Also ensure that USB COM dissection is done with the parent tree and not setup one
Change-Id: Iae9f933ff29b3854879375df320a23e623ea785f
Reviewed-on: https://code.wireshark.org/review/7051
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
In theory this this should reduce compilation times. On my particular
system it makes no difference but hopefully it will elsewhere.
Change-Id: I570177d3ca4eec691c82d46b4dbbce74092aac1d
Reviewed-on: https://code.wireshark.org/review/7060
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
if captured length < reported length, this will trigger an infinite loop
Change-Id: I6557b455e7bbff12658a934e5bb13a42c023e133
Reviewed-on: https://code.wireshark.org/review/7053
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This function can only search in captured length buffer
This fixes an ASAN failure reported by Alexis
Change-Id: Ib936f918e057423d63ff34a5fc79fed602e56dfc
Reviewed-on: https://code.wireshark.org/review/7052
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The Service Response Time (SRT) window currently provides the
columns: Index, Procedure, Calls, Min SRT, Max SRT, and Avg SRT.
A Sum column has been found useful in some customer situations
to understand the total time spent doing a set of procedures.
For example, in one case we were trying to isolate whether most
time was being spent on a client thread or in the act of making
outbound calls. We knew the start and end time of the client call,
so with the "Sum" of time spent in that period, we could isolate
a particular set of procedures driving the slow down.
Additional changes made in this patch:
* Add " (s)" to Min, Max, Avg, and Sum columns to make it clear
that times are in seconds.
* Refactor out width and height constants used in calls to
gtk_window_set_default_size in most of the SRT users into
#define SRT_PREFERRED_WIDTH and SRT_PREFERRED_HEIGHT. Also
increase the common width of 550 to 650 to account for the
additional column.
Change-Id: I20f152eecbcd0bbf69f71c6c6b9f9463e8867e23
Reviewed-on: https://code.wireshark.org/review/7047
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove extra trailing blank from output while we're at it.
Change-Id: Ie415afa76a3eaba630ee3d59b177b44de75413a4
Reviewed-on: https://code.wireshark.org/review/7046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by MSVC2013 Code Analysis
Change-Id: I58063946dd558e98308c87b36eeac0ddbe1a6e79
Reviewed-on: https://code.wireshark.org/review/7045
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I09b2cc3739628b5de706659731e37fa345804254
Reviewed-on: https://code.wireshark.org/review/7043
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
RFC 2830 describes the Start TLS operation as follows:
1. ExtendedRequest is sent by client with the requestName OID set to
"1.3.6.1.4.1.1466.20037".
2. Server responds with an ExtendedResponse having a resultCode and
optionally a responseName (OID).
The text mentions that the field *must* be set but the definition allows
it to be optional. The previous code then made assumption that once (1)
was seen, then any ExtendedResponse signals an acknowledgement.
That is not entirely correct, a server could reject the request. This
patch corrects that by checking the ExtendedResponse_resultCode for
success, and then uses the new ssl_starttls_ack() helper to kick off
SSL. This simplifies the code a bit.
Tested against ldap-ssl.pcapng (which has no responseName) from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
The result is the same as before, except that "Protocols in frame"
changed from "...:ldap:ssl:ldap" to "...:ssl:ldap".
Change-Id: Id7e40c5a50a217c4d3d46f08241d704f19d195dd
Reviewed-on: https://code.wireshark.org/review/6982
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch lets a dissector hand over control to the SSL dissector which
simplifies dissector code ("TCP | App | SSL | App" becomes
"TCP | SSL | App").
After this patch, all of the affected dissectors will now be dissected
as SSL with its Application Data being treated as the protocol before
STARTTLS. This was previously not the case because the port was not
registered for dissection via ssl_dissector_add.
The desegmentation issue within the MySQL dissector is now also gone.
Convert some tvb_length[_remaining] users in pop and smtp as well.
Tested against mysql-ssl.pcapng and mysql-ssl-larger.pcapng(*1),
Tested against pop-ssl.pcapng (note: only first stream is decrypted,
either the key after negotiation is wrong or there is a bug),
Tested against smtp-ssl.pcapng and smtp2525-ssl.pcapng (with Decode As)
and smtp-ssl.pcapng with filter "tcp.len>0",
Tested against xmpp-ssl.pcapng,
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
*1) mysql-ssl-larger has MySQL dissector errors for the fragmented
SSL packet, but reassembly seems to work. Needs further
investigation.
Bug: 9515
Change-Id: I408ef8ff30d9edc8954dab9b3615900666dfa932
Reviewed-on: https://code.wireshark.org/review/6981
Reviewed-by: Michael Mann <mmann78@netscape.net>
All STARTTLS-like dissectors (protocols which can switch to SSL/TLS
after a protocol command) currently fail to get called after decryption.
The reason for this is that the port is not registered for SSL
dissection via ssl_dissector_add. Besides this, the MySQL dissector
breaks in the event of multiple segments because it does not properly
set desegmentation.
