The added header is UDP, like in DTLS, and unlike all other
protocols which have IP+UDP.
Simplify also DTLS handling while at it.
Change-Id: Ie76a19087991c4f5c0d16586b67aaab69d0c5aaf
Reviewed-on: https://code.wireshark.org/review/37378
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC8086 defines a method for encapsulating GRE packets in UDP, to
allow the usage of GRE tunnels over networks that disallow GRE and
other atypical IP protocols. IANA has allocated UDP ports 4754 for
GRE-in-UDP traffic, and port 4755 for GRE-in-DTLS, this patch only
implements GRE-in-UDP.
Change-Id: I98b356dde4bf310bb20b9a494d93fd4383cf0566
Reviewed-on: https://code.wireshark.org/review/37376
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
FreeBSD defines constants such as KRB5_KU_USAGE_ACCEPTOR_SEAL
as part of the krb5_key_usage struct. Having such a defines
causes a clash that breaks the compilation. The struct needs to be
included first.
Error:
In file included from ./asn1/kerberos/packet-kerberos-template.c:413:
/usr/include/krb5.h:255:5: error: expected identifier
KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
^
./asn1/kerberos/packet-kerberos-template.h:22:41: note: expanded from macro 'KRB5_KU_USAGE_ACCEPTOR_SEAL'
#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
^
Change-Id: Ic241f2b6a2c01e7bd6c84d05e509f12e738ab2ac
Reviewed-on: https://code.wireshark.org/review/37358
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I45d252edfc41ff69aa680b05ccb6fa6b3e5d2ac7
Reviewed-on: https://code.wireshark.org/review/37375
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I004acb02a4c8b4b1ee1d9834ff0da26772e417c1
Reviewed-on: https://code.wireshark.org/review/37374
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I9ad5252af93642a52db0e1d9df67fa5553103d7f
Reviewed-on: https://code.wireshark.org/review/37372
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: Ic4af292bf494355a78f75df7e00d3c06bfc6eb50
Reviewed-on: https://code.wireshark.org/review/37373
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is going to install the deb artifact created before.
Change-Id: I59a52c8d7fe5dd46bb3ed8684ab3dd477f3baea4
Reviewed-on: https://code.wireshark.org/review/37366
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
I guess Coverity gets upset because, the way GUINT32_TO_BE() works when
building with Coverity, there's at least one test done the result of
which is always the same.
Calculate the "native" value of the direction, and then put it into
big-endian order, in two separate statements.
This should squelch Coverity CID 1457345.
Change-Id: I1ccd6fd848e6abc91f16fa375c98efcab9c5bf60
Reviewed-on: https://code.wireshark.org/review/37370
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
FreeBSD shows a combination of define cases that make the function
missing_encryption_key unused. Put it in the right define scope.
Change-Id: Icf226f134ffa7624a7daf709c302c29acfffe95e
Reviewed-on: https://code.wireshark.org/review/37360
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
You are in a twisty little maze of #ifdefs, all different.
Change-Id: I4c82efe27e840919c7bf19a035abe90cd84e0fbd
Reviewed-on: https://code.wireshark.org/review/37367
Reviewed-by: Guy Harris <gharris@sonic.net>
3GPP TS 04.08 sec 9.1.22 "Paging request type 1" states that "P1 Rest
Octets" is (M)andatory, but then in the same table states its length
ranges from 0 to 17, which means it can actually be missing on some
cases:
"The sum of the length of this IE and the L2 Pseudo Length of the
message equals 22."
So that happens (l2 plen = 22) for instance when 2 IMSIs are provided in
a Paging Request Type 1 message. In that case, we shouldn't be warning
about the packet being malformed having the IE missing, since it's
actually expected.
The l2 Pseudo Length is shifter 2 bits because that's how it's defined
in the spec (sec 10.5.2.19).
Change-Id: I3dcb1d23c7d6fd2f1e370462481086516f24c7bb
Reviewed-on: https://code.wireshark.org/review/37361
Reviewed-by: Vadim Yanitskiy <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
- Some redundant assignments or tests.
