try_uint_new(hci_vendor_table, hci_vendor_data->manufacturer, tvb, pinfo, main_tree, 1, bluetooth_data)".
Change-Id: Icdb8c1f166d5bc33cfc79c62d384ae416dfbf0cf
Reviewed-on: https://code.wireshark.org/review/13737
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TDS is one of the newest profiles announced by Bluetooth SIG last time.
Also start adding expert info about usage of characteristic.
In this case mandatory properties are Write or Indicate,
so warn in other cases.
Change-Id: I0474c1986ddb16c4bcd03aa9160a07b0cacc76c6
Reviewed-on: https://code.wireshark.org/review/13391
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also add possibility to use TDS Organization ID dissector table
to write custom plugin to dissect TDS data.
New dissector table: btcommon.eir_ad.tds_organization_id
Change-Id: Idcb5702b6393aeedf1f36bd43b566a5b425ea4eb
Reviewed-on: https://code.wireshark.org/review/13388
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Now it is possible to DecodeAs manufacturer specific content of
EIR or AD, so you are able to write custom plugin to dissect it.
New dissector table: btcommon.eir_ad.manufacturer_company_id
Change-Id: Iac458cd51f7b9bab51ccf7a4411984fb269a86ef
Reviewed-on: https://code.wireshark.org/review/13389
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: I8cfb0b375d4585bbeb890e79c1a41303e0277065
Reviewed-on: https://code.wireshark.org/review/13387
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Add TDS and OTS/OTP UUID, OTS PSM (I cannot find it, but
it seems to be linear), update CompanyIds and add three
EIR/AD codes: URI, Indoor Positioning and Transport Discovery Data.
Implementation of new "numbers" will be done later.
Change-Id: I8ad4d9c1d55c1824d87e88303c28e67dd445ec98
Reviewed-on: https://code.wireshark.org/review/13386
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In CSSv6 there is one new item: URI (UTF-8)
Change-Id: Iafa7b563aa96a016c7178eceef28edd3a1df5dc4
Reviewed-on: https://code.wireshark.org/review/11980
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Some vendors use UUID128 as own services/attributes.
Sometimes they use UUID16 for it too. Support both cases.
Change-Id: I001692b94fcc2f86eafa81012790e9134b0f2a36
Reviewed-on: https://code.wireshark.org/review/11976
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace CMP_ADDRESS, COPY_ADDRESS, et al with their lower-case
equivalents in the asn1 and epan directories.
Change-Id: I4043b0931d4353d60cffbd829e30269eb8d08cf4
Reviewed-on: https://code.wireshark.org/review/11200
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6298b3de5f0a1cb988014ff16082eaf8c2a3c3c0
Reviewed-on: https://code.wireshark.org/review/10786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HCI Summary dialogue collect HCI Opcodes, HCI Events, Hardware Errors,
Statuses and Reasons. Also show occurrence of them. The top level item
is group of items (by OGF or types), the second level item is in real
command, event, hardware error, status or reason. The third level items
are direct link to packet that contains second level item type.
Change-Id: I6b6bd02533c4605a2dd2c1f5dfee46f72a0f3fdc
Reviewed-on: https://code.wireshark.org/review/9676
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Try to fix Coverity issues in Bluetooth HCI and androiddump.
Change-Id: Id2ed35130eb4dbb0698b7a54afccdba56af62bfd
Reviewed-on: https://code.wireshark.org/review/8983
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Please found it under Bluetooth menu. It shows all devices found
in logs, not only connected, all that its address can be found in
logs. Show if device is local (in most cases: capturing on it side)
and manufacturer and LMP version what should answer the question what
version of Bluetooth is used by Bluetooth device chip.
Also firmware version.
Change-Id: I32e3b7100cdebcaa850b6541de0ab89dff41c0e1
Reviewed-on: https://code.wireshark.org/review/8901
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
HCI Commands in most cases generate response in Event queue, so try
to map event to command and give user response time information.
Change-Id: Ib4956829b7d0064ab528aa3202f8f959d8d371b7
Reviewed-on: https://code.wireshark.org/review/8514
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
New event will be added later, for now all number are useful.
