Set I/O to only drive on a '0' and tristate on a '1' command essentially
sets each I/O output type to either Open-Drain or Push-Pull.
Ping-Bug: 11743
Change-Id: I580d63c80114ad8f4a7cb1fc82a3c40720cc71e6
Reviewed-on: https://code.wireshark.org/review/38167
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'check_tfs.py --common' can look for tfs values that appear multiple times.
Current output prior to these dssector changes was:
('No Extension', 'Extension') appears 3 times in: ['epan/dissectors/packet-bssap.c', 'epan/dissectors/packet-camel.c', 'epan/dissectors/packet-gsm_map.c']
('Optimised for signalling traffic', 'Not optimised for signalling traffic') appears 3 times in: ['epan/dissectors/packet-gsm_a_gm.c', 'epan/dissectors/packet-gsm_map.c', 'epan/dissectors/packet-gtp.c']
('Data PDU', 'Control PDU') appears 3 times in: ['epan/dissectors/packet-pdcp-lte.c', 'epan/dissectors/packet-pdcp-nr.c', 'epan/dissectors/packet-rlc-nr.c']
('Message sent to originating side', 'Message sent from originating side') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
('User', 'Provider') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
The first and last ones were made common, the others seem a little too specialised.
Checking some of the existing items in tfs.c (using QtCreator's 'Find Usages'),
some of the common items are used a lot, but many of them are not referenced.
Change-Id: Ia4006d2c4fa7cafbc3b004dc7a367a986dbeb0c4
Reviewed-on: https://code.wireshark.org/review/38177
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix packet-ieee1905.c to include packet-wifi-dpp.h for the definition
it needs.
Change-Id: Iebb290ffb3112161605d6065123cfc54b921f2eb
Reviewed-on: https://code.wireshark.org/review/38163
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The names for files extracted from data PDVs depend on information in the tags.
Need to read the tags for data PDVs if the Export Objects tap has a listener
even if there isn't a tree (so that tshark works) and need to send data to
Export Objects only after reading the tags (so that it works on the first pass).
This makes the tshark single pass behavior match wireshark GUI behavior.
Bug: 16771
Change-Id: I6cfa792e7b86f205290ff92c9f5e09fd94a25f9f
Reviewed-on: https://code.wireshark.org/review/38164
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Detected by check_typed_item_calls.py.
Change-Id: I08081c6619f3e1cd1b6733c8a2864bf9ac2a16aa
Reviewed-on: https://code.wireshark.org/review/38162
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct endianess for Max PDU field in LE Set CIG Parameters and LE
Create BIG Test Command. Correct endianes for BIS handle and remove
PHY field from LE Create BIG Sync Established Event.
Add SDU interval field to LE BIGInfo Advertising Report Event.
Change-Id: Ic276aceb5a2e1cd6e1c08ae20303bfbe6bdc1286
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/38157
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Google/Apple Exposure Notification protocol is designed to aid
contact tracing efforts by allowing users to broadcast changing
identifiers, derived from longer-term (24 hour) keys; in the event that
a user receives a positive diagnosis, they upload their longer-term keys
to a key server, and all other users can use those long-term keys to
generate all the potential changing identifiers, and compare those to
their logs to determine if they were in contact with the infected user.
This protocol was developed in response to SARS-CoV-2, but is not
inherently limited to it.
This patch adds a "bluetooth.gaen" filter, with two data fields in the
periodic (changing identifier) broadcast:
- bluetooth.gaen.rpi: The Rolling Proximity Identifier
- bluetooth.gaen.aemd: The Associated Encrypted Metadata
Links to Protocol Documents:
- Google: https://www.google.com/covid19/exposurenotifications/
- Apple: https://www.apple.com/covid19/contacttracing
This change also adds the Bluetooth SIG-assigned 16-bit UUID for GAEN,
0xFD6F, to the list of Wireshark-recognizable 16-bit UUIDs.
These changes are licensed under the same license as Wireshark itself.
Change-Id: I3af14b225a35d0670433a9a89901d4d37895b3bd
Reviewed-on: https://code.wireshark.org/review/38064
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new BMP Message type (Section 2.1).
o Type = TBD: Route Policy and Attribute Trace Message. (100)
new TLV types for the Route Policy and Attribute Trace Message (Section 2.3).
o Type = TBD1 (2 Byte): VRF/Table TLV. (0)
o Type = TBD2 (2 Byte): Policy TLV. (1)
o Type = TBD3 (2 Byte): Pre Policy Attribute TLV. (2)
o Type = TBD4 (2 Byte): Post Policy Attribute TLV. (3)
o Type = TBD5 (2 Byte): String TLV. (4)
Bug: 16749
Change-Id: I9858c94fb8fe5a9f3341204646030e59e13509bf
Reviewed-on: https://code.wireshark.org/review/37911
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tokens[] contains two tokens - the part of the identity before @ and the
part of the identity after @.
realm_tokens[] contain five tokens - the "."-separated parts of the part
of the identity after @.
The latter include "mncNNN" and "mncNNN".
This fixes a crash.
Change-Id: I4b13dd90977a626a823cb53958412301abf8addb
Reviewed-on: https://code.wireshark.org/review/38158
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The IPv4 or IPv6 address was not added properly to the tree
Bug: 16777
Change-Id: Ic28138cc1d4c2dc350fb5ff95aa3a5496a293c91
Reviewed-on: https://code.wireshark.org/review/38153
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Error: epan/dissectors/packet-docsis.c filter= docsis.ehdr.rsvd FT_UINT8 so field_width= 8 but mask is 0x3FFF which is 14 bits wide!
Error: epan/dissectors/packet-ixveriwave.c filter= ixveriwave.contextp.agc FT_BOOLEAN so field_width= 1 but mask is 0x0038 which is 3 bits wide!
N.B. The ixveriwave field was not in use, so was deleted.
Change-Id: Ife73eb9204f7339cc0fe2b4e991f0df553823ffe
Reviewed-on: https://code.wireshark.org/review/38140
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Make it more obvious that the time value is Zero.
Change-Id: Idca96185d869f10cf0d2b8ab6aaccb879dfc1ec2
Reviewed-on: https://code.wireshark.org/review/38135
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's arguably an error, as an FT_STRINGZ requires at least one character
position for the terminating NUL, but the way to handle that is to give
it a string value of an empty string and add an expert info indicating
that the terminating NUL is missing. (The same should be done for
FT_STRINGZ fields with a specified non-zero length that don't have a NUL
in the last character position.)
Change-Id: Ie702bf44db36310f0f6e2625a3a64e6424167546
Reviewed-on: https://code.wireshark.org/review/38136
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The documentation mentioned looks more like API/ABI documentation than
"data on the wire" documentation, but the strings all look like counted
strings, with no trwminating NUL. Use FT_STRING, not FT_STRINGZ.
Add a URL for the MQ PCF documentation and replace no-longer-working
URLs for the MQ documentation with a working URL.
Change-Id: Id656a3e6cd75bff34d1a5a650229b4ba749ef365
Reviewed-on: https://code.wireshark.org/review/38134
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Make sure to set the GSS Data subtree length properly when
the packet has been truncated so at least the rest of the
packet could be partially dissected.
Change-Id: I0b41137aea47c2512d15d28ed620542decd31904
Reviewed-on: https://code.wireshark.org/review/38086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add rfc8489 to differences table
- Add expert items for attributes exceeding packet length and attributes with trailing data
- Remove unused and "#if 0"ed attributes_properties_p (never used since added in 2009
Change-Id: If7f804a5ee8ea057765f2d55b04181c644cc3d0c
Reviewed-on: https://code.wireshark.org/review/38059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the main dissector, check the first 2/3 bytes for recognized
Byte-Order Marks (BOM) and decode if detected.
In the heuristic check, when unicode heuristics are enabled, check the
first 2 bytes for a recognized BOM instead of assuming UCS-2LE. (Still
falls back on that if no BOM detected.)
Bug: 9069
Change-Id: I7c6510221ef9257a9c3030715906e07b88af6aa7
Reviewed-on: https://code.wireshark.org/review/38076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update URL for the TACACS+ I-D - point to the IETF site.
Fix code indentation.
Use proto_tree_add_item_ret_uint() to get string lengths when adding
them to the protocol tree.
Put the username and password under the top-level tree item, rather than
at the top level themselves.
The username and password are counted strings, and are not
null-terminated; make them FT_STRING rather than FT_STRINGZ.
Change-Id: Ia974937ade5908f98c0b527586e8ac15c3ffb907
Reviewed-on: https://code.wireshark.org/review/38130
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Those routines do more checking than strtoul(), and get passed a pointer
to a guint32(), so you don't have to worry about 32-bit vs. 64-bit longs
(which causes warnings on macOS builds, courtesy of Apple throwing in
"narrowing 64-bit value to 32 bits" warnings when they introduced their
first 64-bit machines, to help developers 64-bitifying their
applications, causing macOS builds to fail).