- Some declarations were changed to match definitions in terms of
including _U_ for the same parameters
- Some parenthesis added/changed to made precedence more obvious
epan/color_filters.c:533: style: Variable 'name' is reassigned a value before the old one has been used.
epan/color_filters.c:534: style: Variable 'filter_exp' is reassigned a value before the old one has been used.
asn1/tcap/packet-tcap-template.c:2199: warning: Function 'dissect_tcap_ITU_ComponentPDU' argument order different: declaration '_U_, tvb, offset, _U_, tree, _U_' definition '_U_, tvb, offset, actx, tree, _U_'
epan/dissectors/packet-aim.c:2546: warning: Function 'dissect_aim_tlv_value_icq' argument order different: declaration 'ti, subtype, tvb, _U_' definition 'ti, _U_, tvb, pinfo'
epan/dissectors/packet-arp.c:1133: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1143: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1158: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-arp.c:1168: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-gtpv2.c:5997: warning: Function 'dissect_gtpv2_mbms_service_area' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6291: warning: Function 'dissect_gtpv2_mbms_time_to_data_xfer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, _U_, _U_, _U_'
epan/dissectors/packet-gtpv2.c:6369: warning: Function 'dissect_gtpv2_epc_timer' argument order different: declaration 'tvb, _U_, tree, _U_, _U_, _U_, _U_, _U_' definition 'tvb, _U_, tree, item, _U_, message_type, _U_, _U_'
epan/dissectors/packet-knxip.c:2939: style: Condition 'mac_error' is always false (just added comment)
epan/dissectors/packet-mac-lte.c:4386: style: Clarify calculation precedence for '&' and '?'.
epan/dissectors/packet-nas_5gs.c:1828: style: Variable 'nas5gs_data->payload_container_type' is reassigned a value before the old one has been used. (noted confusing recursion)
epan/dissectors/packet-rpcrdma.c:587: warning: Identical condition 'offset>max_offset', second condition is always false
epan/dissectors/packet-rsl.c:2098: style: Assignment of function parameter has no effect outside the function.
Change-Id: Ib5c9a04cfb6e6233972bc041434601c8ef09c969
Reviewed-on: https://code.wireshark.org/review/37343
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
From a recent cppcheck scan:
epan/dissectors/packet-pcnfsd.c:222: style: Condition 'password_item' is always false
Change-Id: I90a210899bd1e7a6de350322577e5e1598e078d5
Reviewed-on: https://code.wireshark.org/review/37353
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
From a recent cppcheck scan:
epan/dissectors/packet-http2.c:1604: warning: The expression 'strcmp(header_name,"<unknown>") != 0' is suspicious. It overlaps 'strcmp(header_name,":method") == 0'.
epan/dissectors/packet-http2.c:1604: warning: The expression 'strcmp(header_name,"<unknown>") != 0' is suspicious. It overlaps 'strcmp(header_name,":status") == 0'.
Change-Id: I373398112ca9e44d848da4a2b21bd7d059fa049c
Reviewed-on: https://code.wireshark.org/review/37352
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Use Qt::ItemFlags() instead of 0.
Use QFileDialog::Options() instead of 0.
Use QComboBox::textActivated instead of QComboBox::activated.
Switch to just using Qt::WindowFlags() in GeometryStateDialog. This
*should* work for Qt 5.5 and earlier, but if it doesn't we can switch
back.
Change-Id: Iaf4e7efa1a11fc7f3325b449eef1be308cd21b45
Reviewed-on: https://code.wireshark.org/review/37349
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for TK user input keys. With this Wireshark can
decrypt packet captures where 4WHS frames are missing and
packet captures with non-supported AKMS, for example
802.11r / Fast BSS Transitioning.
Decryption using user TK works as a backup if the normal
decryption flow does not succeed. Having TK decryption keys
added will affect general IEEE 802.11 dissector performance
as each encrypted packet will be tested with every TK.
