Change-Id: I0d9511ed9cb93446766d510b97fdefe56a86a826
Reviewed-on: https://code.wireshark.org/review/13787
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are three level of characteristics: Services, Characteristics and
Configuration Characteristics. To properly analyzing packets
there is a need to display all three why dissecting UUID.
Change-Id: I3121338942c990b52ac2b3a45ced0529f80d4114
Reviewed-on: https://code.wireshark.org/review/13742
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
OTS/OTP is the newset "profile" announced by Bluetooth SIG.
It name describe what it doing: Object Transfer Service/Profile,
so it is something like OPP.
While we are at this move some HID attributes to get right
order in switch-case.
Change-Id: I460963a422c7292b2cabf7e88f32dbd6e8d7051f
Reviewed-on: https://code.wireshark.org/review/13735
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Random Rx/Tx bit are properly decoded but incorrect present
in parent tree.
Change-Id: I4c31d8e77b1adb5f821da6074bde5dff400d6c04
Reviewed-on: https://code.wireshark.org/review/13738
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
If vendor dissector does not decode all bytes - it seems to be
unexpected parameter.
Also move vendor dissection tree under root as it is done for HCI CMD.
>>> CID 1247678: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "dissector_try_uint_new(hci_vendor_table, hci_vendor_data->manufacturer, tvb, pinfo, tree, 1, bluetooth_data)".
>>> CID 1247679: Error handling issues (CHECKED_RETURN)
>>> No check of the return value of "dissector_try_uint_new(hci_vendor_table, hci_vendor_data->manufacturer, tvb, pinfo, main_tree, 1, bluetooth_data)".
Change-Id: Icdb8c1f166d5bc33cfc79c62d384ae416dfbf0cf
Reviewed-on: https://code.wireshark.org/review/13737
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fixes dpkg warnings:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/wireshark-qt/usr/bin/wireshark was not linked against libsbc.so.1 (it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/wireshark-gtk/usr/bin/wireshark-gtk was not linked against libsbc.so.1 (it uses none of the library's symbols)
dpkg-shlibdeps: warning: symbol sbc_decode used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
dpkg-shlibdeps: warning: symbol sbc_init used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
dpkg-shlibdeps: warning: symbol sin used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
dpkg-shlibdeps: warning: symbol floorf used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
dpkg-shlibdeps: warning: symbol floor used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
dpkg-shlibdeps: warning: symbol sbc_finish used by debian/libwscodecs0/usr/lib/x86_64-linux-gnu/libwscodecs.so.0.0.0 found in none of the libraries
Change-Id: I71911513c348edd336cdc82ea358b6a05760b4b9
Reviewed-on: https://code.wireshark.org/review/13784
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Applies to the resolve Physical Addresses to names preference.
Change-Id: Ib1f484afc940eb6a022e03a1766c18449b2dfed3
Reviewed-on: https://code.wireshark.org/review/13400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Don't just check whether we *have* the MCS index, check whether it's a
valid MCS index, before we use it in calculations. Otherwise, we'll
make out-of-bounds array accesses.
(May or may not fix bug 12085, so just Ping-Bug for now. It's necessary
in any case.)
Change-Id: I7119366397b260089aea35ae9fcd5ad9ec6b06f2
Ping-Bug: 12085
Reviewed-on: https://code.wireshark.org/review/13790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gluster added support for a SEEK operation, supporting SEEK_DATA and
SEEK_HOLE. The actual protocol modifications can be found in commit
9b71092f3 (http://review.gluster.org/11482).
Bug:12088
Change-Id: I298b4a5023fa748e9c443ae5a24a1b58d76a5453
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/13780
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
the new interface.
Change-Id: I4f818d55416d3b1d09b46015d83f3acc5a9e71cc
Reviewed-on: https://code.wireshark.org/review/13744
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I99c556950007957c09809dc477a94d410cca4cc8
Reviewed-on: https://code.wireshark.org/review/13728
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
in the switch-case statements, we already show an expert info
it should be sufficient to exit and report to the caller
how many bytes we dissected
as for the string, we can just calculate the length and let
proto_tree_add_item() throw an exception if that length is invalid
Change-Id: I310a4011cb112f3ed70e804c5b44d58f275fab6b
Reviewed-on: https://code.wireshark.org/review/13745
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This includes request/response tracking
Change-Id: I12ac4c198929aa6a75f3f839f9ee52ebf00b8059
Reviewed-on: https://code.wireshark.org/review/13743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These objects are defined in Volume 8, but it doesn't make sense to create a new dissector file for them, so just distribute them where it makes the most sense in the existing CIP dissectors.
Also do some conversions to proto_tree_add_bitmask while in the neighborhood.
Add support for EtherNet/IP over DTLS/TLS.
Change-Id: I4e658e8871eebb222816229de7594ff766264308
Reviewed-on: https://code.wireshark.org/review/13710
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I767a334c82c27b06be7e72461b7f3e3d961784b4
Reviewed-on: https://code.wireshark.org/review/13725
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
it will be also make happy OS X x64 buildbot
Change-Id: Ib718d717719739314170632f04b3ec68c2917ed6
Reviewed-on: https://code.wireshark.org/review/13730
Reviewed-by: Anders Broman <a.broman58@gmail.com>
the messages contain "length codes" instead of the actual lengths
use a simple conversion table to covert length codes into lengths
add generated items for the actual lengths
Change-Id: Ic10aed0d20cfca30524cf767798df4eec2330592
Reviewed-on: https://code.wireshark.org/review/13734
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
it's used by two messages, the relative position
inside the current byte is different
don't use a static bitmask for the hf
Change-Id: I6a145cad46bab1afd22f66f144e7e4e9909f0b15
Reviewed-on: https://code.wireshark.org/review/13732
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The time column widths should not be adjusted in cf_open() because
we don’t have any packets yet and Qt resizeColumnToContents() will
not adjust any widths but emits a sectionResized() with invalid or
default values (new_width seems to always be 32). This will in some
cases (when start capturing packets) give wrong width values which
is later stored in the recent file, and the time columns may end up
narrow the next time the recent file is read.
This fix is related to the column with issues previously compensated
for in PacketList::sectionResized() (g4980d505).
Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
Reviewed-on: https://code.wireshark.org/review/13712
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When changing timestamp format, timestamp precision and display seconds
with hours and minutes we must reset columns before auto resizing the
time columns to get the size of the new column values.
Without this we will resize to the length of the preference we are
changing from, which is not what we want.
Change-Id: If7081bf0b9b6f6974232cea0b3fe0186c904f2a2
Reviewed-on: https://code.wireshark.org/review/13711
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id8156680d67d65d87c156df05e8a66e2531728d2
Reviewed-on: https://code.wireshark.org/review/13709
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In RTPS, regular samples are serialized with the format
<encapsulation, serialized data> and thus, the dissection of the
encapsulation was suggested to be done in the custom dissector.
However, batches are serializing the encapsulation only once as
<encapsulation, sample 1, sample 2>. This makes us need to dissect
the encapsulation in the RTPS dissector and providing as (void*) data
to the custom dissector. This way we support the regular samples
dissection as well as the batches dissection.
I have defined rtps_dissector_data in packet-rtps.h and I suggest
we include that header file when we want to write a custom dissector.
Bug: 12029
Change-Id: I74ed4c31484f9a99ad6c44c6c34cc52be2adb7c8
Reviewed-on: https://code.wireshark.org/review/13413
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-path mutation responses can have a variable number of values
encoded in them:
- Successful requests have 0..N values, one for each mutation which
wishes to return a value (e.g. SUBDOC_COUNTER)
- Unsuccessful requests have 1 value, specifying the index and status
of the first failing mutation
Add support for decoding a variable number of response values.
Change-Id: Ia1f682f7f701829bd808a44ee142ffe912095e15
Reviewed-on: https://code.wireshark.org/review/13688
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
get_dirname may return NULL instead of the original string, so avoid
patterns like get_dirname(strdup(x)). Writing to
cf_path.toUtf8().data() is fine btw, toUtf8() returns new memory.
This fixes two memleak reported by LeakSanitizer via fileset_add_dir and
MainWindow::captureFileReadFinished (both via cf_callback_invoke).
Change-Id: I0f1528763e77e1f55b54b6674c890a9d02302ee8
Reviewed-on: https://code.wireshark.org/review/13691
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