If the checks fail, note that in the formatted value.
(XXX - assign units to the fields, so we don't have to add them in our
formatting?)
Change-Id: I35945a3f1eaedc88e5b2ebf500c06fb7cf022753
Reviewed-on: https://code.wireshark.org/review/38119
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 16764
Change-Id: Iff902150491c984d3069c1b83acef9c2c8ce12c7
Reviewed-on: https://code.wireshark.org/review/38106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Export proto_item_set_bits_offset_len and fix
In file included from ../epan/dfilter/dfilter.h:18:
../epan/proto.h:1113:11: warning: parameter 'bits_offset' is already documented [-Wdocumentation]
* @param bits_offset The new length in bits.
^~~~~~~~~~~
../epan/proto.h:1112:5: note: previous documentation
* @param bits_offset The number of bits from the beginning of the field.
^ ~~~~~~~~~~~
Change-Id: Ib171ce38607b9656baea5eb7a3e6aee3b99ddbac
Reviewed-on: https://code.wireshark.org/review/38115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To quote RFC 4251, "The Secure Shell (SSH) Protocol Architecture",
section 5 "Data Type Representations Used in the SSH Protocols":
string
Arbitrary length binary string. Strings are allowed to contain
arbitrary binary data, including null characters and 8-bit
characters. They are stored as a uint32 containing its length
(number of bytes that follow) and zero (= empty string) or more
bytes that are the value of the string. Terminating null
characters are not used.
Strings are also used to store text. In that case, US-ASCII is
used for internal names, and ISO-10646 UTF-8 for text that might
be displayed to the user. The terminating null character SHOULD
NOT normally be stored in the string. For example: the US-ASCII
string "testing" is represented as 00 00 00 07 t e s t i n g. The
UTF-8 mapping does not alter the encoding of US-ASCII characters.
"Terminating null characters are not used." means "these aren't
null-terminated strings; FT_STRINGZ is for null-terminated strings, but
these are counted strings, for which FT_STRING si the right type.
Change-Id: I217d527847a20b640bf141a5d8d56f31456af04c
Reviewed-on: https://code.wireshark.org/review/38118
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
It's used in a number of source files; don't force each of them to test
GCRYPT_VERSION_NUMBER independently.
Make sure every file that uses HAVE_LIBGCRYPT_AEAD includes
wsutil/wsgcrypt.h.
Also do some other definitions that are based on the libgcrypt version
there as well.
This requires that the Qt UI code be given the include directory for
libgcrypt, as the follow stream code includes
epan/dissectors/packet-quic.h, which includes wsutil/wsgcrypt.h to get
HAVE_LIBGCRYPT_AEAD defined, and wsutil/wsgcrypt.h includes <gcrypt.h>.
Change-Id: I9cb50f411f5b2b6b9e28a38bfd901f4a66d9cc8f
Reviewed-on: https://code.wireshark.org/review/38116
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
http3_is_reserved_code() is only used if HAVE_LIBGCRYPT_AEAD is defined;
only define http3_is_reserved_code() if HAVE_LIBGCRYPT_AEAD is defind.
(Then there's the issue that HAVE_LIBGCRYPT_AEAD is *NOT* defined as a
result of CMake tests, it's defined in packet-tls-utils.c based on the
libgcrypt version, so it's not as if it can be used outside
packet-tls-utils.c, but that's another bug to fix.)
Change-Id: Ibecdf6e12fde27d75fcd7849ca0cd62f4129f5c2
Reviewed-on: https://code.wireshark.org/review/38114
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Replaced tvb_captured_length_remaining() with
tvb_reported_length_remaining().
Change-Id: I87c07488590cd82ca8a945ac6f13efa45807e55b
Reviewed-on: https://code.wireshark.org/review/37098
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently, it's possile for ssh_keylog_compute_hash() to be called with
a struct ssh_flow_data structure with a null kex_e; if it is, give up on
computing the hash before we try dereferencing global_data->kex_e.
See, for example, the capture at
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=Example1.pcap
which crashed if I ran a TShark, built from the tip of the master branch::
TShark (Wireshark) 3.3.0 (v3.3.0rc0-1806-g79e43ef98d59)
Copyright 1998-2020 Gerald Combs <gerald@wireshark.org> and
contributors. License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see
the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap (including remote capture support),
without POSIX capabilities, with GLib 2.37.6, with zlib 1.2.11, with SMI
0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.4.17, with
Gcrypt 1.7.7, with MIT Kerberos, with MaxMind DB resolver, with nghttp2
1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2
2.9.9.
Running on Mac OS X 10.15.6, build 19G73 (Darwin 19.6.0), with Intel(R)
Core(TM) i9-9980HK CPU @ 2.40GHz (with SSE4.2), with 65536 MB of
physical memory, with locale en_US.UTF-8, with libpcap version
1.10.0-PRE-GIT, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with brotli
1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded).
Built using clang 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62).
with "tshark -n -V -r Example1.pcap".
Change-Id: Icc534b488e5b486597162e54c725afb54ad61c05
Reviewed-on: https://code.wireshark.org/review/38113
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Add a new top-level view that shows each packet as a series of diagrams
similar to what you'd find in a networking textook or an RFC.
Add proto_item_set_bits_offset_len so that we can display some diagram
fields correctly.
Bugs / to do:
- Make this a separate dialog instead of a main window view?
- Handle bitfields / flags
Change-Id: Iba4897a5bf1dcd73929dde6210d5483cf07f54df
Reviewed-on: https://code.wireshark.org/review/37497
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PAA is a variable length IE, but it is not extendable (see Table 8.1-1 in
3GPP TS 29.274). For a give type the length therefore has to match and
can not exceed the defined length.
Change-Id: Id65842a7f25018fd3864efd73f74ae583102a681
Reviewed-on: https://code.wireshark.org/review/37984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are the final issues currently seen by check_typed_item_calls.py
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1840 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1887 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_session_parameter, ...) called at epan/dissectors/packet-obex.c:2058 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Change-Id: If6772a72e01c7afd774a7b673d5775fd598bace3
Reviewed-on: https://code.wireshark.org/review/38095
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This patches adds support to parse the TX flags of the radiotap header,
including a new DONT_ORDER Tx flag.
Bug: 16732
Change-Id: Ia57c079e020a32219a3e3fcfb7da5ef260360b7e
Reviewed-on: https://code.wireshark.org/review/37944
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed WLAN from the EAP identity fields because
it is additional and unnecessary. Added fields for
the full identity string and the identity type.
Removed the pseudo and reauth identity types by
collapsing all identity values into one field
(eap.identity) so the values may be filtered easier
by users in tshark and the GUI. Omitting
encrypted IMSI code until this patch and Change
37250 get merged since the encrypted IMSI logic
depends on these two patches.
Bug: 16537
Change-Id: If359756c1949aff2510b822b70e0e79df85213d0
Reviewed-on: https://code.wireshark.org/review/37257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Routine "dhcpv6_domain()" of packet-dhcpv6.c has the following
issues:
a. It is unaware of partial (relative) domain names which unlike
FQDNs must *not* be root terminated(0); otherwise, the resolver
interprets them as top-level domains (TLDs) such as "com." and
"org.".
b. Malformed errors are not thrown when they should be and when
thrown, it does so for the wrong reason.
c. No detail is provided as to the nature of a malformation.
d. The routine does not know the difference between an "empty"
and "root-only" domain name.
Routine "dhcpv6_option():
The meanings of flags octet of the in the OPTION_CLIENT_FQDN
option sent by the client are different that those of the server.
These differences are not reflected in the display. In addition,
the description of the 'N' bit is incorrect in either case. The
sender type must be determined in order to label them correctly
and to detect conflicts among them.
These changes fully address the above issues. Six types of
domain name errors are now detected. I believe the unusually
large amount of detailed comments with RFC references and
explanations were needed in this case due to the introduction
of concepts such as partial domain names that were not
recognized as such and thus improperly handled and labelled.
The subtree option headers have been converted from "Text only"
to named fields (dhcpv6.option.type_str). Example captures are
attached to the bug report.
Bug: 16627
Change-Id: I5ef3ee4261b9ab1f331ae2b9b0aa9e3d5e4a5566
Reviewed-on: https://code.wireshark.org/review/37678
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Code to fetch the field (metadata length) was correct, but the item
displayed would be wrong. Fix mask, and use _ret_uint() variant
to avoid fetching the value separately.
Described in RFC 8300, section 2.5.1.
Change-Id: I87cdca489392e1baa6c51bbab303c77a803d204e
Reviewed-on: https://code.wireshark.org/review/38099
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the message indicate the problem and the name of the offending field.