Worst case scenario is plenty of TKs where none of them
matches encrypted frames.
On successful user TK decryption an SA is formed based on
parameters used to decrypt the frame. This SA is similar to
what is formed when Wireshark detects and derive keys from
4WHS messages. With the SA entry in place the decryption
performance (success case) should be on par with "normal"
decryption flow.
Bug: 16579
Change-Id: I72c2c1e2c6693131d3ba07f8ddb8ff772c1b54a9
Reviewed-on: https://code.wireshark.org/review/37217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I283bab1ecdadc17589e2fbe944a457f5b5211970
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37317
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The erf_dump function in erf.c keeps the header intact and
ignores the adjusted time.
This adds a section for checking if the timestamp is changed
and updating the header accordingly.
Bug: 16578
Change-Id: I14468a302e746c7a84cf5619b73b94850142d930
Reviewed-on: https://code.wireshark.org/review/37301
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is a window where the memory for the composite TVB can be leaked,
namely between calling tvb_composite_new and tvb_composite_finalize.
This can occur due to complex dissector logic (bug 16375) or due to
exceptions preventing tvb_composite_finalize from being called.
Fix this by attaching the composite TVB sooner to another TVB. Ideally
tvb_composite_new is changed to receive the initial TVB as parameter,
but that would change its API.
While at it, remove a redundant NULL-pointer check and comment. The
comment referring to a union was likely about avoiding the const-cast.
Bug: 16375
Change-Id: Ic8c6d1da6fbd5ff9f16b1280af3aab23f9ed470d
Reviewed-on: https://code.wireshark.org/review/37345
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
nghttp2_hd_inflate_hd has only been deprecated because its "in" argument
is non-const, aside from this aspect the implementation is equivalent.
For inflate_http2_header_block there is no difference since the buffer
is already non-const. However in fix_partial_header_dissection_support,
the given buffer is const. To avoid new -Wcast-qual warnings while
keeping the buffer read-only, just add a simple wrapper function.
This fixes a build failure reported for libnghttp2-devel
1.7.1-1.15.x86_64 on openSUSE Leap 42.3.
Change-Id: I9ab9305ffc5920f5e3f4866c2f0378d45008b57a
Reviewed-on: https://code.wireshark.org/review/37346
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use proper functions to lookup/iterate elements in QHash
Avoid useless lookup
Change-Id: I7a115ae5ed35b31599f33050e36bf68007167a96
Reviewed-on: https://code.wireshark.org/review/37304
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add an entry for CMAKE_OSX_DEPLOYMENT_TARGET to the CMake section.
Change-Id: I6b15d0e3dfeb501b61049b09a0cb94f6a9297353
Reviewed-on: https://code.wireshark.org/review/37337
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure we set QIODevice::Text on our QTextStreams when saving and
exporting text so that we get native line endings on Windows.
Change-Id: I4602157d2d170eb9a2c79032254ea5be236c7589
Reviewed-on: https://code.wireshark.org/review/37336
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the following deprecation issues for Qt 5.15:
Use Qt::WindowFlags() instead of 0 in Qt >= 5.6.
Pass Qt::SkipEmptyParts instead of QString::SkipEmptyParts to QString::split() in Qt >= 5.15.
Use QMultiMap instead of QMap where we were using QMap::uniqeKeys().
Use QCP::Interactions() instead of 0.
Use '\n' instead of QTextStream::endl.
Use QWheelEvent::angleDelta() instead of QWheelEvent::angle().
Change-Id: Ie2d69d3a396c0821c2c34f506ddad6f8e22f7049
Reviewed-on: https://code.wireshark.org/review/37334
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since Wireshark 3.2 the filter toolbar no longer has an Expression button.
Remove this from the Users Guide as well.
Change-Id: I54d0356c42ff599296fa800e7d730e6098f35976
Reviewed-on: https://code.wireshark.org/review/37338
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 16255 - support HE MCS to rate conversion
Change-Id: I4a4a6c3d62c167b654d150c397047a55f287e6c8
Reviewed-on: https://code.wireshark.org/review/37255
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Both bus id and device address are already known when creating interface
info on the first pass. Set the values early to prevent passing zero
initialized data to dissectors.
