Starting from ArubaOS 8.6.0.0 all 11n, 11ac and 11ax APs are
expected to support type 6 ap packet captures which will be
decoded using the radiotap dissector.
Change-Id: If9e9488271965116e807adbbcf92b9c5e4fb2ac4
Reviewed-on: https://code.wireshark.org/review/33451
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add dissector for all messages of Bluetooth Mesh Foundation models.
Bug: 15797
Change-Id: Ife831fe24bbbcaf2e99c9bff69b24c0d4fe2d1de
Reviewed-on: https://code.wireshark.org/review/33361
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jonas Jonsson <jonas@ludd.ltu.se>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissect the two parameter bytes p1 and p2 for the read record message.
Usually, p1 contains the record number and p2 defines that we want to
read exactly this record in the currently selected file.
Change-Id: I34586d6cfd4293120416507ef1613b9f3278d0df
Reviewed-on: https://code.wireshark.org/review/33448
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Remove the plural. The specification documents use "read record" as well.
Change-Id: Ib7a77f33e2bb0c59720be3e8e89da6be1cd9afd0
Reviewed-on: https://code.wireshark.org/review/33447
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The v2.5.0rc0-478-g558fe23226, the dissection of ip.frag_offset changed
to be listed under "Flags", this is not correct. The Fragmentation
Offset is a separate field according to the RFC. This change corrects
that behavior. Also, the raw value from the header was shown instead of
the real byte offset, this is also corrected.
Change-Id: I1d6dfc4314091eb6f3eef418c5a17ed37f7a1200
Fixes: v2.5.0rc0-478-g558fe23226 ("[IP] Simplify paring of flags field by using proto_tree_add_bitmask_with_flags().")
Reviewed-on: https://code.wireshark.org/review/33422
Petri-Dish: Sake Blok <sake.blok@SYN-bit.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
The first L2CAP PDU fragment starts with the 4 octet long L2CAP header
consisting of the Length and the CID fields. The Length field doesn't
include the header itself. Thus the Length field in the BLE Data header
will be 4 octets larger than the L2CAP PDU header Length field if the
packet wouldn't be fragmented.
The current implementation doesn't correctly detect the start fragment
causing reassembly to fail as it compares the BLE Data Length with the
L2CAP Length without compensating for the header.
By increasing the L2CAP PDU Length field with the header length the
reassembly works.
Rename the variable to better reflect what length it actually
represents.
Bug: 15807
Change-Id: Idcb6bdccc4daae756a63a9bae0839fe25ae99f23
Reviewed-on: https://code.wireshark.org/review/33428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The URL's used to access the repository with git should not be hyperlinks in
the documentation. These are not intended to be used by a webbrowser.
Change-Id: I2d516f823e58681474f6a2a9e2e229471fbc87f6
Reviewed-on: https://code.wireshark.org/review/33423
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Ubuntu 16.04 uses an older GCC version which produces some errors in compiling. Updating
to Ubuntu 18.04 solves these issues as it is using a more recent GCC version (7.4.0).
Change-Id: Ia62bb60d3549b7e12ab82abfa5e8751e474bb701
Reviewed-on: https://code.wireshark.org/review/33424
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
Text smells of CVS/SVN heratige.
Change-Id: I37c3309781f49149b2603ae32087ed01363460ee
Reviewed-on: https://code.wireshark.org/review/33421
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
When we reassemble I-blocks, we pass the payload to fragment_add_seq_next.
To do so, we use the overall iso14443 tvb, an offset and the payload length
as parameters.
We then call process_reassembled_data to do reassembly. If the I-block was
not fragmented, process_reassembled_data returns the only fragment + the
rest of the packet after this fragment.
This might be a misunderstanding on my part or something to be fixed in the
reassembly routines. For now, we work around this by defining a new tvb for
the data we submit to fragment_add_seq_next.
(I ran into a similar issue years ago for DVB-CI. Add a comment about this.
If it turns out that there's a better way to fix this, we should be fixing
both dissectors.)
Change-Id: Id83ab152529a5150669df3099df6f60be7a3a723
Reviewed-on: https://code.wireshark.org/review/33355
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check whether the unfolded-and-compacted header has only printable
characters, not whether the full header does - the full header may
include LWSP, which includes HT, CR, and LF, none of which are
considered "printable", so valid headers were being treated as not being
headers, causing mis-dissection of some packets.
We don't need to split the header name from the value -
is_known_multipart_header() stops comparison at the end of the header
name.
Change-Id: I96e4ac0b69df726b984ee7faeea19eda18be223c
Reviewed-on: https://code.wireshark.org/review/33417
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
This results in GET DESCRIPTOR Request HID Report entries to be properly
grouped under the URB setup instead of being directly added to top level
tree.
Rename tree from "URB setup" to "Setup Data" to better match the
terminology used in USB specification.