Change-Id: I661125814c9ad5585a3e71d14f8407948e2e6d76
Reviewed-on: https://code.wireshark.org/review/38090
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Very rough support for dissecting the framing on unidirectional and
bidirectional streams. Support for dissecting QPACK contents will be
added later.
Thanks to Omer Shapira for identifying an important issue that broke
reassembly and blocked proper HTTP/3 support.
Bug: 16761
Change-Id: Ib7f87c824f1dca70967b82943e18d5afee39fa0b
Reviewed-on: https://code.wireshark.org/review/38084
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Load private key exchange keys (curve25519-sha256) provided by the user
Find matching public keys in the dissected data
Compute symmetric keys for decrypting encrypted Transport Layer Protocol
data
Bug: 16054
Change-Id: I83481bff6b1206ce222b0120ad9021e1607f7f97
Reviewed-on: https://code.wireshark.org/review/37936
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Error: proto_tree_add_string(.., hf_ansi_a_lai_mcc, ...) called at epan/dissectors/packet-ansi_a.c:3656 with type FT_UINT8
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_string(.., hf_ansi_a_lai_mnc, ...) called at epan/dissectors/packet-ansi_a.c:3666 with type FT_UINT8
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_none_format(.., hf_bthci_evt_vendor_codecs_item, ...) called at epan/dissectors/packet-bthci_evt.c:4712 with type FT_UINT32
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_string(.., hf_kademlia_tag_hash, ...) called at epan/dissectors/packet-edonkey.c:1100 with type FT_BYTES
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_string(.., hf_msmms_data_timing_pair, ...) called at epan/dissectors/packet-ms-mms.c:680 with type FT_NONE
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_float_format_value(.., hf_fp_tpc_po, ...) called at epan/dissectors/packet-umts_fp.c:2405 with type FT_UINT8
(allowed types are {'FT_FLOAT'} )
Change-Id: I1ed0276ad9c810ca6b1b01d581c3d73ae28fb9ad
Reviewed-on: https://code.wireshark.org/review/38081
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
It is send from DCAgent to FSSO collector using UDP 8002 packet
It is based on analysis of protocol (and log)
Bug: 16657
Change-Id: I2e23a403a103c25820d714446d4e3245af04e876
Reviewed-on: https://code.wireshark.org/review/37547
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit replaces instances of
(myobj *)wmem_alloc(wmem_X_scope(), sizeof(myobj))
and replaces them with:
wmem_new(wmem_X_scope(), myobj)
to improve the readability of Wireshark's code.
Replacements were made with the following Python script:
import os
import re
import sys
pattern = r'\(([^\s\n]+) ?\*\) ?wmem_alloc(0?)\((wmem_[a-z]+_scope\(\)), sizeof\(\1\)\)'
replacewith = r'wmem_new\2(\3, \1)'
startdir = sys.argv[1]
for root, dirs, files in os.walk(startdir):
for fname in files:
fpath = os.path.join(root, fname)
if not fpath.endswith('.c'):
continue
with open(fpath, 'r') as fh:
fdata = fh.read()
output = re.sub(pattern, replacewith, fdata)
if fdata != output:
print(fpath)
with open(fpath, 'w') as fh:
fh.write(output)
Change-Id: I223cb2fcce336bc99ca21c4a74e4cf758fd00572
Reviewed-on: https://code.wireshark.org/review/38088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Graham reported a shadowed variable issue with the variable index.
Changed the variable name so it no longer shadows index. That seems
to be an issue on Macs.
Change-Id: I2a6e9b6d70811aaf7b9f910ddc87ab926b3a0cec
Reviewed-on: https://code.wireshark.org/review/38058
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prepare for adding HTTP/3 support which depends on QUIC to provide an
stream of data. Reassembly code is mostly lifted from the TCP dissector
which shares similar characteristics.
Bug: 13881
Ping-Bug: 16761
Change-Id: Iba07dade111b740418b8b315d0485e200cdfe9f0
Reviewed-on: https://code.wireshark.org/review/38083
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found using tools/check_tfs.py, included in this commit.
Here are the reports that were fixed here:
Examining:
All dissector modules
epan/dissectors/packet-assa_r3.c tfs_mortisepins_flags - could have used tfs_high_low from tfs.c instead: {High,Low}
epan/dissectors/packet-btle.c tfs_present_bit - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-dhcp.c tfs_fqdn_s - could have used tfs_server_client from tfs.c instead: {Server,Client}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_en_dis - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-docsis-macmgmt.c req_not_req_tfs - could have used tfs_requested_not_requested from tfs.c instead: {Requested,Not Requested}
epan/dissectors/packet-docsis-tlv.c on_off_tfs - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-tlv.c activation_tfs - could have used tfs_active_inactive from tfs.c instead: {Active,Inactive}
epan/dissectors/packet-docsis.c ena_dis_tfs - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-ecmp.c tfs_not_expected_expected - could have used tfs_odd_even from tfs.c instead: {Odd,Even}
epan/dissectors/packet-erf.c erf_link_status_tfs - could have used tfs_up_down from tfs.c instead: {Up,Down}
epan/dissectors/packet-h263.c on_off_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-h263.c cpm_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-interlink.c flags_set_notset - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-ip.c tos_set_low - could have used tfs_low_normal from tfs.c instead: {Low,Normal}
epan/dissectors/packet-ip.c tos_set_high - could have used tfs_high_normal from tfs.c instead: {High,Normal}
epan/dissectors/packet-isakmp.c flag_r - could have used tfs_response_request from tfs.c instead: {Response,Request}
epan/dissectors/packet-isis-lsp.c tfs_metric_supported_not_supported - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-kerberos.c supported_tfs - could have used tfs_supported_not_supported from tfs.c instead: {Supported,Not supported}
epan/dissectors/packet-kerberos.c set_tfs - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-mac-lte.c mac_lte_scell_status_vals - could have used tfs_activated_deactivated from tfs.c instead: {Activated,Deactivated}
epan/dissectors/packet-p_mul.c no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-pgm.c opts_present - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-rsl.c rsl_ms_fpc_epc_mode_vals - could have used tfs_inuse_not_inuse from tfs.c instead: {In use,Not in use}
epan/dissectors/packet-sita.c tfs_sita_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-vines.c tfs_vine_rtp_no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-vnc.c button_mask_tfs - could have used tfs_pressed_not_pressed from tfs.c instead: {Pressed,Not pressed}
27 issues found
Change-Id: I7e53b491f20289955c9e9caa8357197d9010a5aa
Reviewed-on: https://code.wireshark.org/review/38087
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft Network Monitor lets you capture on an 802.11 adapter either
in monitor mode or in non-monitor mode; frames captured in non-monitor
mode may have the Protected bit set in the 802.11 header, but are
decrypted and don't incclude encryption information, and may have the
A-MSDU Present flag set in the QoS Control field, but have just a
regular frame payload, not a sequence of A-MSDUs, in the payload field.
Dissect those frames correctly.
Bug: 16758
Change-Id: I42b7e9ce52faa80222692403fa7276c039644343
Reviewed-on: https://code.wireshark.org/review/38082
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
In dcm_export_create_object(), don't assume that assoc->ae_calling and
assoc->ae_called are non-null; if we don't have an A-ASSOCIATE request
earlier in the capture, which we are not guaranteed to have, the called
and called AE titles won't be set.
Bug: 16748
Change-Id: I7d6d22d1c23e28b1f0967a803d0d89609a421712
Reviewed-on: https://code.wireshark.org/review/38077
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The "monitor mode" flag was called "netmon_802_11.op_mode.on", not
"netmon_802_11.op_mode.mon". Fix that.
Change-Id: I4a712c1d5fa7c7e43335d83c0f40ace4358a881c
Reviewed-on: https://code.wireshark.org/review/38069
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
I haven't been able to find the appropriate spec, but either there is a
limit to the number of features bytes to add and this patch is needed,
or the (i < 8) part should be dropped. As it is the other data and
expert info for 'unknown' fields will never be reached.
Detected by cppcheck:
epan/dissectors/packet-bthci_cmd.c:9183:72: warning: Condition 'i<8' is always true [knownConditionTrueFalse]
while (tvb_captured_length_remaining(tvb, offset) > 0 && i < 8) {
^
epan/dissectors/packet-bthci_cmd.c:9181:25: note: Assignment 'i=0', assigned value is 0
guint8 i = 0;
^
epan/dissectors/packet-bthci_cmd.c:9183:72: note: Condition 'i<8' is always true
while (tvb_captured_length_remaining(tvb, offset) > 0 && i < 8) {
Change-Id: Icfef0e9142a58aa1c525df9b7daf0aa820039167
Reviewed-on: https://code.wireshark.org/review/38049
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, take into account length of GUID before
adding expert info for not-decoded data afterwards.
