The new PADATA-TYPE values taken from rfc6113.txt
Change-Id: I42e50996c5694c34fc4714189b2e004bbbd501cf
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36453
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will be useful in the following commits.
In the end there will be some recursion when dissecting FAST messages
and we'll need to know if the toplevel message.
Change-Id: I20f7ea81a8328c422785a44e3647ae2f749b89cc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Let's always use kerberos_private_data_t and give it a pointer
to the optional callbacks.
Change-Id: I521bc62b98a5294ae7c307a47b64d2bd117a810e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36473
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support more of what current Linux kernels generate. We don't yet
dissect control event payloads.
While we're at it:
Opcodes are defined in the kernel source in decimal; define and show
them as decimal.
Use #defines for a bunch of enumerated values, such as opcodes
Show the opcode's numerical value in the Info column if it's not one we
know about.
Change-Id: I915981a46d1a4a544a5e036e69d9a9de8cb8cb30
Reviewed-on: https://code.wireshark.org/review/36487
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ibdcfdd675f5c1e86b15f36f9a6c28b73e13c1616
Reviewed-on: https://code.wireshark.org/review/36480
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This matches the wording in the Spec.
Change-Id: I566da78e88ff5aaa832c657dd74b5c590ee6b4aa
Reviewed-on: https://code.wireshark.org/review/36479
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is required to allow the maximum valid exponent (63) to
be used.
Bug: 16445
Change-Id: I1473cebbe74a59785f03a882e3bc1af4b881d444
Reviewed-on: https://code.wireshark.org/review/36451
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fields such as 'frame.time_delta' have no byte selection, they are added
with offset 0 and length 0, and evidently 'ws_tvb' is NULL. As
tvb_bytes_to_str expects a non-NULL tvb, explicitly check for this and
add a dummy placeholder. This is intended to be a human-readable string,
so prefer `<EMPTY>` over an empty string.
Change-Id: I32efe4cbefc6bcf0fa9fb94fcf25d7bf1628f3a7
Reviewed-on: https://code.wireshark.org/review/36440
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
We try to dissect the NTLMv2 blob and
verify the nthash against our keytab.
Change-Id: Ia33e91bcd89f72e7468f61756f0eafe9df92356d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36406
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
get_md4pass_list() is always available, it just returns 0
if HAVE_KERBEROS is not available.
Change-Id: I7fd8613b48c5b02f8693fa6ee15f5f38ed10643e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36447
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Update the Service Response Time section of the User's Guide. The sample
captures page had a nice SMB2 capture file, so use that for the example.
Use title case for "Diameter" to match the RFCs.
Change-Id: Icff510dbe2d77db9cd42548ad58439d17282e851
Reviewed-on: https://code.wireshark.org/review/36421
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From version 1.5.0 of libgcrypt there's support for AES unwrap. Use the
libcrypt function when available.
While at it also make AES_unwrap a static function of dot11decrypt.c
Change-Id: I4f69a766df3ea19ce25122e8d2fd1086f440995b
Reviewed-on: https://code.wireshark.org/review/36431
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That is the rule of UN*X, engraved on stone by Ken and Dennis, and
there's plenty of software used to display and edit Wireshark source
that hardwires the tab stops there.(including Boring Old cat And more).
Pick any indent you want, but do *not* put tab stops every 4 spaces,
even if putting them every 8 spaces requires you to hit your IDE over
the head to accept that.
Change-Id: I58f7c459ce2d72096f67e650afe74f2637f38649
Reviewed-on: https://code.wireshark.org/review/36434
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Iaac5f85e75e93278e2c485bd2e52756ac23f6e9a
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36390
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The dissector for Distributed Interactive Simulation reports malformed packets
for Entity State Update PDUs because the offset for the Number of Variable
Records field is off-by-one. The Padding field dissection is also off-by-one.
This change fixes the problem by not incrementing the offset returned by the
parseField_Entity function which is already past the Entity ID field. The
offset must be incremented after dissecting the Number of Variable Records
field to get to the start of the Entity Linear Velocity.
Change-Id: I942123be7a1d4e4e4fc587f757cb030a3daf8ef2
Reviewed-on: https://code.wireshark.org/review/36420
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's good to see where the session key for decryption was learned.
Change-Id: I2c18c6367eb60796744a3a4d4330244493c29688
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36405
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's useful to see which keys where used, if we have a keytab to
verify things!
Change-Id: I77d887cd28b8ebe57c6c897797b0ab320a390699
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36404
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
By passing a real int version to
netlogon_dissect_netrserverauthenticate023_reply() it can also
handle NetrServerAuthenticate instead of only
NetrServerAuthenticate2 and NetrServerAuthenticate3.
Change-Id: Icb3aa3aee52a844b3c34c4bce8b7b3a65f0bdae7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36403
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I65a99a31524bcf96e434f4313a3fa0663bd31801
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36412
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can also be used by packet-dcerpc-netlogon later.
in order to verify authentications.
Change-Id: I2f145ee1197fc83c77efabc180bac52ebbb0cd60
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36400
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7c5baa7dfcc158919de125743dc890756fb95de1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36399
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is no longer required to be global.
