Fix the warning:
packet-kismet.c: In function 'dissect_kismet':
packet-kismet.c:242:58: error: passing argument 3 of 'ws_strtou64' from incompatible pointer type [-Werror]
if (ws_strtou64(format_text(line, tokenlen), NULL, &t.secs)) {
^
In file included from packet-kismet.c:34:0:
../../wsutil/strtoi.h:49:24: note: expected 'guint64 *' but argument is of type 'time_t *'
WS_DLL_PUBLIC gboolean ws_strtou64(const gchar* str, const gchar** endptr, guint64* cint);
Change-Id: Ifd31de22db22f39f78359cc9432eb7da187f73a6
Reviewed-on: https://code.wireshark.org/review/17990
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The Osmux protocol bundles multiple AMR frames inside one UDP packet to avoid
the overhead of having one IP/UDP/RTP packet per AMR frame. It is used by the
osmocom project.
Sponsored-by: On-Waves ehf
Change-Id: I8fb21e54adec8d8bd7ac5ebd2154100a73ab71c9
Reviewed-on: https://code.wireshark.org/review/16996
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Column information of LLDP frames should be updated according to PROFINET
requirements without changing the default behavior of column information.
Therefore, a new protocol setting is added.
This setting is used to display PROFINET specialized column information:
Edit-> Preferences -> Protocols -> Select LLDP
Bug: 12937
Change-Id: I48b78d0a3f6b3425f6f9c1d4be20dc24b143346d
Reviewed-on: https://code.wireshark.org/review/17081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add also an expert info when the time is invalid.
Change-Id: I8b3639aade41574cf1bda38f3ae1d02b09d0711c
Reviewed-on: https://code.wireshark.org/review/17678
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Bug: 12942
Change-Id: I69ab22caa9938167db421ca2f0346ca086280823
Reviewed-on: https://code.wireshark.org/review/17890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The next sequence number is off by one when there is TCP payload
in a SYN or FIN packet (e.g. when using TCP FastOpen).
Bug: 12579
Bug: 12838
Change-Id: Idb68cea4b4dcba39461019c08db09367cbfc6d68
Reviewed-on: https://code.wireshark.org/review/16239
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icbadcc83b5fedea4373d4c65a11700d73b3dc32e
Reviewed-on: https://code.wireshark.org/review/17972
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Updated PCEP-ERROR Object Error Types and Values base on Path Computation Element Protocol (PCEP) Numbers 2016-08-09 version
Change-Id: Ife0b49119a2b634279e33ab8f699a5dc57ecb34b
Reviewed-on: https://code.wireshark.org/review/17957
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new taps.
Change-Id: Ida5ad2375c95664ee1b911d265cb69672db2be2d
Reviewed-on: https://code.wireshark.org/review/17964
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apply mask and bit shift on the returned value.
Change-Id: I00aebc854756f01a25199a259d6d5252abea4349
Reviewed-on: https://code.wireshark.org/review/17958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If ssl_association_add is passed a NULL app_handle argument, it will
trigger DISSECTOR_ASSERT which fails due to the bad wmem scope
(wmem_packet_scope). Arguably DISSECTOR_ASSERT should not be used there,
but its alternative is g_warning/g_assert are not much different...
Fix the crash (assertion failure) by checking that the UAT-supplied
protocol is really valid. Normally the post_update_cb should not be
invoked if any of the fields are invalid, but that requires larger
changes in the Qt UAT dialog code.
Change-Id: Ie245213b650b1de9640db8dadd08f3ed2bff335f
Reviewed-on: https://code.wireshark.org/review/17906
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added display Object-Type number in string.
Change-Id: Icbb44aae2379f308f49bef7355e8c8c901889c15
Reviewed-on: https://code.wireshark.org/review/17910
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename identifiers and change item labels to reflect their purpose:
* ISAKMP Phase 1 = IKE
* ISAKMP Phase 2 = IPsec
* IKEv2 Attribute = Transform Attribute
Remove "transform" and "type" where they do not apply.
