Commit Graph

45466 Commits

Author SHA1 Message Date
Pascal Quantin 567b759ae2 E1AP: upgrade dissector to v17.2.0 2022-09-26 15:33:55 +02:00
Pascal Quantin 71e11142d1 XnAP: upgrade dissector to v17.2.0 2022-09-26 15:12:37 +02:00
Pascal Quantin 4b095e3f9b X2AP: upgrade dissector to v17.2.0 2022-09-26 12:54:05 +00:00
Pascal Quantin 61fcfc0b0b NGAP: upgrade dissector to v17.2.0 2022-09-26 14:16:27 +02:00
Dr. Lars Völker 4d239d5ff6 TECMP: Only NULL-Frame payload was shown (BUGFIX) 2022-09-26 11:15:26 +00:00
Martin Mathieson 92af8b2f51 ROHC: self-describing length - 4 bytes indicated in 3 bits 2022-09-26 10:57:38 +01:00
Pascal Quantin bac5bc8daf 3GPP NAS: update comments after Extended DRX parameters IE change 2022-09-26 09:37:53 +02:00
Pascal Quantin e9318bdee3 S1AP: upgrade dissector to v17.2.0 2022-09-25 19:41:41 +02:00
Gerald Combs 5d4e102b4c [Automatic update for 2022-09-25]
Update manuf, services enterprise numbers, translations, and other items.
2022-09-25 16:43:29 +00:00
John Thacker fd59445e8a smb: Fix dead code due to typo 2022-09-25 15:31:21 +00:00
Pascal Quantin 67814a4f63 NAS EPS: upgrade dissector to v17.8.0 2022-09-25 17:10:36 +02:00
Pascal Quantin 26e5fb43dd GSM A GM: upgrade dissector to v17.8.0 2022-09-25 16:39:33 +02:00
Pau Espin 8009076204 packet-rsl: Support osmocom extension IE Osmux CID
Osmux protocol [1] has historically been used as a replacement of RTP in
the SCCPLite or AoIP interfaces over satellite links, since usually the
satellite link is placed between the BSS (BSC) and the CN (MSC.

However, some network operators found need for Osmux in the Abis
interface, that is, between BTS and BSC. Hence, an Osmocom extension IE
"Osmux CID" was added to the IPAC CRCX/MDCX ip.access Abis
implementation, which is understood by osmo-bts and osmo-bsc. This new
extension IE is similar to the already existing extension IE in the
BSSMAP protocol spoken in AoIP (see BE_OSMOCOM_OSMUX_CID in wireshark
code).
More information on how this IE is used can be found in OsmoBTs and
OsmoBSC user manuals [2][3] (search for "Osmux" keyword).

This patch adds the new IE to the RSL dissector and avoids informing the
RTP subsystem to follow this conversation if the IE is found, since
marking it as an RTP conversation overrides the default or user
configured osmux dissector (UDO port 1984).

[1] https://ftp.osmocom.org/docs/latest/osmux-reference.pdf
[2] https://ftp.osmocom.org/docs/latest/osmobts-usermanual.pdf
[3] https://ftp.osmocom.org/docs/latest/osmobsc-usermanual.pdf
2022-09-25 11:50:11 +00:00
John Thacker eab41f440a http: Fix location_target length regression
The strndup expression accidentally got changed as part of
commit 71e6b0498a to use the
offset instead of the length value.
2022-09-25 07:14:05 -04:00
John Thacker 43073bff09 http: Use the header value length after sanitization
UTF-8 sanitization can change a string's byte length, so
use the correct length now that we're sanitizing it.

Fix #18372. Fix #18373.
2022-09-25 07:03:00 -04:00
John Thacker da68e54efe SMB: Use the string API and produce UTF-8 strings
SMB can have two types of string encodings: Little Endian UTF-16, and
Extended ASCII OEM code page (DOS code pages, like CP 437, 850, 866, etc.)
The strings can either have an exact length, or be null terminated
inside a larger buffer that may contain other fields.

Currently the dissector returns strings in the original encoding for
the Extended ASCII strings, and returns ISO-8859-1 strings, not UTF-8,
for Unicode strings. Neither are correctly handled internally when non
ASCII values are used.

We should always produce UTF-8 strings for internal use.

For the OEM strings, we can't tell what code page it is, so use ENC_ASCII
to be safe. (A preference could be added here and in packet-smb-browser.c for
the default code page.)

For the UTF-16 strings, also produce UTF-8. Continue to handle an odd
case where some Windows 2000 servers terminated UTF-16 strings with only
a single NUL and then provided an odd byte count of the string length
plus the one NUL byte.

