AMQP calls a subdissector table before tcp_dissect_pdus() is used to
desegment PDUs (see commit 27c10ed72e),
so pinfo->can_desegment needs to be restored before it is decremented
a second time. Fixes#14217.
Move the extraction of the option value from the option content from the
callers of pcapng_process_uint32_option() to
pcapng_process_uint32_option() itself.
Windows can allow Unicode in filenames now, and export_object.c
has its own eo_massage_str function that the GUI and CLI already
call to create safe filenames when they are saved. There's no need
for an individual dissector like SMB to have its own (worse)
implementation of the same functionality, and to call it before
filenames are displayed. Fix#17530
That way, add-on modules to handle block types not handled by the core
pcapng code can use pcap_process_options() to process a block's options
and can use the routines to handle the "standard" option value types to
handle particular options.
Also, allow both everything-is-little-endian and
everything-is-big-endian Custom Block types in pcap_process_options().
- Make sure reassembly requests & errors are properly propagated from
any point in the PDU, no matter how many sub-structure levels.
- Handle the sub-dissection methods as well:
- Ensure the sub-dissection methods handle errors from previous calls.
- Reduce the error handling needed in sub-dissector implementations.
- Add missing sub-dissection methods for list, set, and map.
- Add the handling of sub-structure.
- Handle Compact protocol in addition to the existing binary protocol.
- Include and improve MR !3171
- Handle reassembly the same way as for binary protocol.
- Handle sub-dissection with the same functions.
=> Sub-dissectors only depend on .thrift files.
Additional changes:
- Use of constants instead of hard-coded values.
- Removed U64 support (never supported by thrift code generator, only
referenced in the C++ thrift library header but not supported in reality.
- Removed references to UTF-8 and UTF-16 string for the same reason.
- Replaced references to UTF-7 string with just string (same reason).
- Replaced references to byte with i8 as the documentation explicitly
states that byte is a compatibility name.
Documentation reference:
- https://thrift.apache.org/developers
- https://thrift.apache.org/docs/idl.html
- https://github.com/apache/thrift/blob/master/doc/specs/thrift-compact-protocol.md
- https://erikvanoosten.github.io/thrift-missing-specification/
- https://diwakergupta.github.io/thrift-missing-guide/Closes#16244
Additional changes:
- Add authors and improve consistency
- Fix typo and clarify documentation
Use an apostrophe instead of RIGHT SINGLE QUOTATION MARK in our PDF and
EPUB filenames. Some programs (notably Okular) can't open filenames with
extended characters, at least on Windows.
Create pseudo URB and pass the reassembled data to USB URB dissector.
Reassembly for control transfers is not problematic as the transfer
length is known. For bulk transfers assume the transfer can span across
multiple transactions, however for periodic (interrupt and isochronous)
assume the transfer never spans across multiple transactions.
Rely on USB dissector to provide endpoint maximum packet size. Actual
interface/configuration handling in USB dissector needs to be reworked
as the code assumes that there is only one configuration and alternate
interface configurations have matching endpoints.
While the reassembly bulk transfers and never reassemble periodic
transfers result in pretty good dissection, the USB class dissectors
need a mechanism to provide transfer size hints to USBLL dissector.
Such hint is not needed for software USB capture as software sniffers
essentially capture URBs and every transfer is associated with one URB.
The problem can be seen for example in Mass Storage Class where it is
common for data transfers length to be multiple of endpoint maximum
packet size. Because USBLL dissector doesn't know expected transfer
size, it combines together data and status transport.
Related to #15908
Add support for decoding instruction byte 78 (GET IDENTITY) from
TS 102 221 v15.11.0 and instruction byte CA (GET DATA) which is used to
retrieve the EID for eSIMs according to GSMA SGP.02 v4.2 available from
https://www.gsma.com/esim/esim-m2m-specifications/.
Closes#17548.
All fields with GSN address were decodes as common hf_gsn_addr. But if
ETSI order is used, it's possible to specify alternative decoder
depending on message type and field position.
Alternative decoder for GSN address was added for mandatary fields and
optional/conditional field in the case there is single GSN address in
message.
Added new function as common dissector for all addr types.
Based on the uninstall target I added to libpcap and tcpdump's CMake
files. cmake_uninstall.cmake.in is BSD-licensed, so I can use it here
and in libpcap/tcpdump without adding any GPL stuff to libpcap/tcpdump.
This patch speeds up the dissection of signal pdus, if not filtering.
With an example trace file full of signal PDUs, I gained about a 4x
speed up in opening the trace.
DCP Frames with Reserved Option dissection changed
short time ago. There isn't a predefined suboption
for Reserved option in the standard. But in this
implementation it dissected like control suboption.
This is not true and creates malformed frames in some
dcp pcaps. This implementation is reverted.
Wireshark will dissect undefined bytes as paddings
just like before.
Define dissect_http3_settings only if HAVE_LIBGCRYPT_AEAD is defined.
This should hopefully fix
```
epan/dissectors/packet-http3.c: In function 'dissect_http3_settings':
epan/dissectors/packet-http3.c:212:9: error: implicit declaration of function 'http3_is_reserved_code' [-Werror=implicit-function-declaration]
if (http3_is_reserved_code(settingsid)) {
^
epan/dissectors/packet-http3.c: At top level:
epan/dissectors/packet-http3.c:200:1: warning: 'dissect_http3_settings' defined but not used [-Wunused-function]
dissect_http3_settings(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* http3_tree, guint offset)
^
cc1: some warnings being treated as errors
```
on the CentOS 7 builds.
We occasionally get requests to fill in compliance forms and to sign
contracts. Add items for those.
Move the name change question to a historical intrest section.
If a "NT Password" value is provided by the user, the NTLMSSP decryption
should take place, whether or not Kerberos decryption option is enabled
(disabled by default).
NT Accounts may have empty passwords; this allows the dissector to try
decrypting the NTLMSSP session using an empty password (when "NT
Password" preference is left blank).
Rewrite storage and retrieval of `endpoint_guid`s to use private proto
data instead of `pinfo->private_table` which was meant solely for Lua
use.
Closes#17156
This patch allows the profile importer to recover from a file too large
to import as well as adjusts the maximum allowed config file size.
Closes: #17504