Change-Id: I3e3ee2fc014bc7ace477015b21b2d6ca9127a6be
Reviewed-on: https://code.wireshark.org/review/38062
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This matches the description at
https://www.museek-plus.org/wiki/SoulseekProtocol,
where some fields are uint32 but many are just 'int'.
Change-Id: I192aaf9ca84ccee7b52d266083bbbd8baef28685
Reviewed-on: https://code.wireshark.org/review/38060
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some heuristic functions (example: dtls over stun) perform exact checks on
paylaod length, so we need to skip any padding added by TURN layer
(RFC 5766, 11.5).
Bug: 16756
Change-Id: Iaaf3dc83fbc5f5f8d0af1cabfe94861480fe7c98
Reviewed-on: https://code.wireshark.org/review/38042
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: Ibaa5b074a1d98a5be17e5f1514c5666a64fefafb
Reviewed-on: https://code.wireshark.org/review/38050
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
code to dissect PASSWORD-ALGORITHMS and PASSWORD-ALGORITHM attributes is
ready to go.
Change-Id: I6fcfb1da49c596a11b3c5b0e3dce51e47f1f7c1c
Reviewed-on: https://code.wireshark.org/review/38047
Reviewed-by: Guy Harris <gharris@sonic.net>
The current TECMP code shows embedded CAN or FlexRay frames but
does not allow other dissectors to further dissect them. This
patch adds this feature.
Bug: 16738
Change-Id: I7f886c8d42a52c4bd55bdb14aed7459eed1af42d
Reviewed-on: https://code.wireshark.org/review/37972
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Autokey was not properly supported, the v2 version check looked at the
wrong field (Code instead of Field Type). Since nobody noticed it, let's
remove it to simplify the code.
Improve the Extension Field (EF) heuristics to ensure that larger digest
sizes such as SHA-512 are recognized, and to support messages without
MAC. Previously only MD5 and SHA-1 were supported as these are the only
ones that are defined by the RFCs.
The ntp_ext_field_types array was generated by:
curl -s https://www.iana.org/assignments/ntp-parameters/ntp-parameters-3.csv |
awk -F, 'NR>=2{printf "{ %s, \"%s\" },\n", $1, $2}' | sort -n
Tested with md5_dgrams.pcapng and sha1_dgrams.pcapng (Bug 11580) and
NTP-with-mac.pcap (Bug 16640). Also checked against the NTS capture
(go_embeded.pcapng, bug 16222), but TCP reassembly is not supported so
the last part of the first segment is wrongly dissected as MAC.
Bug: 16640
Change-Id: I07fc46c6d8995e6c791952dd7cd84d798cddd21a
Reviewed-on: https://code.wireshark.org/review/38037
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bellcore (now Telcordia) GR-317 and GR-394 are used in the U.S. and are
more similar to ANSI ISUP than ITU Standard ISUP. This fixes decoding
the Jurisdiction (aka JIP) optional parameter.
"gr317" is listed in RFC 3204, Table 1 on Page 2. Telcordia's name for
this standard is "LSSGR: Switching System Generic Requirements for Call
Control Using the Integrated Services Digital Network User Part
(ISDNUP)".
"gr394" is the value used by our Ribbon (formerly Genband) C15 switch.
Telcordia's name for GR-394 is "LSSGR: Switching System Generic
Requirements for Interexchange Carrier Interconnection (ICI) Using The
Integrated Services Digital Network User Part (ISDNUP)". The difference
from GR-317 is "Call Control" vs "Interexchange Carrier Interconnection
(ICI)". These calls are indeed interexchange calls.
Given that only "gr317" is listed in RFC 3204, arguably our Ribbon C15
should be sending this as "version=gr394; base=gr317" or just as
"version=gr317", but I have no control over that and would like to
decode the traffic as seen in the wild.
Bug: 16752
Change-Id: I24c7b2e175606e1c91bcb2e96a3372f62055e293
Reviewed-on: https://code.wireshark.org/review/38038
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the DCE/RPC heuristics a bit more discriminating by checking
a few more header fields for illegal values. Reduces false positives.
Change-Id: Ic3d6c7ce62b64b2042922adb104294600b0db673
Reviewed-on: https://code.wireshark.org/review/38028
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include stdlib.h for bsearch(). This is needed when building on RPi.
Change-Id: Ia0969d7785b59b4adfd10a332a20beb26a99fcb7
Reviewed-on: https://code.wireshark.org/review/38036
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 44.014, section 8.1, type of the TCH loop is
edcoded in bits 2..6, so we should exclude bits 1, 7, and 8.
Before the patch:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 0100 = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
after:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 010. = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
Change-Id: Ie8ee23c6ce0a487d6a96b27324537372449946cb
Reviewed-on: https://code.wireshark.org/review/37981
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We have two places where we want to dissect some fields as being in the
opposite byte ordere from the host on which we're running; move the
definition of ENC_ANTI_HOST_ENDIAN from packet-socketcan.c to proto.h,
and use it in packet-enc.c.
Change-Id: I1d0f9b037fe3b8ca6ed774a11063ba518a3922bf
Reviewed-on: https://code.wireshark.org/review/38023
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Change-Id: Id2b1cbc9e5416c24556c1c2f42d68e4012e29e24
Reviewed-on: https://code.wireshark.org/review/38017
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ifad2e02ef6e710c67801ea8479495736bf310d29
Reviewed-on: https://code.wireshark.org/review/38020
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the fiels that are claimed to be in "host endian byte order" are
also used for the Linux USB/IP protocol, where they're big-endian.
Change-Id: I8e17d6d6e848ba9cd3465bb3b1debe385c522392
Reviewed-on: https://code.wireshark.org/review/38022
Reviewed-by: Guy Harris <gharris@sonic.net>
We now have ENC_HOST_ENDIAN, so we can use it to add host-endian fields
with proto_tree_add_item().
Instead of fetching field values directly, use
proto_tree_add_item_ret_{}int() to get the value.
Change-Id: I96b9a55174594bf04f805af559c2521cd813e8f3
Reviewed-on: https://code.wireshark.org/review/38021
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The type for this field really can be -ve - it corresponds to errno.
Change-Id: I842664b692ffd944a0c02ad5de750b321b247dbf
Reviewed-on: https://code.wireshark.org/review/38019
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
_ret_uint() doesn't work for UNIT_BYTES and UINT_STRING. In these cases,
what was wanted was the total length in order to increment the offset.
(Note _ret_length() includes the fixed width length field; these were
written wanting only the value in the length field, not the total length.)
Change-Id: I9c7c2bc644c414d02eec3fff481e8863778f51fa
Reviewed-on: https://code.wireshark.org/review/38006
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The field does seem to be an int (kernel/srouce/drivers/usb/mon/mon_bin.c),
so item type (FT_INT32) is correct, but was using uint API.
Change-Id: I3c45785d18f890c362c96deb06120904ffea2081
Reviewed-on: https://code.wireshark.org/review/38014
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
packet-usb-audio.c:790:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:791:82: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:795:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:796:97: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
Change-Id: I1024612833ee25a10f49dbda90e9cbd6a14e055d
Reviewed-on: https://code.wireshark.org/review/38012
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(d)tls.quic.parameter.length' exists multiple times with incompatible types: FT_UINT16 and FT_UINT64
Change-Id: Id229843d1372afa371998f97c0b803b4775ad930
Reviewed-on: https://code.wireshark.org/review/38009
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
actually get info for Pegasus and Ursa, need to found for other model...
Change-Id: Icd8a89414ab7e077fa98813134ca3e9124ec5e2b
Reviewed-on: https://code.wireshark.org/review/37518
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently, if the sequence of HashedId3 is 111111222222333333, wireshark
will display the following 3 elements:
* 111111222222333333
* 222222333333
* 333333
This is wrong, as a HashedId3 is defined as a 3 byte ID.
This patch makes sure we only output 3 bytes at a time, so the output
will look like the following:
* 111111
* 222222
* 333333
Change-Id: I331ef473a452c3574bfca90fe2180ae27f93a480
Reviewed-on: https://code.wireshark.org/review/37996
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When decoding a publickey of type ecies_nistp256, increment the offset
after decoding the SymAlgo. Otherwise, the value is parsed again as part
of the EccPoint.
Change-Id: Ic93ceda7f9e8e2a1ce0bc64332c5f9cfa46634d8
Reviewed-on: https://code.wireshark.org/review/37995
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Detected by Martin Mathieson, some calls to proto_tree_.._ret_[value_type]()
were made with incorrect field types. This change fixes a few.