The call path TCP | App | SSL | App is a bad, error-prone pattern which
requires duplication of required functionality in dissectors. This patch
enables to bypass the App (TCP | SSL | App) by registering a SSL as
conversation dissector after a STARTTLS switch.
Logical overview of changes:
- Move srv_addr, srv_ptype and srv_port to SslSession and adjust the
users. This allows passing SslSession around which will never be null
unlike SslDecryptSession. This is needed for looking up the packet
direction (server or client) before calling a subdissector.
- Add app_handle to store the dissector and last_nontls_frame the
frame that initiated STARTTLS.
- The same app_handle is now used to store the dissector handle from
a ssl association.
- Moved conversation data (SslDecryptSession) to ssl-utils to avoid
code duplication. Merge ssl_session_init into it. The new
ssl_session_get() is needed for STARTTLS frame/handle storage.
- Introduce new "ssl_starttls_ack" function to signal the last non-TLS
packet.
- Ensure that match_uint is set before calling the conversation
dissector. This ensures that dissectors using match_uint to check
the direction of a packet (client vs. server) see the TCP port
instead of the IP proto. At least the MySQL and SMTP dissectors
require such special treatment.
- Move epan/conversation.h outside HAVE_LIBGNUTLS, remove from dtls
(as it is already included by ssl-utils).
- Various comment/debug string updates. Remove outdated comment before
SSL association lookup.
Besides setting match_uint and caching the app_handle, existing
dissectors should not be affected by this patch. Follow-up patches
will update existing dissectors to use the new ssl_starttls_ack
interface.
Bug: 9515
Change-Id: I795d16b6a901e672a5d89e922adc7e5bbcda0333
Reviewed-on: https://code.wireshark.org/review/6872
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch improves detection of a SPDY/3.1 in SSL capture. While at it,
add other protocols from the RFC/drafts.
spdy was tested against a private capture from spdy/3.1 communication
between Chromium 40 and ssl.gstatic.com.
http2 was tested against http2-16-ssl.pcapng from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
Change-Id: I111efae34d614b7d8e37eaaa686b391d332753dd
Reviewed-on: https://code.wireshark.org/review/7000
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clicking "Decode" in the RTP player triggered an ASAN
heap-use-after-free in update_progress_bar(). Explicitly set
progress_bar to NULL to prevent this.
Change-Id: Ice3105a11642a1cc5a54b8fbdf7dbf0ed430d965
Ping-Bug: 10714
Reviewed-on: https://code.wireshark.org/review/6999
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On the wire P_DATA_V2 is same as P_DATA-V1 plus 3 bytes "peer-id" value
after opcode. Client-side support has been added since OpenVPN 2.3.6,
server side is in master branch and will appear in 2.4.
Peer-id is especially useful for mobile clients (they often float
between 3G/Wi-Fi) and in general for Wi-Fi clients (solves UDP NAT
timeout issue).
Change-Id: Ic5d2e05e62c27bed18c2368a1bbc5c7bf4d358f1
Reviewed-on: https://code.wireshark.org/review/7023
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for even more cleanup with respect to how address types are handled, including removing address_to_str.c. Most of the functionality was folded into address_types.c, but the remainder was just dispersed because it didn't make sense to keep the file.
Change-Id: Id4e9391f0c3c26eff8c27b362e4f7a1970d718b4
Reviewed-on: https://code.wireshark.org/review/7038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Using the new address type registration, dissectors can create their own address types with their own (column) filters attached to them, eliminating the need for an address to keep track of a hf_ field.
Change-Id: I2bbec256a056f403a7ac9880d5d76a0b2a21b221
Ping-Bug: 7728
Reviewed-on: https://code.wireshark.org/review/7037
Reviewed-by: Michael Mann <mmann78@netscape.net>
Information about dissector (filter) fields should be kept in a dissector as much as possible. Supporting "column filter string" also allows other dissectors to create their own "address types" with different column filters (because AT_ETHER isn't always an "Ethernet" address).
This feature also allowed a few "dissector specific" address types to be moved to their own dissector.
Change-Id: Ie9024af4db62bc2ee4f8c9d28a1d807f706f45bf
Ping-Bug:7728
Reviewed-on: https://code.wireshark.org/review/7029
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now address types are setup just like field types and must be registered with a structure that provides its string representation (and more things in the future). Address types that are limited to a single dissector are registered by the dissector. More "common" ones are globally registered. There are still a few that really belong in a dissector, but have other dependencies currently not accounted for in the address type support.
Many of the "address to string" conversions that involved g_sprintf have be changed to use more "performance friendly" methods (some at the cost of needing to_str-int.h)
Leaving all comments regarding this "solution" in address_to_str.c in until all have been implemented
Change-Id: I494f413e016b22859c44675def11135f228796e0
Reviewed-on: https://code.wireshark.org/review/7019
Reviewed-by: Michael Mann <mmann78@netscape.net>
The DNS packet's 3rd additional RR is a LOC RR.
In the LOC RR, Wireshark marks the Size field with meters unit.
