MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fixed length decoding for OD, OL, UC, UR Fixed hf_dcm_assoc_item_type to be interpreted as 1 byte
Fixed pdu_type to be interpreted as 1 byte
Fixed decoding of AT type, where value length was wrongly reported in capture as 2 (instead of n*4)
Removed tailing white spaces
Please merge to 2.4 once ok.
Bug: 14415
Change-Id: I7857ef107e7e599c7dd9f8d069daa5b3bfb4122f
Reviewed-on: https://code.wireshark.org/review/26268
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Altough the dissection consumes 4 bytes each time it is called, it can
trigger a stack overflow for big packets. Let's limmit the number of
allowed VLAN tags for a given packet.
Bug: 14469
Change-Id: Ieb6834ab3350dc7e8c301e6479577855a253897e
Reviewed-on: https://code.wireshark.org/review/26270
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The following commands are added:
0x40 - Enhanced add scene
0x41 - Enhanced view scene
0x42 - Copy scene
Change-Id: If7f921f7ede7518ecbb88395d6200f600a47bd85
Reviewed-on: https://code.wireshark.org/review/26202
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
When using 2 passes, L2TP dissector can set a session info for previous
packets, breaking the assumption that IEEE 802.15.4 dissector will
always be called on first pass.
Let's always allocate the protocol data if missing, even if this is not
the first pass.
Bug: 14468
Change-Id: I4cb7ea2e54c1b763a48b99c0d64f542552789d18
Reviewed-on: https://code.wireshark.org/review/26260
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it can create an infinite loop, leading to a buffer overflow.
Also add explicit cheks on the buffer usage and set its maximum size to
128 instead of 32 per ASN.1 description.
Bug: 14471
Change-Id: I805f4ce09347bc35143b010b4a558a0d090c0159
Reviewed-on: https://code.wireshark.org/review/26259
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When there is multiple RTSP messages in one packet, info column shows its headers right next to each other. It is ugly:
Reply: RTSP/1.0 200 OKReply: RTSP/1.0 200 OK
Patch adds ', ' between messages:
Reply: RTSP/1.0 200 OK, Reply: RTSP/1.0 200 OK
Ping-Bug: 14450
Change-Id: I151dbc72b669002ed02d91af43d683c5fc4fe4ba
Reviewed-on: https://code.wireshark.org/review/26222
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The full EPON preamble is 55 55 D5 55, sometimes some bits are getting
lost so this dissector supports multiple parts of this preamble. Add
also the full preamble to detect also such packets correctly.
Change-Id: I6d74694601bf2a430e24f8c9c004f3558aa056c5
Reviewed-on: https://code.wireshark.org/review/26240
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When we copy an address from pinfo into connInfo->O2T.ipaddress, a
shallow copy is not sufficient. connInfo->O2T.ipaddress is kept across
packets whereas pinfo is valid only for the current packet.
Use wmem with file scope for the copied address. This fixes a
use-after-free error when we access the address in a subsequent packet.
Bug: 14470
Change-Id: I8b74037020189485485a506af6510cb45828e3c4
Reviewed-on: https://code.wireshark.org/review/26248
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Keep the "global" check where the entire processing was under if (tree).
Move this check in front of the while loop and exit if we have no tree.
Remove the subsequent (duplicate) checks for indivial
proto_tre_add_...() calls.
Change-Id: I6b978b438b9f1c84c8927ae4eb9c53a8eaadb4ef
Reviewed-on: https://code.wireshark.org/review/26246
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wrap long lines.
Use a do-while loop. We know up-front that we'll go into the loop at
least once. Remove the cont variable, use the exit condition directly.
Set *octetCount = 0 if we return 0 because of an error. In that case, we
did not process any bytes and should inform the caller about this.
Change-Id: I222270939e42e0096b6f5a25b197bd4bae12235e
Reviewed-on: https://code.wireshark.org/review/26245
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise, fprintf() is not defined and the debug prints don't work.
Change-Id: I9bc791dfc829cf9e7b1b6e61b0090d2fb94bebb2
Reviewed-on: https://code.wireshark.org/review/26244
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We always start with counter=0, guint *octetCount is used only as a
return value.
Change-Id: I3c080c59ef7620c5007f6dc3139a78a72cff2a21
Reviewed-on: https://code.wireshark.org/review/26243
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_get_guintvar() returns a guint. If we haven't seen the final byte
after sizeof(guint) bytes, something is wrong. Abort and return 0.
This is the minimum fix for
Bug: 14473
Change-Id: Ibe8a1239c1cbbeec0591c66710416bb56f9f60dc
Reviewed-on: https://code.wireshark.org/review/26242
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enhanced peekremote dissector to take into account the new extended
flags written by Cisco APs in sniffer mode after WLC version 8.5.