Change-Id: I4fb4877ad12a3bcc68ea173b806d908090921df5
Reviewed-on: https://code.wireshark.org/review/38004
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The heuristic used for dissection of the port ID TLV breaks in the face
of subsequent TLVs with tags starting with 0x10xx. This change fixes the
heuristic to allow these new TLVs to follow the port ID TLV without
triggering the workaround for buggy CDP senders.
Bug: 16742
Change-Id: I40c7ce790263c6de9b59ce543485cf3827f77fe7
Reviewed-on: https://code.wireshark.org/review/37985
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Link Status, Link Quality, and Linkup Time all use the same byte
due to a wrong offset. This patch is a fix for this bug.
Bug: 16738
Change-Id: I7e6eec5665e7df46446e0a729954bc531d28c42d
Reviewed-on: https://code.wireshark.org/review/37977
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
I disturbed some functionality, like highlighting TLVs etc.
Change-Id: I42e7fa560477070fe3accd35d15317d2e0d59d10
Reviewed-on: https://code.wireshark.org/review/37978
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dissect_usb_endpoint_descriptor() silently assumed that Audio Endpoint
Descriptor size is 9B. In v2.0, the last two fields are absent.
Change-Id: I5758857fd2b26e2b3430874c313769862a2a87de
Reviewed-on: https://code.wireshark.org/review/37973
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When response without command appears, a NULL pointer is inserted into
RX command info tree. This essentially led to all further response data,
even with matching command being marked as response without command.
Solve the issue by starting a new list if all commands in the current
list have been matched with response data.
Ping-Bug: 11743
Change-Id: Ibe1d3780f81d7bfe4542119a01fbfad254b3afae
Reviewed-on: https://code.wireshark.org/review/37971
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently we have two FTDI protocols: ftdi-ft and ftdi-mpsse. In the
future we can have more. The dash in "ftdi-" makes the name easier
to read.
Ping-Bug: 11743
Change-Id: Ia8861b8c72c0ec82faa194f25e68beaf3c5033c4
Reviewed-on: https://code.wireshark.org/review/37965
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Show the Bad Command code and from which packet it originates from when
skipping data while searching for Bad Command response.
Ping-Bug: 11743
Change-Id: I3b500a5e9f780775dfad9ce03cff911a6c1e2c41
Reviewed-on: https://code.wireshark.org/review/37954
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When bidirectional (both read and write) data shifting command is
executing, the host can start reading data even before it finishes
writing the data to be sent. Record preliminary command data structure
so the response data that starts before the packet in which the command
is reassembled can be matched with the command.
Ping-Bug: 11743
Change-Id: Id93924b25e37b0e3829efdb44cbe1db7139aa310
Reviewed-on: https://code.wireshark.org/review/37952
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the ISDN dissector take the ISDN pseudo-header through its data
argument, rather than assuming it's in pinfo->pseudo_header, so it can
be used if the link-layer type of the capture isn't ISDN.
Have it add the direction to its protocol tree, so it's there for all
ISDN packets.
Have more versions of the LAPD dissector:
one where the ISDN direction information is available through
an ISDN pseudo-header passed as its data argument;
one for use when the link-layer type *is* LAPD, where the ISDN
direction information may be available through the direction
part of the packet flags.
Pass more flags to the routine that does LAPD dissection to indicate the
direction (user->network or network->user) and whether the user or
network side is on another machine; set those appropriately in the
dissector routines that call it. To set those flags:
in the routine that handles WTAP_ENCAP_LAPD, check the direction
flags in pinfo->rec->rec_header.packet_header.pack_flags;
in the routine that handles WTAP_ENCAP_LINUX_LAPD, check the SLL
header;
in the routine that's called from the ISDN dissector and other
dissectors that can supply an ISDN pseudo-header, check the
struct isdn_phdr passed to it via the data argument;
for the routine that's to be called from L2TP pseudowire type
and SCTP dissector tables, pass nothing, as there's currently
no direction indication supplied - if that information is
available from the encapsulating protocol in some fashion, we
should make changes to supply that information.
Have the AudioCodes Trunk trace protocol dissector call the
LAPD-with-pseudoheader dissector, handing it an ISDN pseudo-header with
a direction indication from the direction field (and a channel of 0 to
indicate the D channel).
Have the Ascend text dump reader in libwiretap use WTAP_ENCAP_ASCEND for
all packets, even Ethernet and ISDN packets, and have the Ascend text
dump dissector handle that, calling the "no FCS" version of the Ethernet
dissector and calling the LAPD-with-pseudoheader dissector with a
pseudo-header filled in with the direction (and a channel of 0).
Have the Catapult DCT 2000 text dump dissector call the
LAPD-with-pseudoheader dissector with the pseudo-header supplied by
libwireshark.
Have the V5 envelope function frame get its ISDN pseudo-header from its
data argument, and call the LAPD-with-pseudoheader dissector with that
pseudo-header.
Have the ISDN dissector treat its data argument as pointing to the ISDN
pseudo-header, rather than assuming it's the one in
pinfo->pseudo_header->isdn - the latter is the one supplied by
libwiretap, but there's no guarantee that an ISDN pseudo-header was
supplied by libwiretap, as the lowest-level protocol layer might not
have been ISDN.
Change-Id: I9f702b879bbc3fb42bcb43c28f797bfc327562c6
Reviewed-on: https://code.wireshark.org/review/37953
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
packet-rtps.c:4486:10: warning: no previous prototype for ‘union_compare’ [-Wmissing-prototypes]
packet-rtps.c:4492:7: warning: no previous prototype for ‘union_hash’ [-Wmissing-prototypes]
Change-Id: If5b95248fe69e5cef41693be863beef9e2fc428d
Reviewed-on: https://code.wireshark.org/review/37946
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TCG Spec 1.59 defines two new tpm commands:
TPM2_CC_CertifyX509, and TPM2_CC_ACT_SetTimeout
This commit add support for these new commands.
Change-Id: Ibbeb85dac88a874bb57fe097b979adbfd9d92e9f
Reviewed-on: https://code.wireshark.org/review/37943
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change is massive, mostly due to KIP-482. The flexible version coding affects every
string, bytes or array field. In order to keep the compatibility the old and new style field
codings must stay next to each other.
Plus:
* correlation-id request/response matching
* new fields (other than KIP-482)
* some fixes to the messages that were not tested sufficiently before
Bug: 16540
Bug: 16706
Bug: 16708
Change-Id: I39b1b6a230e393d3bee3e3d8625541add9c83e5d
Reviewed-on: https://code.wireshark.org/review/37886
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some integer fields in CSN.1 structures can be encoded with an offset.
A good example is GPRS Mobile Allocation IE defined in 3GPP TS 44.060,
section 12.10a, table 12.10a.1:
< GPRS Mobile Allocation IE > ::=
< HSN : bit (6) >
{ 0 | 1 < RFL number list : < RFL number list struct > > }
{ 0 < MA_LENGTH : bit (6) >
< MA_BITMAP : bit (val(MA_LENGTH) + 1) >
| 1 { 0 | 1 < ARFCN index list : < ARFCN index list struct > > }
} ;
so in this case the variable-length MA_BITMAP is defined as follows:
< MA_BITMAP : bit (val(MA_LENGTH) + 1) >
what basically means that its bit length shall be encoded with
a negative offset 1, therefore the following statements apply:
MA_LENGTH=0 defines MA_BITMAP of bit length 1
MA_LENGTH=1 defines MA_BITMAP of bit length 2
...
MA_LENGTH=63 defines MA_BITMAP of bit length 64
== What's wrong? ==
For some reason, Wireshark shows the raw values without applying
the offset. Here is an example of GPRS Mobile Allocation IE:
GPRS_Mobile_Allocation
.... .101 010. .... = HSN: 42
...0 .... = RFL_NUMBER Exist: 0
.... 0... = Mobile Allocation: (Union)
u.MA
.... .001 111. .... = Bit length: 15
...0 .... = Bitmap: 0 // 1st
.... 1... = Bitmap: 1
.... .0.. = Bitmap: 0
.... ..1. = Bitmap: 1
.... ...0 = Bitmap: 0
1... .... = Bitmap: 1
.0.. .... = Bitmap: 0
..1. .... = Bitmap: 1 // 8th
...0 .... = Bitmap: 0
.... 1... = Bitmap: 1
.... .0.. = Bitmap: 0
.... ..1. = Bitmap: 1
.... ...0 = Bitmap: 0
1... .... = Bitmap: 1
.0.. .... = Bitmap: 0
..1. .... = Bitmap: 1 // 16th
== Solution ==
Let's use proto_tree_add_uint_bits_format_value(), so we can print
the final value with the offset applied, as well as the original
one and the offset itself:
GPRS_Mobile_Allocation
.... .101 010. .... = HSN: 42
...0 .... = RFL_NUMBER Exist: 0
.... 0... = Mobile Allocation: (Union)
u.MA
.... .001 111. .... = Bit length: 16 (Raw 15 + Offset 1)
Change-Id: Ic4eaf2d8a3c2fedca855726e4175ddf47d16c5af
Reviewed-on: https://code.wireshark.org/review/37931
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When set to TPDU Heuristic the eth.type of the payload is compared
against IPv6, IP and ARP Ether type values and if found the frame
is handed of to the Ethernet dissector.