Fix #18369
2022-09-25 00:48:49 +00:00
Martin Mathieson ca2e561a5b ROHC: More fixes for UDP profile (2) 2022-09-24 21:02:59 +01:00
John Thacker 899db5d3c0 smb: Certain deprecated commands never use Unicode
MS-CIFS indicates that the deprecated commands SMB_COM_SEARCH (0x81),
SMB_COM_FIND (0x82), and SMB_COM_FIND_UNIQUE (0x83) never use
Unicode, and "names are returned in the extended ASCII (OEM)
character set only." That makes sense, as the size in the return
is listed as a fixed 13 bytes. Honor that.
2022-09-24 10:53:54 -04:00
John Thacker 44f733dfee http: Handle field value encoding
RFCs 9110 5.5 is explicit about allowed characters in field values:
"Specification for newly defined fields SHOULD limit their values
to visible US-ASCII octets (VCHAR), SP, and HTAB. A recipient SHOULD
treat other allowed octets in field content (i.e., obs-text [%x80-FF])
as opaque data...  Field values containing CR, LF, or NUL characters
are invalid and dangerous."

Up to RFC 7230, an obsolete "line-folding" mechanism that included
CRLF was allowed.

So NUL is not allowed, and all the known fields we support only allow
ASCII, so for display purposes it is permissible to retrieve the
value as ASCII. tvb_get_string_enc with ENC_ASCII does actually
retrieve a buffer of the full length with internal NULs if they
are in the buffer, but other functions end up truncating the value
at the first null if it exists. We should eventually have expert infos
that flag internal NULs or other invalid values with varying degrees of
severity, and display unknown header types with invalid values as
something like FT_BYTES with BASE_SHOW_ASCII_PRINTABLE.

Continue, for now, to pass along the raw value in the header_value_map
in case some dissector was using that value.

Fix #18368.
2022-09-24 01:38:05 +00:00
Martin Mathieson c1c297868b ROHC: formatting 2022-09-23 22:26:01 +01:00
Alexis La Goutte 2b255903ce GENEVE: Display also VNI to decimal format
some solution (VMware NSX) display GENEVE VNI to decimal

Fix #18349
2022-09-23 18:55:11 +00:00
Pascal Quantin fa58d578f7 NAS EPS: upgrade dissector to v17.7.0 2022-09-23 19:41:07 +02:00
Pascal Quantin 0b80cc4fdc GSM A GM: upgrade dissector to v17.7.0 2022-09-23 16:19:15 +02:00
Martin Mathieson 3851779a44 ROHC: Create subtree for extensions 2022-09-23 12:45:48 +00:00
John Thacker cc61fe9d40 epan: Prevent crash when asserting on unvalidated UTF-8 strings
If UTF-8 validation fails, set the fvalue to a sanitized value so that calls
later to retrieve it don't null deference and crash. We could,
especially for a release, disable the assertion and just sanitize
bad strings.

Related to #18363
2022-09-23 07:34:36 -04:00
John Thacker d18ad230d3 pfcp: Use ENC_APN_STR
Use ENC_APN_STR for APN and FQDN. This avoids possibly producing
invalid UTF-8 by overwriting one byte with . with the implementation
that was done in the dissector.

Fix #18364.
2022-09-23 04:44:27 +00:00
John Thacker d0f7af3850 HTTP: sanitize encoding header field strings
Sanitize HTTP header values before adding them to the tree.
We treat them as always US-ASCII. (Note, however, that RFC
7230 discusses that while "Newly defined header fields SHOULD
limit their field values to US-ASCII octets. A recipient SHOULD
treat other octets in field content as opaque data.")

Fix #18362. Fix #18363.
2022-09-23 00:12:37 -04:00
Martin Mathieson a9092f256e Trivial: fix a couple of copy/paste consecutive filters 2022-09-22 15:30:22 +01:00
John Thacker 002863c388 USB: Make setup and data flags FT_CHAR
The setup and data flags are single characters, displayed as
ASCII if printable ASCII or otherwise escaped, with a special
value when 0. FT_CHAR is the appropriate type for that. Use
range strings to handle the special case formatting. This
allowing using proto_tree_add_item.

Fix #18359. Fix #18360. Fix #18361.
2022-09-22 12:42:24 +00:00
John Thacker 73d8bb1bc3 XML: Do escape ASCII control characters
XML 1.0 allows valid UTF-8 characters, except for the ASCII control
characters other than tab, carriage return, and line feed.
(It does not allow form feed and vertical tab, so the allowed group is
not the same as the standard ctype.h isspace category. It also
allows but discourages DEL (\x7F).)

The characters cannot be included as character references of the
form &#xx; either; there is technically no way to include them.
Escape them as done prior to 89e96c1e77
but continue to leave bytes with the high bit set alone so that
UTF-8 printable characters are not escaped.

Fix #10445
2022-09-21 23:46:35 +00:00
John Thacker 30b309d24c proto: Validate add_string values as UTF-8
When a dissector directly adds a string value through
proto_tree_add_string[_format_value], validate that it is
UTF-8 so that only valid UTF-8 strings are used internally,
and written to output (whether text, JSON, or XML.)
(We were treating it as a UTF-8 string anyway, but not
validating it.)