However, the Horizontal and Vertical Precision fields have no units
Issue reported by Boaz
Bug:10940
Change-Id: If177757d2bba6ea012a320aceaea2f8d8e50155c
Reviewed-on: https://code.wireshark.org/review/7014
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ied0428324c14f248bf6857fd288b4fb5d4591230
Reviewed-on: https://code.wireshark.org/review/7033
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I11c805b285d277ecb963622385154c310f6d1c67
Reviewed-on: https://code.wireshark.org/review/7032
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icb7fec658f895e91069e51bab50d57a0a93f5cba
Reviewed-on: https://code.wireshark.org/review/7031
Reviewed-by: Michael Mann <mmann78@netscape.net>
Preparation to add Multicast Stream Dialog on Qt (Add extern C...)
Change-Id: Ic8bc39a18dba607d6da116df799de7847ce8e4c8
Reviewed-on: https://code.wireshark.org/review/6984
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic8f93913396de3d97cdba4473e6837056c8250a6
Reviewed-on: https://code.wireshark.org/review/7030
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Mostly: Rename a number of macros to be RIEMANN_...
Change-Id: I2b8beb5f9241a0a2a380b8a38222ef07beb1703c
Reviewed-on: https://code.wireshark.org/review/7028
Reviewed-by: Bill Meier <wmeier@newsguy.com>
The following doesn't quite do what it might seem to be doing:
*value |= (byte & 0x7F) << shift; //guint64 *value // guint8 byte
The warning from MSVC2013:
Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit
value. Results might not be an expected value
Change-Id: I06e196559ec0e84da77d8866355ae7f86ba43f73
Reviewed-on: https://code.wireshark.org/review/7020
Reviewed-by: Bill Meier <wmeier@newsguy.com>
uuid_t is a data type provided by a number of environments, thanks to
the Open Software Fuundation; calling the Bluetooth code's data type,
which includes an actual OSF-style UUID as a member, "uuid_t" can lead
to confusion and *does* lead to compile errors on platforms where, for
better or worse, system headers such as <unistd.h> define uuid_t (and
are included by, for example, Qt headers).
Just rename it "bluetooth_uuid_t".
Change-Id: Ic742723913ba4105cd3269dd24fc821147285176
Reviewed-on: https://code.wireshark.org/review/7017
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The following doesn't quite do what it might seem to be doing:
guint64 num;
guint8 b;
num |= ((b & 0x7f) << shift);
The warning from MSVC2013:
Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit
value. Results might not be an expected value
Change-Id: Ic8c939355b54317f0b459c60342f3cb5dfa29624
Reviewed-on: https://code.wireshark.org/review/7015
Reviewed-by: Bill Meier <wmeier@newsguy.com>
if they're dealing with HID descriptors
Change-Id: Ia529fe373653ddf18e05e8ad148a2f5b5686fa95
Reviewed-on: https://code.wireshark.org/review/7010
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I19544eeccd5206de88fe480f9b02bc57fcc278bd
Reviewed-on: https://code.wireshark.org/review/7009
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaf339310c3b606885e945d10cffc1956ce24578a
Reviewed-on: https://code.wireshark.org/review/7008
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
treat those two messages as class-specific control messages, handle them
inside the USB HID dissector
Change-Id: I42d201df4a8fdb94c947b6118c0b50945c306423
Reviewed-on: https://code.wireshark.org/review/7006
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
pass the data only to one subsequent dissection function
either we have a standard request or a non-standard request that can be
handled by a class dissector (we used to do both at the same time,
this makes the output difficult to read)
Change-Id: Ia46239b2b9e121c9ca165cc56d0b271345d7962e
Reviewed-on: https://code.wireshark.org/review/7005
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
top-most tree on which it operates
this gives callers more control over where things are displayed
Change-Id: I8cdc07b4f3569bca728781fb709e2a2bb37c433b
Reviewed-on: https://code.wireshark.org/review/7004
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
standard setup request
it's not sufficient to look at the type bits in the request type field
use the new function where we checked the type bits before
Change-Id: I65b901dca91607a4dad4e4296b3f3a877aebf346
Reviewed-on: https://code.wireshark.org/review/7003
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Version to add as generated field, without tvb offset, length.
Change-Id: If4c7aebcbf1b47faa483bcbd40995eff3ccb99f0
Reviewed-on: https://code.wireshark.org/review/6906
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Introduced in gca3fe28;
Found by MSVC2013 Code Analysis
Change-Id: I4c754dfacca492b53debdaf82557e4fe91698460
Reviewed-on: https://code.wireshark.org/review/6991
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
It is a GUI+QT feature that introduce Bluetooth menu and
"ATT Server Attributes" that present all handle+UUID pairs
as table. User may copy cell value, row, selected rows or whole
table within header. On activate user will go to packet that
introduce UUID for specified handle.
Change-Id: If17e53aff5feb89ededc740a595ba5882b90be5e
Reviewed-on: https://code.wireshark.org/review/6911
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>