3GPP TS 25.427 and TS 25.435 both say that the Payload CRC IE
may only be present if the frame contains payload for E-DCH
frames, even where the setup of the transport bearer indicated
that the CRC would be present otherwise. So if there's no payload
and the CRC is missing, treat that as missing-but-expected rather
than marking the packet as malformed.
Take the opportunity to switch to proto_tree_add_checksum, which
handles all the various cases. Ping #8859
Set the direction based on request type in a similar manner as it done
for other URB types, i.e. set source to host on URB submit. Correctly
set bus number based on locationID upper 8 bits.
Fixes#16768
Validate UTF-8 encoding for pcapng string options. To
avoid two unnecessary memory allocations for invalid strings and
make the code cleaner a new wtap_block_add_string_option_owned()
function is used.
Add UTF-8 debug check for wiretap API.
Fixes#18703.
IEEE 802.11-2020, Section 12.4.7.6 says that an SAE Confirm message,
with a status code not equal to SUCCESS, shall indicate that a peer
rejects a previously sent SAE Confirm message. In this case, the Confirm
message may not carry a Send-Confirm field or a Confirm field, as
hostapd does. So we simply ignore possible fields following Status code.
Signed-off-by: Chien Wong <m@xv97.com>
Use tvb_find_guint8 and tvb_ws_mepbrk to find the
token boundaries for www-form-urlencoded. Use tvb_memcpy
to copy groups of bytes that don't have special characters
like + or %.
This is considerably more optimized (e.g. find_guint8 uses
memchr) than the naive loop, and speeds up the relevant part
by up to 10x.
Also handle cases where value is empty and there is no =
by splitting on &, instead of looking for the next =.
Together with bd1f2cc996, fix#13779.
This adds support to Wireshark for custom context menus for packets, so
that when a packet's context menu is opened (e.g., by right-clicking),
Wireshark can support doing things like "run a program" or
"open a URL" with a field from the packet as a parameter. Note that
this is similar to ArcSight's integration commands feature.
For example, it could be used like the following:
```
ROBTEX_URL = "https://www.robtex.com/dns-lookup/"
local function search_robtex(...)
local fields = {...};
for i, field in ipairs( fields ) do
if (field.name == 'http.host') then
browser_open_url(ROBTEX_URL .. field.value)
break
end
end
end
register_packet_menu("Search host in Robtex", search_robtex, "http.host");
```
Fixes issue #14998
As the QString::toLocal8Bit() documentation says,
"On Unix systems this is equivalen to toUtf8(), on Windows the systems
current code page is being used."
This is problematic for the Packet Comments dialog, since the comments
need to be UTF-8 as per the pcapng specification. Use toUtf8() instead
there and in the Import Text dialog.
Remove the toLocal8Bit() calls from the Extcap Options dialog since they
weren'nt needed.
Blind attempt at fixing #18698.
Formerly only the class specific dissectors could be registered for
bulk, control and interrupt endpoints. While this is sufficient for
major classes, there are some classes that only use one or two of
possible class/subclass/protocol triple values. Allow registering
specific triples so appropriate dissector can be automatically selected
based on CONFIGURATION DESCRIPTOR data.
Register DFU Run-Time and DFU Mode triples so user no longer needs to
manually set Decode As for USB DFU.
The expected test output is with the headers decompressed, which
we can't do without Nghttp2. (It outputs the compressed headers
if we don't have it, so we could test for that instead.)
Fix#18707
Add fragment_add_check_with_fallback() and use it in USBLL dissector
instead of fragment_add_check() to avoid last fragment retransmissions
from being treated as separate transfers. With this change, the last
fragment retransmissions are correctly grouped together with the rest
of the transfer.
Only skip single fragment reassembly if retransmission is not possible
at the protocol level, i.e. for SETUP DATA0 (when it is not merged with
OUT data) and for isochronous transfers. The reassembly must not be
skipped for other transfers (especially for full-speed bulk) because
otherwise it wouldn't be possible to group retransmissions together with
the first data packet.
Do not use DATA0/DATA1 tracking for isochronous transfers. Isochronous
data cannot be retransmitted because there are no handshakes (there is
no ACK nor NAK after isochronous data packets).
Add support for DTLS Connection ID when using Block Ciphers
with the deprecated extention type (53) from
draft-ietf-tls-dtls-connection-id-07.
Closes#18705
The loopback and unspecified addresses are repeated. Keep
only the "special purpose" field, in accordance with the
IANA registry (and unlike RFC 4291) to remove the redundancy.
Add the "Unique Local Unicast" range to address space field,
also from the IANA registry.
Unique-Local and Link-Local are still repeated in both fields.
Oh well...
Add a safeguard to limit the maximum number of iterations.
Do not allocate a new buffer for every loop iterations in a loop that
depends on the result of the decompression routine.
Either allocate the buffer once or free after use. Defensive programming
is more important than speed in this case.
If the jump misses init it's probably because the variable is
not used. Don't force contortions to avoid this common and
harmless case of "missing init" for an unused variable after
jumping.
UDP port 49999 is not IANA registered, so add some heuristics
to the NXP 802.15.4 sniffer so that it doesn't claim packets
from other protocols that have chosen that ephemeral port.
Don't return 0 after already adding things to the tree; do that
check in the heuristics.
Fix#18695
tvb_uncompress initially allocates an output buffer of twice the
input size. It is typical to have a compression ratio of 2:1 or
5:1, but in the extreme case (lots of all identical bytes), 1030:1
is possible.
When extending the output buffer, instead of always malloc'ing
a new buffer and memcpy'ing the old buffer into it, call realloc,
which at least some (most?) of the time will extend the current
buffer in place instead. This should reduce the time to unzip
from always O(N^2) (where N is the compression ratio) to something
average case more like O(N) or O(N log N), depending on how often
it actually copies the data. It only really affects pathological
cases.
Related to #13779.
John Thacker