If the string passed in is not UTF-8, that's a dissector bug
Dissectors that use API functions like tvb_get_string_enc
will always produce valid UTF-8, but some do their own
processing.

Fix #18317
2022-09-21 07:53:01 -04:00
ismaelrti 72cf5754e2 RTPS: Added dissection of Compression Id in Data Representation
New field added to PID_DATA_REPRESENTATION
2022-09-21 11:35:43 +00:00
John Thacker b46a3fbf23 GTP: Fix NSAPI shift in Radio Priority
The NSAPI value was not being shifted correctly before being
added to the tree description.
2022-09-21 00:06:28 +00:00
ismaelrti 82dcb50bbc RTPS: Wrong deserialization of optional members.
Optional user data members are not correctly dissected if
the parameter header is placed after padding.
2022-09-20 10:14:05 +00:00
ismaelrti e7a7b630a4 RTPS: PluginParticipantSecurityAttributesMask value is incorrectly displayed
Offset not incremented before parsing PluginParticipantSecurityAttributesMask field.
2022-09-20 09:00:32 +00:00
Alexis La Goutte 2d22f72d4d ciscodump(extcap): Fix DeadStore 2022-09-20 06:27:46 +00:00
Alexis La Goutte 4ad78f8f12 bgp: fix deadcode found by Clang Analyzer
packet-bgp.c:6886:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6903:13: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6907:13: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6917:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6925:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
2022-09-20 06:27:46 +00:00
Alexis La Goutte 7e45b72c39 pfcp: Fix deadcode found by Clang Analyzer
packet-pfcp.c:8650:9: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
2022-09-20 06:27:46 +00:00
Alexis La Goutte 9503dd4576 oran: Fix deadcode found by Clang Analyzer
packet-oran.c:517:5: warning: Value stored to 'bit_offset' is never read [deadcode.DeadStores]
2022-09-20 06:27:46 +00:00
Alexis La Goutte 4bcc8d86f8 mbim: Fix deadcode found by Clang Analyzer
packet-mbim.c:5651:5: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-mbim.c:5703:5: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
2022-09-20 06:27:46 +00:00
Alexis La Goutte 7b2f022240 diameter: Fix Clang Warning
line 2198 Although the value stored to 'vnd' is used in the enclosing expression, the value is never actually read from 'vnd'
2022-09-20 06:27:46 +00:00
John Thacker 0a0ff53f5c GTP: Have all the matched message types appear in SRT
Dynamically create the indices for the SRT table so that
all the message types sent from the tap get put in the SRT
table, instead of hardcoding in a list of four that is a
smaller subset of what is matched in gtp_match_response.
2022-09-19 07:44:46 -04:00
Martin Mathieson fafc3ca6f1 Fix some spelling errors 2022-09-18 22:16:26 +00:00
Gerald Combs b92b66c0f4 [Automatic update for 2022-09-18]
Update manuf, services enterprise numbers, translations, and other items.
2022-09-18 16:45:13 +00:00
John Thacker 223748d23c tplink-smarthome: Reject packets that don't match
If this dissector is going to be registered to a port that isn't
IANA assigned to it, it should at least reject packets that don't
look like the protocol. If it's going to handle TCP desegmentation,
it also should deal with not necessarily starting at the beginning
of a stream too.
2022-09-18 09:04:20 -04:00
John Thacker 1ccf4f3c73 GTP: Use a map for mapping from <teid,address> to frame
For GTP session tracking (off by default), there's a mapping
from <TEID, ADDRESS> to frame numbers. The current implementation
is a tree (converting the address to a string for keys) of linked
lists of the TEIDs. That gets very slow when there's a large number
of TEIDs. Convert it to a map that uses the teid and address,
with the TEID used for the hash.

There's still a reverse lookup (foreach_remove) when TEIDs are reused
or sessions fail, but this still yields over a 10x speedup on a
few moderate sized test files (~50000 GTP-C packets).
2022-09-17 07:39:05 -04:00
John Thacker 8129b9dee8 GTP: Use direct hashing in the session table
The session table maps frames (which are 32 bit uints that
start at 1) to sessions (which are also 32 bit uints that
start at 1), so use GUINT_TO_POINTER and the direct hash
functions instead of creating extra file scope pointers.
2022-09-17 00:49:57 +00:00
Joakim Karlsson d58897c5d6 NAS-5GS: correction of IE Extended rejected NSSAI 2022-09-17 00:21:34 +00:00
Martin Mathieson 248e19574c ROHC: more comments relating dissector to spec 2022-09-16 17:25:51 +01:00
Martin Mathieson c949c99ad1 ROHC: more fixes 2022-09-16 08:20:50 +00:00