Change-Id: I83b77627dfb0c511710c3080aaac0f6857f76137
Reviewed-on: https://code.wireshark.org/review/8513
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It is a GUI+QT feature that introduce Bluetooth menu and
"ATT Server Attributes" that present all handle+UUID pairs
as table. User may copy cell value, row, selected rows or whole
table within header. On activate user will go to packet that
introduce UUID for specified handle.
Change-Id: If17e53aff5feb89ededc740a595ba5882b90be5e
Reviewed-on: https://code.wireshark.org/review/6911
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Service Data entry is defined as UUID (16, 32 or 128) and
rest of payload is specific service data.
Bug: 10859
Change-Id: Ibaee075a66a144dfc52ed70614677c73a88d6a2c
Reviewed-on: https://code.wireshark.org/review/6902
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Undecoded command - command does exist in specification,
but not fully implemented in Wireshark yet
Unknown command - command does not exist in specification or
it is quite new and opcode number is not added yet
Unexpected parameter - is now working correctly that means if
there is known command but too many parameters
so user should know about this issue
Change-Id: If3ee24f617f7e6683049558f7a6d68e346e7c92f
Reviewed-on: https://code.wireshark.org/review/6898
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
The clang I'm using warns about a non-constant format string in
val_to_str_ext() calls; get rid of the unknown_format variable and,
instead, make two different proto_item_append_text() calls with
different format arguments in the val_to_str_ext()-call arguments.
Change-Id: Id668efe666634798c278958bd7e6d790ec476539
Reviewed-on: https://code.wireshark.org/review/6479
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There is information about manufacturer of Bluetooth chip.
Also try to detect if that "permament" info is not changed,
if so informs user about this rare event (probably there is an issue)
Change-Id: I1fa748a67ad7943e61d4445d240f0578b94560fc
Reviewed-on: https://code.wireshark.org/review/6408
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Since those command/events are vendor specific and proprietary
not all commands/events are implemented. All implemented commands can be
found in Open Source implementations for Broadcom chip. If you found more,
please let me know.
Change-Id: Ie68d3737c88a8cef39260a9d93192cfc81871d6c
Reviewed-on: https://code.wireshark.org/review/6406
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Also start decoding next two profile attribute groups in SDP
(MPS and CTN) and add new two fields in EIR/AD.
Change-Id: I4dc13df2b3b13e8c2a2a5c4af2cabae9ee83d539
Reviewed-on: https://code.wireshark.org/review/6409
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Feed the output of `tshark -G <glossary>` to `iconv -f UTF-8`. Adjust a
couple of the Bluetooth dissectors and X11 keysyms accordingly.
Change-Id: I5b04dc3fa4734c8f0a795daf44bd398fe5ebc1bd
Reviewed-on: https://code.wireshark.org/review/6146
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bluetooth dissector is used to add ability to filter all bluetooth
payload from capture files (there are many transport like:
hci_h4, hci_h1, hci_usb, hci_mon, btle). Also it is used to placeholder for
all data tree used to store additional informations like bd_addrs, names, etc.
Finally it is used to be one point for Bluetooth
Endpoints/Conversation filtering what is enabled now.
Also add Master/Slave Role and Connection Mode tracking.
Change-Id: I67048080fb8ee16fa0f4ec429c1257de81ddd737
Reviewed-on: https://code.wireshark.org/review/5771
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: Id67703edc08df73d4c7a2f66ee8f4d6810a867c9
Reviewed-on: https://code.wireshark.org/review/5776
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Generally where it is not connection then on LinkLayer protocol level
addresses for Source and Destination device are known.
Change-Id: I28da88381a26826ad4897b56da993909130683d3
Reviewed-on: https://code.wireshark.org/review/5768
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Most interesting are:
warning: cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
warning: ISO C forbids zero-size array [-Wpedantic]
warning: ISO C90 doesn't support unnamed structs/unions [-Wpedantic]
warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual
warning: initializer element is not computable at load time [enabled by default]
Change-Id: I5573c6bdca856a304877d9bef643f8c0fa93cdaf
Reviewed-on: https://code.wireshark.org/review/3174
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Some Vendors can provide own subset of HCI commands/events, so provide them
possibility to write own dissectors and use them by "Decode As".
Change-Id: I87ff60ae12ac63ddd4b12b26951aa9f5143eabc6
Reviewed-on: https://code.wireshark.org/review/4166
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Also:
- FT_UINT... --> FT_UINT8 in a few cases (to match proto_tree_add_item...)