Change-Id: I909713062c535112bc77a71ee107822e4544772e
Reviewed-on: https://code.wireshark.org/review/37934
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some switches seems to inject VLAN-tagged duplicate frames. Make sure
we use the VLAN-ID when reassembling IEEE1905 frames.
Change-Id: If37c0a4d1e6df51b13ffc0230ccd50eee8d6061e
Reviewed-on: https://code.wireshark.org/review/37942
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid crashes when NULL passed into hashing functions.
Change-Id: I941eec49ff8f906715ae257b61334a9533af3265
Reviewed-on: https://code.wireshark.org/review/37863
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not set default version to v3.1.1, let the user set this when needed.
Add an expert info when version is not detected.
Ping-Bug: 16722
Change-Id: Iceff83314f06510350bbe9d29cda8a239005f620
Reviewed-on: https://code.wireshark.org/review/37928
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Also note that the record header might have additional stuff at the end,
although not all record headers do (the header length will indicate
what's there).
Change-Id: I5a9ff1f9cd592448bcc45d18808f4b651cdb2f0d
Reviewed-on: https://code.wireshark.org/review/37921
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 11866
Change-Id: Ic9d924cb9008af63c89f4142175a1fa104af7f25
Reviewed-on: https://code.wireshark.org/review/37890
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Field 15 was defined as a 6-byte fixed-length field but the spec shows
it as a 4-byte fixed-length field.
Bug: 16721
Change-Id: I25a61a5758e735a6da52417a584c770ef63d41b0
Reviewed-on: https://code.wireshark.org/review/37916
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In CSN.1, the message may be safely cropped at specific parts
of its definition called Null breakpoints or rather "message
escape" labels (see 3GPP TS 44.060, section 11.1.3.3).
These labels usually preceed the optional protocol extensions,
added in newer releases of 3GPP specifications. The following
IA Rest Octets (see 3GPP TS 44.018, section 10.5.2.16) sample
illustrates that:
IA Rest Octets
H... .... = First Discriminator Bit: High
.H.. .... = Second Discriminator Bit: High
..0. .... = Discriminator Bit: Packet Assignment
...1 .... = Discriminator Bit: Packet Downlink Assignment
Packet Downlink Assignment
.... 0000 0000 0000 0000 0000 0000 0000 0001 .... = TLLI: 0x00000001
.... 1... = TFI Assignment (etc): Present
.... .000 00.. .... = TFI_Assignment: 0
..0. .... = RLC_Mode: RLC acknowledged mode
...0 .... = Alpha: Not Present
.... 0000 0... .... = Gamma: 0 dB (0)
.0.. .... = Polling: no action is required from MS
..0. .... = TA_Valid: the timing advance value is not valid
...0 .... = Timing Advance Index: Not Present
.... 0... = TBF Starting Time: Not Present
.... .0.. = P0: Not Present
.... ..L. = Additions in R99: Not Present
.... ...L = Additions in Rel-6: Not Present
[Malformed Packet: GSM CCCH]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
In GSM, the maximum length of a MAC block (on xCCH channels) is
limited to 23 bytes, so the message was cut in the middle, and
the Rel-7, Rel-10, and Rel-13 additions did not fit. Although,
the message is still correct according to the specifications,
so we should not consider it as "Malformed".
Change-Id: I6920c87d3a3247f4342fea69a8bb40c28316f422
Reviewed-on: https://code.wireshark.org/review/37912
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This ASN.1 CHOICE has three items with the same tag. Without access
to the spec, assuming these are sequentially numbered change the tags
on the subsequent elements.
This is detected by conflict check.
Change-Id: I0d7e6ace53426ba2661b133f7e825c1a305338ef
Reviewed-on: https://code.wireshark.org/review/37697
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Ed Beroset <beroset@ieee.org>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
PID_UNICAST_LOCATOR6_EX extends the unicast locator PID by adding a
sequence of encapsulations.
Change-Id: I9583e3a61b1df6e6f83d7c65f37ae36b9b4c345e
Reviewed-on: https://code.wireshark.org/review/37885
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for SVCB and HTTPS resource records as defined in
draft-ietf-dnsop-svcb-https-01
Bug: 16715
Change-Id: I631246e32f6cb2c89fc953cef761585adfbb056b
Reviewed-on: https://code.wireshark.org/review/37896
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3550, "RTP SHOULD use an even destination port number and
the corresponding RTCP stream SHOULD use the next higher (odd) destination
port number".
However, nowadays, RTP and RTCP packets are often multiplexed onto a single
port, for the reasons explained in RFC 5761, so the port number might be
completely random.
WEBRTC connections are a classic example of this kind of deployment.
Therefore, remove port check in RTP/RTCP over UDP heuristics.
Note that RTP/RTCP heuristics over Stun are already correctly avoiding
checking the port number.
Change-Id: Ib63036954c5188936de8b38b0af146eb4bcde0ca
Reviewed-on: https://code.wireshark.org/review/37903
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rtps_util_add_type_element_module() does not set anything in the
dissector_info structure, so 1) don't pass it a pointer to that
structure and 2) don't add the info structure to the dissection_infos
table.
Bug: 16717
Change-Id: I963b2da0c75124174396714ef5aa68ffe3862f3e
Reviewed-on: https://code.wireshark.org/review/37910
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
There's no need parse the time field ourselves. proto_tree_add_item()
supports the encoding that is used here.
Change-Id: Ifd8cb77f1225b84b9eaccfb0cc23c9c413c6e77b
Reviewed-on: https://code.wireshark.org/review/37901
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix the composite tvb handling for zstd decompression in the same way as
we already did for lz4 and snappy.
Allocate the composite tvb only if we are cetain that data will be added
to it. Do not free the composite tvb ourselves, leave this to epan cleanup.
Change-Id: Iac74ea6e6d220b05858a7eb267276ff983b1b2ab
Reviewed-on: https://code.wireshark.org/review/37900
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If41dadf39694c0046a36ea6eaf819156f0cf5dc3
Reviewed-on: https://code.wireshark.org/review/37902
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
First, remove the unnecessary M_UNION there, and handle Fixed Allocation
Parameters are per older version of spec TS 44.060 with usual presence
bit + struct. The coding of the struct is left unimplemented as an
exercise for someone needing it in the future (since it's not supposed
to be used by current specs anyway).
Once this is cleared up, the rest of the message (Release 99 Additions)
are parsed fine.
Tested with a pcap trace containing a Pkt Ul ACK/NACK with R99 additions
and TBF_EST inside it.
CSN.1 Reference: 3GPP TS 44.060 Table 11.2.28.1
Change-Id: Ie22e99abdbc2bb3988e7a1930d459ba810a348ac
Reviewed-on: https://code.wireshark.org/review/37776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This results in tshark not printing "Reassembled" during the first pass.
Not printing "Reassembled" data source prevents use-after-free. Also,
"Reassembled" data source on first pass does not necessarily represent
complete reassembly as it is possible that data from subsequent packets
will be appended.
Bug: 16698
Change-Id: I8fa807c400dd6b269a2f491d7ea8d86f875ef873
Reviewed-on: https://code.wireshark.org/review/37868
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Same behaviour as ipv4 ones
Bug: 16709
Change-Id: I212c0e037f396896537fedd6c756818c1429cd3a
Reviewed-on: https://code.wireshark.org/review/37888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not display "A RX payload: <MISSING>" as it suggests something is wrong
with the packet. It is perfectly valid for RX packets to only contain modem
status.
Ping-Bug: 11743
Change-Id: I9b3417ec9404758fdc093b01ea0e7761822615f2
Reviewed-on: https://code.wireshark.org/review/37862
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Some packets (as the ones generated by oss-fuzz) can reach the
reassembly code without pinfo->src/dst defined. We need to prematurely
exit in those cases and handle the reassembly code accordingly.
Bug: 16696
Change-Id: I6d0c6c95ba8123879e9c9e3e06bfc139425d9ddd
Reviewed-on: https://code.wireshark.org/review/37859
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Adding support for DNS Stateful Operations as defined in RFC8490
Change-Id: I8dc95b53bddef0c6a6cd5e5233d1097e930c473f
Reviewed-on: https://code.wireshark.org/review/37850
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- refactoring of B&R specific company naming
Change-Id: Ic8533617f61f5bee009e1d00ebc323e00f28b3e8
Reviewed-on: https://code.wireshark.org/review/37851
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Commit "QUIC: fix decryption when the client uses an empty SCID"
addressed the root cause that prevented connections from being correctly
linked. However another trace with an empty DCID was still properly
linked even in presence of the bug.