Change-Id: If9ef7cea86b51c0c63680c424d7f45d7dd38249b
Reviewed-on: https://code.wireshark.org/review/33408
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mark undecoded data in endpoint descriptors with expert info.
Bug: 15798
Change-Id: I392da00205274fb3f5eb947a54ba424d1edb041b
Reviewed-on: https://code.wireshark.org/review/33386
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Under some circumstances, FabricPath frames may be generated during a monitor
(capture) session, that contains a modified FabricPath header format in order
to retain the ID of the original FabricPath VLAN.
To make wireshark capable to dissect such frames, this commit amends the
heuristic logic of the dissector and make it work as a heuristic-only dissector
Change-Id: I40f6f75a629585ececbc1ce4f94fa61065110d2c
Reviewed-on: https://code.wireshark.org/review/33321
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This requires some special hackery, including a new packet-ber.c
routine, as those strings are just OCTET STRINGs, not UTF8Strings.
Change-Id: I776ed47f7400eba366a630b60b94be3397f7b45f
Reviewed-on: https://code.wireshark.org/review/33403
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissector tries heuristic dissectors too. Preference was added
determining if heuristic dissectors should be tried first.
Change-Id: Ib70ddca9a33b507b8e4ea89aae5b00961b5273e5
Reviewed-on: https://code.wireshark.org/review/33128
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection for Graylog Extended Log Format (GELF) over UDP.
Bug: 15776
Change-Id: Ie976a1dee8d3441532f209061aef5c804219f289
Reviewed-on: https://code.wireshark.org/review/33184
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In at least one capture, structure IDs are in ASCII even though the code
page in the header is an EBCDIC code page. Determine the structure ID's
character encoding based on whether it's the ASCII or EBCDIC version of
the ID value, not on the global character encoding.
We were using the *integer* encoding, not the *string* encoding, for the
"qprotect" field, which is a string; fix that.
Use STR_UNICODE for strings, as they're not guaranteed to consist of
characters that can be mapped to ASCII characters (even the common
subset of EBCDIC, not counting code page-dependent code points, has
non-ASCII printable characters in it).
Change-Id: I971dd7ae55617c27ebe88f31089b2495374593bf
Reviewed-on: https://code.wireshark.org/review/33399
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At least some NCP operations that do file enumeration take wildcard
strings, with special codes for "special" variants of the asterisk and
question mark wildcards and the component separator period.
We should figure out how to display those "special" characters (put an
overbar above them, or something such as that?)
Change-Id: I4e455f47ae3a701004fe7989b44b64a77b26e828
Reviewed-on: https://code.wireshark.org/review/33398
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use existsing file_exists() function to check if the profile contains
a vlans file.
Change-Id: Ibc3d32b27059edd80b7c4e88ceb48fded2334909
Reviewed-on: https://code.wireshark.org/review/33384
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the profile directory contains a vlans file we will use it. Otherwise
fall back to normal user preferences.
Bug: 15795
Change-Id: Ie6a63a6f7a29bd83a15799875aa5883be7010039
Reviewed-on: https://code.wireshark.org/review/33378
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handle NSAP 7 byte IPv4 address in transportLayerAddress field which aren't padded to 20 bytes.
Change-Id: Ied9a9549612fe8e9ec511419ee0d7e5ae06bcedf
Reviewed-on: https://code.wireshark.org/review/33278
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
blip.c:195:4: error: 'offset' was marked unused but was used
offset,
^
blip.c:200:22: error: 'blip_tree' was marked unused but was used
proto_tree_add_item(blip_tree, hf_blip_ack_size, tvb, offset, varint_ack_size_length, ENC_VARINT_PROTOBUF);
^
blip.c:200:56: error: 'offset' was marked unused but was used
proto_tree_add_item(blip_tree, hf_blip_ack_size, tvb, offset, varint_ack_size_length, ENC_VARINT_PROTOBUF);
^
blip.c:202:2: error: 'offset' was marked unused but was used
offset += varint_ack_size_length;
^
blip.c:284:14: error: 'pinfo' was marked unused but was used
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BLIP");
^
blip.c:286:12: error: 'pinfo' was marked unused but was used
col_clear(pinfo->cinfo,COL_INFO);
^
blip.c:333:14: error: 'pinfo' was marked unused but was used
col_add_str(pinfo->cinfo, COL_INFO, col_info);
^
blip.c:337:34: error: 'pinfo' was marked unused but was used
return handle_ack_message(tvb, pinfo, blip_tree, offset, value_frame_flags);
^
blip.c:346:45: error: 'pinfo' was marked unused but was used
conversation = find_or_create_conversation(pinfo);
^
blip.c:361:4: error: 'pinfo' was marked unused but was used
pinfo,
^
blip.c:380:27: error: 'pinfo' was marked unused but was used
tvb_to_use = decompress(pinfo, tvb, offset, tvb_reported_length_remaining(tvb, offset) - BLIP_BODY_CHECKSUM_SIZE);
Change-Id: I9de1a78942469cc16011fd1a21d93b81820bee80