External users of isakmp.tf.* field names, such as display filters,
have to be updated after this commit to use isakmp.ipsec.* instead.
old new
--------------------------------------------------------------------
dissect_transform_attribute() dissect_ipsec_attribute()
dissect_transform_ike_attribute() dissect_ike_attribute()
ISAKMP_ IPSEC_
hf_isakmp_tf_attr hf_isakmp_ipsec_attr
isakmp.tf. isakmp.ipsec.
transform_ike_attr_type ike_attr_type
transform_isakmp_attr_type ipsec_attr_type
transform_attr_sa_life_type attr_life_type
transform_dh_group_type dh_group
transform_attr_encap_type ipsec_attr_encap_mode
transform_attr_auth_type ipsec_attr_auth_algo
transform_attr_ecn_type ipsec_attr_ecn_tunnel
transform_attr_ext_seq_nbr_type ipsec_attr_ext_seq_nbr
transform_attr_addr_preservation_type ipsec_attr_addr_preservation
transform_attr_sa_direction_type ipsec_attr_sa_direction
transform_attr_enc_type ike_attr_enc_algo
transform_attr_hash_type ike_attr_hash_algo
transform_attr_authmeth_type ike_attr_authmeth
transform_attr_grp_type ike_attr_grp_type
Type Payload Payload
Transform IKE Attribute Type IKE Attribute
Transform Attribute Type IPsec Attribute
Transform IKE2 Attribute Type Transform Attribute
Config Attribute Type Config Attribute
ISAKMP (v1) IKEv1
ISAKMP (v2) IKEv2
--------------------------------------------------------------------
Change-Id: Ib02a0bad100f932a290cae35ea4bd75b191f797b
Reviewed-on: https://code.wireshark.org/review/17914
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the different classes of generated dissectors, have
CLEAN_xxx_DISSECTOR_SRC with the ones that compile without warnings,
DIRTY_xxx_DISSECTOR_SRC for the ones that get warnings, and
xxx_DISSECTOR_SRC which is the combination of the two.
Add a new NCP2222_DISSECTOR_SRC for the packet-ncp2222.c dissector
generated by tools/ncp2222.py. Add a new source group for it.
Move register.c to DISSECTOR_SUPPORT_SRC. Get rid of
DISSECTOR_GENERATED_FILES; it's kind of a "none of the above" category,
and we now have an "above" for all files.
Include NCP2222_DISSECTOR_SRC in DISSECTOR_FILES.
Add an ALL_DISSECTOR_SRC that includes DISSECTOR_FILES and
CORBA_IDL_DISSECTOR_SRC (why are those kept separate?). Use it for the
list of files we use to generate register.c.
Add NCP2222_DISSECTOR_SRC to CLEAN_FILES.
(Hopefully this makes it less likely that we'll forget to use -Werror
for clean dissector files or forget to use them to generate register.c.)
Change-Id: Ib9a7d10e1b9045516ef1f014046c6ff777c42be2
Reviewed-on: https://code.wireshark.org/review/17944
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise a lot of ncp fields are missing.
Bug: 12945
Fixes: v2.1.0rc0-2918-g2e23b50 ("Add checkAPI calls to CMake.")
Change-Id: Ic46dc12c9a98b38d78ef988c0ce71f38e3163549
Reviewed-on: https://code.wireshark.org/review/17941
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 12891
Change-Id: I70ed7f8a08122c559128b8df4d65e03be8201e1a
Reviewed-on: https://code.wireshark.org/review/17683
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Palúch <Peter.Paluch@fri.uniza.sk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The BT spec does not specify a bitmask for Subversion Number.
Change-Id: If6f384badc4228ea1e1c30ec8156f382ca5959e0
Reviewed-on: https://code.wireshark.org/review/17936
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The NCP dissector relies on those filters being compiled, and we end up
doing a g_assert() anyway; use g_error() to make sure the error gets
printed.
Change-Id: Ibc20407c1c08f0baaa626f269e9552ae11b36083
Ping-Bug: 12945
Reviewed-on: https://code.wireshark.org/review/17921
Reviewed-by: Guy Harris <guy@alum.mit.edu>
conversion from 'size_t' to 'guint', possible loss of data"
Change-Id: I63ddf1384acdebc176a052489891d55d7a1b21ce
Reviewed-on: https://code.wireshark.org/review/17920
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia8d4d74a7f0f5795790f930fc1e894a7ee202da7
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17550
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixed short command 0 short address,
command 0 that has less bytes,
command 9 byte count,
command 48 parse first 6 bytes instead of 5 and
the command may has less bytes, pass correct byte count into the
dissect_parse_hart_cmds() function.