Change-Id: I38c308888ede32780722e68d2bab691bd659d143
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36411
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id9752da61cca8a00e98049d7cf3f990e9199a684
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36395
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Change-Id: Ide0dd6464a72640c03ad00a9a5a00c5f73d13299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36402
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We only need that logic once.
Change-Id: Ibc3e28c70dd6e52de3cbc8d5dca0316816f70e5d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36398
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead use it directly where needed.
I follow up patch will rename gbl_nt_password to
ntlmssp_option_nt_password and make that static to packet-ntlmssp.c
Change-Id: Iceb75ebbdb70814cb4a235ad3e8ed5e9ec2be10c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36397
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4e6b5bada1247fda34f4380027756f6ebb7482e4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36401
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We try to provide as much useful information as we can in the top level
item without it being too much. The approach on how to handle theese
items was copied from hid-tools.
Change-Id: I1c6b24c6fcd989b5188391cad8e7a629c58beebb
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36391
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Change-Id: Ib3db8854cc05c716ae4951b03caf452683c2e917
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36393
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Change-Id: I2c2b89e6f7d2bce6af3043365d3f4c771044420b
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36392
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Change-Id: Icf1b1b591ad76e2082b14344db19f1c0e8601455
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36389
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
This also used gbl_nt_password directly without passing it by the
callers.
Change-Id: Id5af0609b78a80827bfd1cb2f3568474db87ecbf
Reviewed-on: https://code.wireshark.org/review/36396
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The function to construct AAD is same for both CCMP and GCMP so move
it to a new internal utility c file for later use by both
implementations.
Change-Id: I8c8ffe0f492d5860e2bcd266b4d936383598b47e
Reviewed-on: https://code.wireshark.org/review/36358
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simplify the CCMP decryption implementation by letting libgcrypt
handle decryption, authentication and integrity check. This aims
to simplify the implementation in preparation for CCMP-256
decryption support where changes to the CCMP decryption implementation
is anyway needed.
Even though performance optimization was not the target for this
change it appears decryption speed is improved as well.
Change-Id: I6c36315291672f6313c9303ab8e50afb87aea9ce
Reviewed-on: https://code.wireshark.org/review/36343
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is extremly useful together with a keytab and makes it possible
to check which password was used by the client.
Change-Id: I254f472d1d069094bd1eb908370f56d90ab2e5f2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36380
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently, the top dissection tree looks like this:
Global item (Usage Page)
Local item (Usage)
Main item (Collection)
This approach is not great: it provides little relevant information. The
item type (Main,Global,Local) is most of the time not relevant, it is
used to differentiate items within the spec and is not useful to the end
user. The item name (Usage Page, Usage, Collection, etc.) and its value
is much more relevant to the end user. We show the name, which is great,
but we don't show the value, forcing the user to open the subtree to
access it.
The report descriptors described in the spec are annotated like this:
Usage Page (Generic Desktop)
Usage (Mouse)
Collection (Application)
This patch makes the dissection tree look like that. All the information
is still present in the tree but we put the information most people are
actually interested in in the top level item.
Change-Id: Idbfb0f137bc82b5e69787ee524585d18eb697340
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36374
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The GSMTAP Um interface type has so far only been used for transporting
signaling messages. Osmocom has recently introduced support for
encapsulating user-plane data (voice codec frames) in virtphy and
osmo-bts-virtual. Let's catch up with this capability here.
For the Osmcoom side, see:
* https://gerrit.osmocom.org/c/osmocom-bb/+/17415
* https://gerrit.osmocom.org/c/osmo-bts/+/17377
Change-Id: Icceb524f0f47bab206ead8345d405ffea06ac109
Reviewed-on: https://code.wireshark.org/review/36359
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vadim Yanitskiy <axilirator@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's mostly identation but we also fix an incorrect spec name: Usage
Pages. Usage Pages and Usages are different things, but the we currently
call them both "Usages", which is wrong and confusing.
Change-Id: I7e83fbe7dbd4c22a713ecbba136a2caf5d61e2fd
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36365
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
The current approach to identify the the usage page and usage page usages
is not great. It joins both the usage pages and the usages which are
supposed to be individual values. The HID usage tables declarations also
become harder to read as they hold the constructed value, not the value
from the spec.
This patch changes the HID usage table declartions from range_string to
value_string, making them less bulky and easier to read, and splits out
the usage page from the usages.
Change-Id: I018406267fae43683d68c1349049e2c7c26f8ad6
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36362
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Running `ninja asn1` (or `ninja generate_dissector-t38`) resulted
in loss of some code. It turns out that the autogenerated file was
modified directly instead of the source.
Change-Id: I64bc7dfee8153867c2618deca08ab69dad4b46f4
Fixes: v3.3.0rc0-543-g32679c14be ("Introduce AudioCodes Debug Recording (ACDR) dissector")
Reviewed-on: https://code.wireshark.org/review/36367
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Orgad Shaneh <orgads@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a link to DSTO-TN-1257, which was referenced in the original commit
message.
Change-Id: Id554f59a7fe2b4575c9153ddc1000b1fcaac1228
Reviewed-on: https://code.wireshark.org/review/36361
Reviewed-by: Anders Broman <a.broman58@gmail.com>