Support for 80mhz channel flag (bit 9), short preamble (bit 8), amount
of spatial streams (bit 14-16)
dot11_ht_vht_flags=0x00000551 <--short preamble encoded to 10th bit of
dot11_ht_vht_flags.
dot11_ht_vht_flags=0x00008bc8 <--80MHz info encoded to 9th bit of
dot11_ht_vht_flags.
The spatial streams information is already encoded to 16:15:14 bits of
dot11_ht_vht_flags. The following are the bit pattern representation,
000 - 1 spatial stream
001 - 2 spatial streams
010 - 3 spatial streams
Bug: 14452
Change-Id: If0539e356b32a791901d213a653f7a98521667ee
Reviewed-on: https://code.wireshark.org/review/26178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We might not yet have allocated the manually-resolved address lists;
only free the if we have.
Change-Id: Iff9864e397a04cdcb613268603c073ecd1fa77fb
Reviewed-on: https://code.wireshark.org/review/26236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we've found "interleaved=" in the buffer *and*, if so, know where
we've found it, we don't need to find it again; we can just use the
result of the first strstr() call.
That should also keep Visual Studio Code Analyzer from bogusly saying
"hey, we might not have found it, maybe we're handing a bad pointer to
sscanf()".
Change-Id: I9d8f5c0b38038a3f05b8e5343f965f1676105875
Reviewed-on: https://code.wireshark.org/review/26219
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds some _U_ to prevent build failures when the build platform
does not have certain libraries or more recent versions of those libraries.
Change-Id: I82a1c14dd250181af189bd8564afc47180385e60
Reviewed-on: https://code.wireshark.org/review/26211
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When rlc sequence number wrapped around, duplicate frames wouldn't be
marked because they were compared to the sqn from the first round.
Change-Id: Ia57aac9b86b4cc84dd8ec411fe0a94972acb9526
Reviewed-on: https://code.wireshark.org/review/26208
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The ett_btavrcp_features and ett_btavrcp_featuers_not_used fields were
not initialzed causing an abort when dissecting.
Change-Id: I3ee2f557ace1643dfba5a978add66c3c7ba7d895
Reviewed-on: https://code.wireshark.org/review/26217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
N.B. In normal traffic status PDUs do not appear very often, but if
the config of RLC/PDCP are wrong, every PDU can appear to be a status
PDU and it can take a long time to print out the list of missing
sequence numbers.
Change-Id: I9514b505639fa58d86bf5ebb3fb2bcf1f8e65aa8
Reviewed-on: https://code.wireshark.org/review/26197
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
George Baltatanu noticed some issues, including subtrees in the wrong
place, some spelling errors, bit display order, etc.
Change-Id: I7e30e0e27e302bdd2b870a2bb01e7926336b413e
Reviewed-on: https://code.wireshark.org/review/26188
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Test profile 2 buffer test request is trying to parse "octet sequence"
which is not part of the command frame for the buffer test request.
Change-Id: I9f35aacbb3c70b5daed07a0ea29b1bec1cf7741a
Reviewed-on: https://code.wireshark.org/review/26196
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
and UDP port 443 is not (yet) official port for QUIC...
Bug: 13881
Change-Id: I637241bd327adc6c5cccbcd68524d2ef3811e8e8
Reviewed-on: https://code.wireshark.org/review/26166
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The default case ignores the high-order bit, which is set in all the
values for "command to send", so they will never be matched. The values
moved out of the default case, if their upper bit is clear, either don't
correspond to any command in T.30 or correspond to an initial
identification command, which never has the upper bit set, so there's no
risk of misidentification by processing all of the "command to send"
values outside the default case.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
catching this one.
Change-Id: I6192b0c5a6dcfd31b9fd757be736a311a9d089e6
Reviewed-on: https://code.wireshark.org/review/26198
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Although the dissection of each box header consumes a couple of bytes,
it turned out that it's still possible to crash wireshark with a sample
file that contains a large number of nested boxes. The stack will fill
up before we reach the end of the data bytes.
Keep track of the recursion depth as we walk through the hierarchy of
boxes. Abort if we reach the (locally defined) upper limit.
Bug: 13777
Change-Id: I0f67245a5c74131f10d0f9d99b39ad31711b9775
Reviewed-on: https://code.wireshark.org/review/26167
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Presumably the intent is to check for unsigned integer and signed
integer types, not to check twice for unsigned integer types.
Thanks and a tip of the Hatlo hat to Visual Studio Code Analyzer for
finding this.
Change-Id: Ie8e4d231af929ee8e626c5c9258c3356d5209f4f
Reviewed-on: https://code.wireshark.org/review/26187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This should squelch a warning from Visual Studio Code Analyzer.
Change-Id: Ie66e45276458a6f880c9b020ff541b7d2a71433a
Reviewed-on: https://code.wireshark.org/review/26184
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gerald Combs