It turns out that an earlier optimization has an unintended change.
If a short packet was preceded by any packet with a DCID of exactly 20
bytes, then a connection with an empty CID is looked up as expected, by
`quic_connection_find_dcid(pinfo, NULL, from_server)`. However if no
earlier DCID of exactly 20 bytes exists, then a lookup by address/port
would occur. That is why earlier traces still decrypt successfully.
Restore the intended behavior to ensure that (1) invalid DCIDs in a Long
Header packet are ignored, and (2) Short Header Packets are not
accidentally matched to a wrong session based on an address/port match.
The latter could occur if the same src/dst address/port tuple is reused
across different QUIC connections when all CIDs are not 20 bytes.
Change-Id: Ida2523a0922314c7a455dec7e1f8f0442be27e94
Ping-Bug: 13881
Fixes: v2.9.0rc0-1878-gfc9e404ab2 ("QUIC: small connection tracking optimization")
Reviewed-on: https://code.wireshark.org/review/37845
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use ws_strtou64 to convert __REALTIME_TIMESTAMP= and other timestamps,
which should work across platforms.
Bug: 16664
Change-Id: I371f2b60e1957e57dbbdbbc3ded5ad49e8eb79d1
Reviewed-on: https://code.wireshark.org/review/37849
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was previously limited to one byte (=4 slots), and afaik no readers
existed that supported more slots until now - now there is the sysmocom
octsim that as the name implies offers 8 slots.
Change-Id: I5eccc7b6fb0d3c12ef7d7379d3ee88b5e7c45b71
Reviewed-on: https://code.wireshark.org/review/37816
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Here we conform to the latest ieee1905 Multi-AP spec as tested by the
WFA. We also add support for reassembling ieee1905 messages.
Bug: 16660
Change-Id: Ic67784d7c213856a364f88c177ede9688271ea2a
Reviewed-on: https://code.wireshark.org/review/37574
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only do retransmission detection for CON and NON type messages.
Change-Id: I5b5d93800918a98d4d321d1dcd0f3090b485ba9e
Reviewed-on: https://code.wireshark.org/review/37842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Construct FTDI FT reassembly table key based on desegment data. This
makes sure that the code can find corresponding data in the reassembly
table (which wasn't true for fuzzed captures).
Ping-Bug: 16691
Change-Id: I37f29aca07ec5e27f8a07db9233a9bb6d809dbda
Reviewed-on: https://code.wireshark.org/review/37841
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When scanning for Bad Command synchronization code 0xFA followed by the
command byte, only request reassembly if the last byte is 0xFA.
Ping-Bug: 16691
Change-Id: Ic04f47e2baece05c0a9a7f748d3035b18cf4e6a2
Reviewed-on: https://code.wireshark.org/review/37840
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Maintain separate RX and TX command info trees. When dissecting TX
packets during the first pass, the code has to traverse no more entries
than added by single TX packet. After the first pass there is no longer
a need to find the correct spot in the list, as the TX command info tree
points directly to the correct location.
Ping-Bug: 16691
Change-Id: Ie4a1d2e1152876b8b0a09308ed5a182b9a2e2895
Reviewed-on: https://code.wireshark.org/review/37837
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The snappy decompression routine has the same bug that was fixed for lz4 in
79576219c9 ("kafka: lz4: free the composite tvb only once").
Refactor the composite tvb handling for snappy as well. Allocate the
composite tvb only if we are cetain that data will be added to it.
Do not free the composite tvb ourselves, leave this to epan cleanup.
Change-Id: Ide3a88d1c02e525fe1aadd176068ce68c2330b98
Reviewed-on: https://code.wireshark.org/review/37838
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decryption of short header packets would fail if the client sends a SCID
due to a logic error. This was observed with Chrome 86.0.4198.2.
Thanks to Ashwin Jagadish for the report and sample capture.
Change-Id: I81f5ab1bc1ea1b379e4edd65969d3c3e58340065
Ping-Bug: 13881
Fixes: v2.9.0rc0-269-gec30d0b004 ("QUIC: implement connection migration (draft -10 and -11)")
Reviewed-on: https://code.wireshark.org/review/37830
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Display unknown TP types directly in the tree, users can then easily
look it up in sources such as
https://github.com/quicwg/base-drafts/wiki/Temporary-IANA-Registry
Fix display of large GREASE such as 0x3b318c8103de1274.
Change-Id: I6665fa4337e92ae973979813b7e58d66f38ae0fb
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/37829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Display command code in command in packet entry. Fix command response in
linking when response for subsequent commands in packet was not in the
same packet as for the first command. Link to response packet only for
commands that actually have response.
Ping-Bug: 11743
Change-Id: I7c336202cf7d89b5cf785ad6ede8f1a71e0dc063
Reviewed-on: https://code.wireshark.org/review/37827
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FTDI FT does not have a sense of data segments. It simply transports
asynchronous data bytes between two parties. MPSSE dissector notifies
FTDI FT dissector when it needs more data to process command and/or
response using the desegment API.
FTDI FT assumes that the segment starts at the offset given by MPSSE and
ends when either MPSSE does no longer ask for more data, or when MPSSE
asks for more data but not from the beginning of tvb passed to it (when
packet contains both end of previous segment and start of a new one).
Ping-Bug: 11743
Change-Id: Ib400bedd4d61166c98f711e4ab132a3a3bd8051d
Reviewed-on: https://code.wireshark.org/review/37709
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
predfined tf strings are used for the new introduced ring reduncancy flags
Change-Id: I5273eff410391bf4f104feea8602377698a97c8d
Reviewed-on: https://code.wireshark.org/review/37819
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Christian Krump <christian.krump@br-automation.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Avoid string literals while at it to avoid -Wpointer-sign warnings with
GCC 10. This has the additional benefit of avoiding storing the trailing
NUL byte after the data, resulting in a tiny reduction in binary size.
This compound literal syntax is supported since C99 which is permitted
by doc/README.developer.
Change-Id: I35f4d3a46aa78e12915d92136f1de0891131bede
Reviewed-on: https://code.wireshark.org/review/37818
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We need wmem_file_scope() to handle path attribute info after
MPLS/VNI label.
Bug: 16678
Change-Id: Ib487b271110c78d2d4ae10f01fc24cda3edc0713
Reviewed-on: https://code.wireshark.org/review/37790
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some ring redundancy flags available in the SOA frame.
These flags could be interesting for some users and should be decoded.
Bug: 16687
Change-Id: Ica20a9b2a87adf31dca3b064785cdac2e5bc3d2c
Reviewed-on: https://code.wireshark.org/review/37810
Reviewed-by: Christian Krump <christian.krump@br-automation.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The page at
https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-printer
lists a number of printer attributes that correspond to the attributes
listed here.
Describe what the hidden attribute means, more clearly describe whta the
enable-devq attribute means, and clean up other descriptions to make
them more stylistically consistent.
Change-Id: I4830df6dc610bce6b7603750d5c4aa73685f6c28
Reviewed-on: https://code.wireshark.org/review/37806
Reviewed-by: Guy Harris <gharris@sonic.net>
From reading GNU libc's .x file for NIS+ (which has an Oracle America
copyright, suggesting that it was originally a file from Sun, and thus
likely to be the official NIS+ rpcgen file), and from reading the way
the GNU libc code treats the return value of the return value of an
NIS_CALLBACK RPC, it appears to be a Boolean where "true" means that the
callback in question is still running and "false" means it's not
running.
Label the results as such.
(I should probably really check the Illumos source to see if it includes
the NIS+ client and server and, if so, read that, so see what Sun's code
did.)
Change-Id: I4eb430dfca3d1162972a2a750effc31f626f20bf
Reviewed-on: https://code.wireshark.org/review/37791
Reviewed-by: Guy Harris <gharris@sonic.net>
The current dissector only allows 10 nested vlan tags and stops
dissections, if more are present.
This patch lets the TECMP dissetor reset the VLAN depth for
each embedded Ethernet frame it hands over the Ethernet dissector.
Bug: 16685
Change-Id: I29a726274a01c2ef296d4d1eeaffd6d5960db294
Reviewed-on: https://code.wireshark.org/review/37786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the SMB 3.1.1 dialect, this field is interpreted as the Flags field, which indicates how the SMB2 message was transformed:
Encrypted 0x0001
- The message is encrypted using the cipher that was negotiated for this connection.
In the SMB 3.0 and SMB 3.0.2 dialects, this field is interpreted as the EncryptionAlgorithm field,
which contains the algorithm used for encrypting the SMB2 message. This field MUST be set to one of the following values:
SMB2_ENCRYPTION_AES128_CCM 0x0001
- The message is encrypted using the AES128 CCM algorithm.