Change-Id: I50c748eb16e0ab39fdc84f2d7503c87ae48eeae9
Reviewed-on: https://code.wireshark.org/review/37328
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Filipe Laíns <lains@archlinux.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Error:
./asn1/kerberos/packet-kerberos-template.c:109:2: error: unknown type name ‘enc_key_t’
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_EncryptionKey’:
./asn1/kerberos/kerberos.cnf:386:7: error: unused variable ‘start_offset’ [-Werror=unused-variable]
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_authenticator_subkey’:
./asn1/kerberos/kerberos.cnf:406:42: error: ‘save_Authenticator_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_authenticator_subkey’?
./asn1/kerberos/kerberos.cnf:406:42: note: each undeclared identifier is reported only once for each function it appears in
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encTicketPart_key’:
./asn1/kerberos/kerberos.cnf:445:42: error: ‘save_EncTicketPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encTicketPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encKDCRepPart_key’:
./asn1/kerberos/kerberos.cnf:435:42: error: ‘save_EncKDCRepPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encKDCRepPart_key’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encAPRepPart_subkey’:
./asn1/kerberos/kerberos.cnf:416:42: error: ‘save_EncAPRepPart_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_encAPRepPart_subkey’?
./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_krbCredInfo_key’:
./asn1/kerberos/kerberos.cnf:455:42: error: ‘save_KrbCredInfo_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_krbCredInfo_key’?
cc1: all warnings being treated as errors
Change-Id: Ib9e38c3d745dd8a12ac8e4691918770a8b876727
Reviewed-on: https://code.wireshark.org/review/37313
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We should explicitly check that the security header indicates the use of
ciphering.
Change-Id: I0e6f50e180f95e03d6e1dd96db39a03543490be4
Reviewed-on: https://code.wireshark.org/review/37326
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
This improves the performance a lot if you have a keytab with a lot of
entries (e.g. for a whole domain).
GSSKRB5 decryption should only try the subkey of the AP-Rep.
We could further optimize this and remember the key
on the cenversation after the first success, but
that's for another day.
Change-Id: I405e41e7d90073d569fcbeec4b4188453a251000
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37323
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I4d4014c6def44144461497ad4d92b9f32b4d3140
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37322
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-Update dissection of the OSCORE option.
-Enable zero-length Sender and Recipient ID.
-Add ID Context field in preferences.
-Update context derivation to rfc8613.
-Extend context lookup to include ID context.
-Fix Observe responses.
Bug: 16585
Change-Id: Ib9823a54cf535be3559e1c41a19b8b612458777f
Reviewed-on: https://code.wireshark.org/review/37314
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have completely separate definitions of krb5_fast_key(); the one used if
we don't have krb5_c_fx_cf2_simple() declares *all* parameters as
unused, as it's a stub routine.
Change-Id: I828c8d8f60634fcf537c2822f1a1c5db33ea2798
Reviewed-on: https://code.wireshark.org/review/37321
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Note that Windows Package Manager (winget) and Scoop exist, but don't
currently provide all of the packages we require.
Change-Id: I69f6958faec3454f37eda79e5b76d3e70d399555
Reviewed-on: https://code.wireshark.org/review/37320
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already know about the top level message type.
So we only need an autodetection for the TGS-REP.
We could also avoid that, but that would need state to
match TGS-REQ with TGS-REP.
But if we client used FAST and we got a strengthen_key,
we're sure an authenticator subkey was used.
Windows don't use an authenticator subkey without FAST,
but heimdal does.
For now try 8 before 9 in order to avoid overhead and false
positives for the 'kerberos.missing_keytype' filter in pure
windows captures.
Change-Id: If974dda735cd2aa5b1920c26309e5e2081723e4f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37299
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Orgad Shaneh
Pau Espin