Reviewed-on: https://code.wireshark.org/review/33373
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dhcp.c:3087:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be >= 10");
^
dhcp.c:3119:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3131:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3143:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3155:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 1");
^
dhcp.c:3176:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 5");
^
dhcp.c:3201:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
Change-Id: If4e05284a4489e7cea75fee52733851533dacbc1
Reviewed-on: https://code.wireshark.org/review/33372
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dot11decrypt.c:1686:46: error: 'group_cipher' was marked unused but was used
&group_cipher, &cipher, &akm);
Change-Id: Ie7b9eba44eaf9bf160ca6eb6bb7373b7ba3fd8cb
Reviewed-on: https://code.wireshark.org/review/33371
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
file-rbm.c:143:34: error: 'tree' was marked unused but was used
proto_tree_add_int_format_value(tree, hf_rbm_integer, tvb, *offset, len, value, "%d", value);
^
file-rbm.c:374:23: error: 'offset' was marked unused but was used
gint offset_start = *offset;
^
file-rbm.c:375:48: error: 'tree' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:375:54: error: 'tvb' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:375:60: error: 'offset' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:376:21: error: 'tvb' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:376:26: error: 'pinfo' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:376:43: error: 'offset' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:21: error: 'tvb' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:26: error: 'pinfo' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:43: error: 'offset' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:378:32: error: 'offset' was marked unused but was used
proto_item_set_len(drb_tree, *offset - offset_start);
^
file-rbm.c:526:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_rbm_version_unsupported, "Version %u.%u is not supported (only %u.%u)",
Change-Id: Id255df237c43c313720797a46c0e877f0f7550e0
Reviewed-on: https://code.wireshark.org/review/33370
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
file-rfc7468.c:428:39: error: 'data' was marked unused but was used
dissect_rfc7468(tvb, pinfo, tree, data);
Change-Id: I938f30edfc7cf952eadbd0cf79e4cc95bb971b2e
Reviewed-on: https://code.wireshark.org/review/33369
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Big-endian and little-endian UTF-16 and UCS-2 aren't the same; always
associate them with a byte order ENC_ flag, to clarify what byte order
is being used. Yes, for big-endian, omitting the ENC_ flag, or using
ENC_NA, *happens* to work, because ENC_BIG_ENDIAN and ENC_NA *happen* to
be 0, but omitting ENC_BIG_ENDIAN doesn't make it sufficiently clear
that it's UTF-16BE or UCS-2BE.
Change-Id: Iecf7375763ce4922bd1b0676c9dc5a01731c2fec
Reviewed-on: https://code.wireshark.org/review/33374
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Calling DissectorTables's try method for a dissector table of an unknown
type crashes Wireshark.
local dt = DissectorTable.get("iso14443.subdissector")
dt:try(0, tvbuf, pinfo, tree)
causes a segmentation fault
Thread 1 "wireshark" received signal SIGSEGV, Segmentation fault.
except_pop () at /media/sf_wireshark.git/epan/except.c:264
264 set_top(top->except_down);
(gdb) print top
$1 = (struct except_stacknode *) 0x2
(gdb) bt
at /media/sf_wireshark.git/epan/packet.c:590
My gut feeling (I haven't verified this) is that we should not call luaL_error()
inside a TRY-CATCH block. DissectorTable_try does this when the type of the
dissector table is not supported.
Fall back to the data dissector in this case and bring up an expert info
instead of aborting the dissection completely.
Change-Id: I9a49f738a99b2618014f41050d8c0bf6bfbb4138
Reviewed-on: https://code.wireshark.org/review/33357
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For all platforms that is supported by Qt framework...
- Select copy/<options> from context menu and it will copy selected lines.
Note: This change implements part 1 of another change, # 33007.
And has been tested on Windows 10 only.
Change-Id: Iba2668d7c411aa33de77003fe116e63e6f650b3d
Reviewed-on: https://code.wireshark.org/review/33074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'gsm_sim.apdu.cla.secure_messaging_ind' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
Change-Id: Iff6e05d5e2c1309a62e026099bc90f8cb8a9b803
Reviewed-on: https://code.wireshark.org/review/33352
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We added FT_NONE dissector tables a while ago. These tables can only be
used for Decode As. Support such dissector tables in lua's print() function.
print(DissectorTable.get("iso14443.subdissector"))
will now print
DissectorTable iso14443.subdissector only for Decode As:
Change-Id: I9f5a2f6d6b1edb2a53ca1d2c0ae158c16fddf05f
Reviewed-on: https://code.wireshark.org/review/33356
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jeffrey Goff