For dissection it's enough to expect SMB 3.1.1, as the value and the meaning
of 0x0001 is always the same (as AES128 CCM was the only possible algorithm before 3.1.1)
Change-Id: I4bd796bd1be38ed4a6481aa7bf68cb5b2e3637d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37785
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I5cb5598be557823cf3b39cda30bed6febee297d3
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37561
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The "true" string in a struct true_false_string is used only if the bit
is set to 1, so "if set to logic 1" is redundant. Just have the strings
say, respectively, what significance the bit being on ("set to logic 1")
has and what signficance the bit being off ("set to logic 0") has.
Use active voice.
Change-Id: If1fe7b35a0c85dcdb40ac348ca23a0ac5e3dc1da
Reviewed-on: https://code.wireshark.org/review/37753
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Guy Harris <gharris@sonic.net>
Right now, for eg., a -32767/32767 min/max gets dissected as 0/1 which
is wrong.
Change-Id: Iffc649e0af4490827e722cae7f692ec4d0c245b8
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37751
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Found by conflict check
Change-Id: Id14d12543902d75ae54b5b3944a44b63321dc479
Reviewed-on: https://code.wireshark.org/review/37747
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure we use g_warning to print each ENABLE_CHECK_FILTER warning.
g_warning automatically appends a newline, so there's no need for us to
do so.
Change-Id: I4ddb60f0e3e0382fb3ca6e996ad47410fe05d8be
Reviewed-on: https://code.wireshark.org/review/37748
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
packet-rtps-utils.c:85:6: warning: no previous prototype for ‘dissect_mutable_member’ [-Wmissing-prototypes]
Change-Id: Id87118f36e50db8bf4a27ca021bbceae220034d4
Reviewed-on: https://code.wireshark.org/review/37742
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-enip.c:1102:19: warning: no previous prototype for ‘create_connection_id_list’ [-Wmissing-prototypes]
Change-Id: I6e0caa29f5617a5688cddaa4d8001a260228294e
Reviewed-on: https://code.wireshark.org/review/37740
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the QT text codec support to add charset conversions for all character
encodings supported by QT to Show Packet Bytes and Follow Stream (Save As
will convert to UTF-8.) Note that this is dynamic and the exact list will
depend on the version of QT and if libicu support is enabled. This does
make the list of codecs pretty long, so hopefully it shows up well on all
the different QT styles.
This does not yet support when multibyte characters span more than one packet
in Follow Stream, though the current code doesn't do that for UTF-8 or UTF-16
already. This is probably most useful for HTTP captures.
Bug: 16137
Change-Id: I6d5cd761a5d9d914b7a787fe8eb02b07b19642e6
Ping-Bug: 16630
Reviewed-on: https://code.wireshark.org/review/37707
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
value_range_string error: Reason (gsm_sms.dis.field_st_reason) entry for "Values specific to each SC" - max(15 0xf) is less than min(16 0x10)
Change-Id: Iaa1ceee018d873b13ddc8eac9bc530ee2b37ad6e
Reviewed-on: https://code.wireshark.org/review/37727
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
For Ethertype, use etype_vals (don't know how likely types not named as
examples in specs are likely to be seen).
Fixes warnings from previous range_string that tried to cover both types, but
where "not implemented" catch-all ranges preceded and hid individual types.
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 0 0x0 -> 255 0xff) (this="NCR": 129 0x81 -> 129 0x81)
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 0 0x0 -> 255 0xff) (this="Signaling Table": 130 0x82 -> 130 0x82)
** (process:24396): WARNING **: 21:24:48.760: value_range_string error: Protocol (dvb-s2_gse.proto) hidden by earlier entry (prev="not implemented": 2049 0x801 -> 34524 0x86dc) (this="VLAN": 33024 0x8100 -> 33024 0x8100)
Tested with dvb-s2_bb_example.pcap (where the only Protocol Type value set is for IPv4).
Change-Id: I7c8d8669c3f3e76974db8472783284975e063c12
Reviewed-on: https://code.wireshark.org/review/37711
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, the status code 125 is duplicated. This mistake was probably
introduced from Draft P802.11Revmd_D3.0.pdf. I have commented out that
status code while I get clarification on the real value.
Change-Id: Id41e1da953a28ca6b098f6c96d6410dff04dc6d7
Reviewed-on: https://code.wireshark.org/review/37708
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change field 'MIC' (nordic_ble.mic_not_relevant) to avoid using identical
true and false strings.
Change-Id: I204cc096e4af6d6000a6aa7e70e7885221fb211f
Reviewed-on: https://code.wireshark.org/review/37721
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We refer to part 1 of ETSI TS 102 606, i.e. to ETSI TS 102 606-1. Add
other parts if appropriate.
That ultimately ends up pointing to RFC 4326, which, in turn, mentions
two IANA registries.
Change-Id: Ief3ff36bd4c92ab6b94f07f0a6b6a3aeacb2fa12
Reviewed-on: https://code.wireshark.org/review/37716
Reviewed-by: Guy Harris <gharris@sonic.net>
The URL no longer works; use the Wayback Machine.
Change-Id: I80223dc675d0f578dd4f1d58848bc0eea17426c8
Reviewed-on: https://code.wireshark.org/review/37712
Reviewed-by: Guy Harris <gharris@sonic.net>
Try to clean up the composite tvb handling during lz4 decompression.
If we detect an error straight away before doing any lz4 decompression, we
don't allocate a composite tvb at all. The comments in the tvb code say
explicitly that we must not call tvb_new_composite() without adding at
least one piece of data.
If we start decompressing and run into problems after creating the
composite tvb and linking it to the packet's main tvb, we must not free
the composite tvb manually. The epan library will do this for us when
dissection of the packet is finished.
While at it, make sure that we always finalize the composite tvb if we
allocated it and added data to it.
Bug: 16672
Change-Id: I3e3fb303a823640d7707277a109019fc3aad22f2
Reviewed-on: https://code.wireshark.org/review/37696
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recent updates to the iso14443 specifications increased the maximum frame size
from 256 to 4096. This affects FSC, FSD and type b's max frame size.
Append the optional sizes >256 to the array of possible frame sizes.
Change-Id: I12ffb3a4bbd019dc38030de179526f7ec96b19cb
Reviewed-on: https://code.wireshark.org/review/37690
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit fe8744026c.
The commands that fe8744026c ("ISO14443: Update some commands") adds are
not part of iso14443. It seems that these are mifare commands.
(There's a couple of different mifare variants, not all of them support
those commands.)
Adding the commands unconditionally breaks iso14443 dissection.
An iso14443 block with a pcb byte of 0xA2 is an R-ACK block for block
number 0. This is not a "write block".
If we want to support mifare cards, we have to detect the card type
during activation. We can then add a mifare dissector which handles the
messages after activation if we are actually talking to a mifare card...
Change-Id: I86164cc4c1618204641ae00566694d0f98871785
Reviewed-on: https://code.wireshark.org/review/37689
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- After bug 16662 was reported it was discovered that Category 001
does not have all fields decoded, because at the beginning not
all fields were added due to lack of sample data. Later, for
other categories all fields were decoded, while 001 was left out.
Missing fields for Category 001 are added now.
Change-Id: I3711004e742dbdaa7f785b110c62e420280e71a4
Reviewed-on: https://code.wireshark.org/review/37652
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The field filter name and protocol name are identical, where
the field filter name has to adhere to the protocol.field format.
This is picked up by conflict check.
Change-Id: I8ea0f0845916666ac39726b16ef3d907737c38b3
Reviewed-on: https://code.wireshark.org/review/37694
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I27580222b0d0fb93a38254eba69676e90360f1cb
Reviewed-on: https://code.wireshark.org/review/37699
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"int * const a[]" means "array of const pointers to (non-const) int". so
the array elements are all const; "const int *a[]" means "array of
(non-const) pointrs to const int".
Change-Id: I8f1a0fd7b0f3d06ebf4cf6b993c74cfd47a0db26
Reviewed-on: https://code.wireshark.org/review/37702
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
From cppcheck:
epan/dissectors/packet-dhcpv6.c:2276:20: warning: Condition 'optlen>=4' is always true [knownConditionTrueFalse]
if (optlen >= 4) {
^
epan/dissectors/packet-dhcpv6.c:2268:20: note: Assuming that condition 'optlen<4' is not redundant
if (optlen < 4) {
^
epan/dissectors/packet-dhcpv6.c:2276:20: note: Condition 'optlen>=4' is always true
if (optlen >= 4) {
Change-Id: Ia7e83e6712afe9756735b7bede5b58914d4f06bd
Reviewed-on: https://code.wireshark.org/review/37701
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>