- Change one case of incorrect '||' to '|'
Change-Id: I427e0e61618ff8faf55691c8a695930f67d455b0
Reviewed-on: https://code.wireshark.org/review/4184
Reviewed-by: Bill Meier <wmeier@newsguy.com>
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From Michal Labedzki
1. Bluetooth: Implement the rest of fields in Low Energy Link Layer dissector
2. Bluetooth: Merge all UUIDs together
3. Bluetooth: Extract LE Channel MAP to separate dissector
4. Ubertooth: Dissect CC2400 registers
svn path=/trunk/; revision=54700
From Michal Labedski
1. add support for new btsnoop "format" introduced by BlueZ team in "btmon" tool
2. Bluetooth: Make EIR, AD and COD more generic
3. Bluetooth: HCI/LL: Update Error Codes to Core 4.1 Specification
4. Ubertooth: Fix response command handling
5. Ubertooth: Update to support firmware version
6. Ubertooth: Dissect by Vendor Id/Product Id
svn path=/trunk/; revision=54699
USB: Add support for Bluetooth Ubertooth with initial version of Low Energy Link Layer protocol and NFC ACR122
Bluetooth: HCI: Clarify roles for Switch Role command
Descriptions now based on Core 4.1 specification.
svn path=/trunk/; revision=54403
From Michal Labedzki.
1. Bluetooth: HFP: Fix recognizing roles. There is need to check which side SDP record is, then it is possible to recognize roles.
2. Bluetooth: RFCOMM/HFP: Fix recognizing services and roles. Direction bit means only that device is initiator of connection or not. But need information who is owner of connection (remote device or localhost), so use this information from L2CAP.
3. Bluetooth: HFP: Fix unexpected expert info
4. Bluetooth: HCI: Set addresses to host/controller. Also optimize a little handing of dissectors handles.
svn path=/trunk/; revision=53628
- when the text parameter is constant col_add_str() and col_set_str() are equivalent but col_set_str() is faster.
- same for replace col_append_fstr and col_append_str
- remove col_clear() when it's redundant:
+ before a col_set/col_add if the dissector can't throw an exception.
- replace col_append() after a col_clear() with faster col_add... or col_set
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9344
svn path=/trunk/; revision=52948
Bluetooth protocols use items, so dissect it to improve filtering and better user experience - text object cannot be filterable or comparable.
From Michal Labedzki
svn path=/trunk/; revision=52863
From Michal Labedzki.
From me:
1. Have boolean filters use tfs_true_false instead of NULL (because it appears previous functionality had "TRUE" and "FALSE"). Perhaps other tfs_ values could be used, but tfs_true_false makes a good placeholder.
2. Add FT_ETHER field as a proto_tree_add_item.
svn path=/trunk/; revision=51410
1. Allow to DecodeBy payload over AVCTP
2. Fix L2CAP CID payload recognize after disc
3. Removed unneeded _U_
4. Fall back to control channel in AVRCP
5. Fix time-tracking for passthrough and capability AVRCP commands
From Michal Labedzki, bug 8367 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8367)
svn path=/trunk/; revision=47810
Bluetooth: Add support for source/destination addresses
Within resolving devices names. Also make header file more generic,
packet-hci_h4.h renamed to packet-bluetooth-hci.h.
Part of:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5032
svn path=/trunk/; revision=46278
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2611:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
wireshark/svn/trunk/epan/dissectors/packet-bthci_cmd.c:2617:13: error: format ‘%g’ expects argument of type ‘double’, but argument 3 has type ‘int’ [-Werror=format]
svn path=/trunk/; revision=45711
Add support for HCI 3.0+HS and v4.0, Bluetooth Low Energy. This includes
dissection of additional HCI commands and events, Attribute Protocol and
Security Manager Protocol.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7872
svn path=/trunk/; revision=45709
The attached (trivial) patch adds some missing breaks in switch-case blocks.
This fixes coverity defects #445, #446, #1316 and #1380.
svn path=/trunk/; revision=41727
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
keys to have _uint in their names, to match the routines that handle
dissector tables with string keys. (Using _port can confuse people into
thinking they're intended solely for use with TCP/UDP/etc. ports when,
in fact, they work better for things such as Ethernet types, where the
binding of particular values to particular protocols are a lot
stronger.)
svn path=/trunk/; revision=35224
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770