This includes request/response tracking
Change-Id: I12ac4c198929aa6a75f3f839f9ee52ebf00b8059
Reviewed-on: https://code.wireshark.org/review/13743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These objects are defined in Volume 8, but it doesn't make sense to create a new dissector file for them, so just distribute them where it makes the most sense in the existing CIP dissectors.
Also do some conversions to proto_tree_add_bitmask while in the neighborhood.
Add support for EtherNet/IP over DTLS/TLS.
Change-Id: I4e658e8871eebb222816229de7594ff766264308
Reviewed-on: https://code.wireshark.org/review/13710
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I767a334c82c27b06be7e72461b7f3e3d961784b4
Reviewed-on: https://code.wireshark.org/review/13725
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
it will be also make happy OS X x64 buildbot
Change-Id: Ib718d717719739314170632f04b3ec68c2917ed6
Reviewed-on: https://code.wireshark.org/review/13730
Reviewed-by: Anders Broman <a.broman58@gmail.com>
the messages contain "length codes" instead of the actual lengths
use a simple conversion table to covert length codes into lengths
add generated items for the actual lengths
Change-Id: Ic10aed0d20cfca30524cf767798df4eec2330592
Reviewed-on: https://code.wireshark.org/review/13734
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
it's used by two messages, the relative position
inside the current byte is different
don't use a static bitmask for the hf
Change-Id: I6a145cad46bab1afd22f66f144e7e4e9909f0b15
Reviewed-on: https://code.wireshark.org/review/13732
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The time column widths should not be adjusted in cf_open() because
we don’t have any packets yet and Qt resizeColumnToContents() will
not adjust any widths but emits a sectionResized() with invalid or
default values (new_width seems to always be 32). This will in some
cases (when start capturing packets) give wrong width values which
is later stored in the recent file, and the time columns may end up
narrow the next time the recent file is read.
This fix is related to the column with issues previously compensated
for in PacketList::sectionResized() (g4980d505).
Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
Reviewed-on: https://code.wireshark.org/review/13712
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When changing timestamp format, timestamp precision and display seconds
with hours and minutes we must reset columns before auto resizing the
time columns to get the size of the new column values.
Without this we will resize to the length of the preference we are
changing from, which is not what we want.
Change-Id: If7081bf0b9b6f6974232cea0b3fe0186c904f2a2
Reviewed-on: https://code.wireshark.org/review/13711
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id8156680d67d65d87c156df05e8a66e2531728d2
Reviewed-on: https://code.wireshark.org/review/13709
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In RTPS, regular samples are serialized with the format
<encapsulation, serialized data> and thus, the dissection of the
encapsulation was suggested to be done in the custom dissector.
However, batches are serializing the encapsulation only once as
<encapsulation, sample 1, sample 2>. This makes us need to dissect
the encapsulation in the RTPS dissector and providing as (void*) data
to the custom dissector. This way we support the regular samples
dissection as well as the batches dissection.
I have defined rtps_dissector_data in packet-rtps.h and I suggest
we include that header file when we want to write a custom dissector.
Bug: 12029
Change-Id: I74ed4c31484f9a99ad6c44c6c34cc52be2adb7c8
Reviewed-on: https://code.wireshark.org/review/13413
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-path mutation responses can have a variable number of values
encoded in them:
- Successful requests have 0..N values, one for each mutation which
wishes to return a value (e.g. SUBDOC_COUNTER)
- Unsuccessful requests have 1 value, specifying the index and status
of the first failing mutation
Add support for decoding a variable number of response values.
Change-Id: Ia1f682f7f701829bd808a44ee142ffe912095e15
Reviewed-on: https://code.wireshark.org/review/13688
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
get_dirname may return NULL instead of the original string, so avoid
patterns like get_dirname(strdup(x)). Writing to
cf_path.toUtf8().data() is fine btw, toUtf8() returns new memory.
This fixes two memleak reported by LeakSanitizer via fileset_add_dir and
MainWindow::captureFileReadFinished (both via cf_callback_invoke).
Change-Id: I0f1528763e77e1f55b54b6674c890a9d02302ee8
Reviewed-on: https://code.wireshark.org/review/13691
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by LeakSanitizer:
Direct leak of 18 byte(s) in 3 object(s) allocated from:
#0 0x55ec8c5ffec8 in __interceptor_malloc (run/wireshark+0x145dec8)
#1 0x7f4d021e4328 in g_malloc /build/src/glib-2.46.2/glib/gmem.c:94
#2 0x7f4d021fd0de in g_strdup /build/src/glib-2.46.2/glib/gstrfuncs.c:363
#3 0x55ec8c6ce514 in extcap_parse_interface_sentence extcap_parser.c:670:26
#4 0x55ec8c6ce7ad in extcap_parse_interfaces extcap_parser.c:683:13
#5 0x55ec8c6b6781 in interfaces_cb extcap.c:313:5
#6 0x55ec8c6b4ce6 in extcap_foreach extcap.c:206:26
#7 0x55ec8c6b62a6 in extcap_interface_list extcap.c:415:5
#8 0x55ec8c6b7fab in extcap_register_preferences extcap.c:437:9
#9 0x55ec8c63104a in main wireshark-qt.cpp:847:5
#10 0x7f4ce8f4460f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
#11 0x55ec8c569ed8 in _start (run/wireshark+0x13c7ed8)
Change-Id: I0ef89e647b2cc9aab495a80f6c638e9b67cf3ad1
Reviewed-on: https://code.wireshark.org/review/13692
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Userlog is user flow logs of H3C device.
Flow logging records users' access to the extranet. The device classifies and
calculates flows through the 5-tuple information, which includes source IP address,
destination IP address, source port, destination port, and protocol number,
and generates user flow logs. Flow logging records the 5-tuple information of
the packets and number of the bytes received and sent. With flow logs, administrators
can track and record accesses to the network, facilitating the availability and
security of the network.
examplecapture: https://wiki.wireshark.org/SampleCaptures#UserLog
Bug: 11878
Change-Id: If3b5ca75bdd6cd8dc12af4a35401c5a6aa193a73
Reviewed-on: https://code.wireshark.org/review/8148
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-Add AES-CMAC encryption need to check MIC when deriving TDLS keys (802.11)
-Tested against NIST test vector for AES128-CMAC
Bug: 11312
Change-Id: Id4fd839bdedd3aa135823334e59d98271aea7c2b
Reviewed-on: https://code.wireshark.org/review/13663
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Use same API as SHA-1
- Tested against NIST's test vectors (byte oriented implementation)
Bug: 11312
Change-Id: I7fea7d13c43da059138153b17de7084ef9d81ac5
Reviewed-on: https://code.wireshark.org/review/13662
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
specified in the EtherCAT mailbox header.
Change-Id: I661c62af915b9455da1df49f5746953d41dc527a
Reviewed-on: https://code.wireshark.org/review/13595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'openflow.ofp_match.pad' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
Change-Id: I514bdf6a77ddbf9f8d7e614ea6f4ecf04a664453
Reviewed-on: https://code.wireshark.org/review/13677
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'ospf.mpls.bc' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT8
'ospf.v3.lsa.link_local_interface_address.ipv6' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
Change-Id: I6a014c072c05bdb30ae30d56a6718062fccc75c7
Reviewed-on: https://code.wireshark.org/review/13681
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann