Change-Id: I41c93927595be523528d44c263b7028f40e524e2
Reviewed-on: https://code.wireshark.org/review/10706
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Part 2
Change-Id: I18a17202f1c547b2257549ea0245350227edafa0
Reviewed-on: https://code.wireshark.org/review/10730
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto_tree_add_bitmask_with_flags() in some cases.
Change-Id: I280c8f33aeacb84561243b38497276099621bfe9
Reviewed-on: https://code.wireshark.org/review/10729
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* go through the data only once, increment offset along the way
* remove tag, length dissection from the payload functions
* handle all undecoded elements in the default case
* don't bring up an exception for an invalid ip address length,
proto_tree_add_item() already does this for us
* replace the payload functions for string, integer, ip address
with proto_tree_add_item()
Change-Id: I2a96cb0b22961f63256d7bf0dfe138c6d8100fde
Reviewed-on: https://code.wireshark.org/review/10682
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ib7cebd588924270b2003fad575f4cd0c3ec2678e
Reviewed-on: https://code.wireshark.org/review/10698
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Neighborhood Watch Protocol (NWP) is an XIA protocol for resolving network
addresses to link-layer addresses. Hosts on a LAN send NWP Announcement
packets with their host identifiers (HIDs), and neighbors in the LAN respond
with NWP Neighbor List packets containing their HIDs and associated link-layer
addresses.
Bug: 11492
Change-Id: Ib1e801474b1aa72f5dd3d8303eeec36b96ee0a99
Reviewed-on: https://code.wireshark.org/review/10316
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Internal formatting: remove extra spacing from 'hf_register_info' array
(as suggested during review), plus indentation changes. Do the same
for expert info array.
External formatting: Minor cleanups.
Change-Id: I4d8db4891824e75d413b0eb53ebcc2e7b128c0bb
Reviewed-on: https://code.wireshark.org/review/10683
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add DIRTY_CORBA_IDL_DISSECTOR_SRC back to our various makefiles and move
packet-cosnaming.c back to it.
Change-Id: I2f0427ad47bf0e2f166577608da7f5feaf848a48
Reviewed-on: https://code.wireshark.org/review/10691
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
v1.99.1rc0-717-ga2c2f87 removed pinfo->private_data assignment, but left
the comment in place. Since v1.99.1rc0-761-g6d207fe, the member is
removed completely, so let's drop the comment.
Change-Id: Ib36b6b979abda786202867ea1e6ef0d11487f61c
Reviewed-on: https://code.wireshark.org/review/10684
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
hopefully, this will make my further patches easier to review
Change-Id: If9fe4aa03c08dd38eccae3d4a0accdcbb5d62111
Reviewed-on: https://code.wireshark.org/review/10681
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It looks like "items" could have contributed to fields/data being at an incorrect level off of a tree.
Change-Id: I93616ef8b6b364c578f989882045dee42cb6d3c3
Reviewed-on: https://code.wireshark.org/review/8558
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove size limitation of 23 addresses to Type 0. Add validity checks to Type 0 and Type 2.
Add address count vs segments left check to RPL.
Use hf_ipv6_routing_* for shared routing header fields and hf_ipv6_routing_<type>_* for the rest.
Change-Id: I98796504a0f7643476c4c3550586b5da2cf70f6d
Reviewed-on: https://code.wireshark.org/review/10470
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I739262c0d6b8bd961cc75a18e7bdbb794806e2b7
Reviewed-on: https://code.wireshark.org/review/10668
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From See src/net/quic/quic_protocol.h
Change-Id: I5fbc037186491dc8555f7f41b3e43d7d6a628f88
Reviewed-on: https://code.wireshark.org/review/10647
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'hf_ipv6_opt_length' is being used both for extension header length
and option length.
Change-Id: I012e4d43abdf57997a24ab6f2d2c93d121f9f123
Reviewed-on: https://code.wireshark.org/review/10478
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes two issues:
- Null IPv6 Fragment extension headers confuse Wireshark, because the 'offlg'
variable gets reset
- Dissection doesn't stop when reassembly is enabled and it is the first
fragment followed by more IPv6 extension headers
Bug: 8362
Change-Id: Ibe229a63d7a6ab8523ddfcae30e58d19cc2ce2bd
Reviewed-on: https://code.wireshark.org/review/10482
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This simplifies some of the logic required for field formatting.
Change-Id: I2f9a612b18e3e4ca01311683d9cf61cbad9950f4
Reviewed-on: https://code.wireshark.org/review/10649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie67892caec2cddee591631045233f8a3f1cc0bc6
Reviewed-on: https://code.wireshark.org/review/10648
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When SSL packet contains multiple encrypted contents the WS shows only the
last record due the wrong indexing of the structure where the decrypted
contents are stored. Should use tvb_raw_offset(tvb)+offset instead of
offset as I think was intended.
Added the same fix for DTLS.
Bug: 11523
Change-Id: I0a977a0e6ebe7c45e526fa5152b8614463abd4fa
Reviewed-on: https://code.wireshark.org/review/10528
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reported by Marius
Bug:11543
Change-Id: Ic9d3b6b26a917601356eb957fd8270f2482f6aee
Reviewed-on: https://code.wireshark.org/review/10645
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited (and allows for more fields to be displayed on some malformed packets).
There are still expert infos (and possibly column APIs) under if (tree)s, but I'm not sure how FAKE_TREE_IS_VISIBLE factors into that. Removing the FAKE_TREE_IS_VISIBLE seems to negatively affect dissection.
Change-Id: Ie487e851c2f6558dd12f0c7010757b4a5f36226b
Reviewed-on: https://code.wireshark.org/review/10631
Reviewed-by: Michael Mann <mmann78@netscape.net>
The PHY types in the NDIS documentation, not surprisingly, match the
ones for Network Monitor. Add support for the ones that didn't have it
already.
Change-Id: Ie135b7ea5634f0eb7950380d12473ac4b12c7a6d
Reviewed-on: https://code.wireshark.org/review/10639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Need to check if there is data before get a value...
Change-Id: I45592e9a2c55a5bce57a40f7e3153e8f540ca316
Reviewed-on: https://code.wireshark.org/review/10636
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add also heuristic to check if it is handstake
Ping-Bug: 11494
Change-Id: I833d294a3a6fdc89cc6d6a5d72d388a3328bf802
Reviewed-on: https://code.wireshark.org/review/10566
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise a 8-bit SMS-PP Data Download could be interpreted as requiring SMS packing
Change-Id: I50b5e59194acc3d69d0e247fc909d3f96207094a
Reviewed-on: https://code.wireshark.org/review/10610
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SPDOs code the 0x04 bit differently, as it is not part
of the message type, but rather a flag for connection validation
I do not want to introduce a second message type, as this would break
compatibility with existing stored filters, also adding the bitmask
to the hf field, would alter the byte value, as it would shift
the value to the right.
Change-Id: I6b70bec29a55dfb556652d9dc940a896b864943b
Reviewed-on: https://code.wireshark.org/review/10595
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit d1fcb7dd34.
Warning the user multiple times about an invalid ssl.keylog_file every
time a SSL stream is encountered is an annoyance (in tshark), but
crashing in GTK+/Qt during live captures is even worse.
Disable the warning for now. Maybe detect it once at startup? That would
not cover removed files though.
Bug: 11488
Change-Id: I56b2eba1df0cff2309584a745b55ada238999fc4
Reviewed-on: https://code.wireshark.org/review/9687
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
TLS can be tunnelled over other protocols (e.g. TLS over EAP
over 802.1x), which are neither TCP nor UDP. In this case,
we would assume DTLS, which is typically wrong. Assume TLS
instead.
Change-Id: I45d70789f7fa793861297fc2e7a5f2be311bbbb1
Reviewed-on: https://code.wireshark.org/review/10416
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
The existing code parsed the callback program number from
a packet and then registered the callback program number.
But since the RPC dissector checks for valid and known
program numbers, it never parses it out.
Anyway, NFS4_CALLBACK is a well known number - use it!
Change-Id: Ia812359102bf6620e3b83109eb918032155cd8d3
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/10558
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It returns a null pointer if you do.
Change-Id: I3bc934a576dba261d1e71767978e3789a892e728
Reviewed-on: https://code.wireshark.org/review/10590
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent here is to remove proto_tree_add_text from packet-csn1.c, but the macros setup means A LOT more hf fields needs to be created.
Many of those new hf fields were created with a perl script
Bug: 11504
Change-Id: If12c7677185f18a7f684fd3746397be92b56b36d
Reviewed-on: https://code.wireshark.org/review/10391
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>