Added support HART published and NAK message types and more HART commands.
Bug: 12817
Change-Id: I4a9e7f9b342346ff4ecdcd06a73238c1a08d00fc
Reviewed-on: https://code.wireshark.org/review/17325
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info for failed conversion.
Change-Id: I03d5e2db791f81d43384bb047c268d07709a6099
Reviewed-on: https://code.wireshark.org/review/17863
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The C/D control flag was integrated in the subtype field of 1722 after
draft 6. These changes are now added to the 1722-1 and MAAP protocol.
Change-Id: I19b2e8237fb87d42ec7bcb6f9f53e8cc8605731d
Reviewed-on: https://code.wireshark.org/review/17664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "name_length >= alpn_proto->proto_name_len" condition always failed
to match for short names (like "h2" where the reported length is 2, but
the proto_name_len would be 3).
This fixes recognition of HTTP/2 traffic, without this patch it would be
interpreted as http-over-tls as reported on
https://ask.wireshark.org/questions/55720/how-to-install-http2-dissector-plugin
Change-Id: Idc3eae0b6d593c8f3c435230ef76da90a4b1e7fc
Reviewed-on: https://code.wireshark.org/review/17907
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A dissector bug was reported:
epan/dissectors/packet-ssl-utils.c:1615: failed assertion "data"
and fair enough, the MAC Key is indeed NULL because of our special
handling for NULL ciphers. Just ignore the MAC key then.
Change-Id: I12d2be5e84520badb44a99fc965c48c3afa89346
Fixes: v2.3.0rc0-697-gb1d36fe ("ssl-utils: remove block and key sizes from cipher suites table")
Reviewed-on: https://code.wireshark.org/review/17903
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Added capability to expand Private Enterprise Number to string.
Change-Id: Id3df604a47c3067febb878caf89087aa00ecf038
Reviewed-on: https://code.wireshark.org/review/17770
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
and also move on the top and not too far from ssl_version_short value_string
Change-Id: I9012d0d0839fd29da500a7f37a83ecc982f0fb5b
Reviewed-on: https://code.wireshark.org/review/17887
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
EAP identities can be of different kind. This change adds a sort
of heuristic that dissects the wlan identity in the form of
<imsi>@wlan.mnc<mnc>.mcc<mcc>.3gppnetwork.org. A general purpose
dissection function, acting as a proxy, has been created to make
room for other specific dissections.
Bug: 12921
Change-Id: Ic48aee004fa7df5ee4dbeca091ed31616d155890
Reviewed-on: https://code.wireshark.org/review/17796
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As all this information belongs together I'm moving it into a subtree.
Change-Id: I839a5a6294360976a78b4b43f219e30381b4f516
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17878
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d7ebc6dd46e0d6494d412653ec423b8c0fde9c8
Reviewed-on: https://code.wireshark.org/review/17203
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2a9806026413c5971e5ecad17cd80787130cb9ed
Reviewed-on: https://code.wireshark.org/review/17803
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some sub protocols do not register fields
Follow-up of gf4a521e
Change-Id: Iec3165d6204cc6acc0ec31a7266f860012463cd0
Reviewed-on: https://code.wireshark.org/review/17868
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
to allocate the arry to hold them. This should be more efficient.
Change-Id: I84b1095b6eb110fdcc1b2630949c76b51f3a47b6
Reviewed-on: https://code.wireshark.org/review/17866
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto = -1
Change-Id: I60f899ad748b5d3e17f237552af7d2dbc8f27bd2
Reviewed-on: https://code.wireshark.org/review/17864
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These APIs can insert or remove a single value into a range structure.
Adding a value may extend an existing range or create a new one.
Removing a value may remove a range item.
Change-Id: Ia6995ecf7760aca1fb7fd9b4c53972298a57675f
Reviewed-on: https://code.wireshark.org/review/17836
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug:12928
Change-Id: Id3f9e41a62a90e36f19e1d55226826e7f9ffa3f4
Reviewed-on: https://code.wireshark.org/review/17855
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
commit b5aa0ff1a4
nfs: Add NFSv4.2 ops OFFLOAD_CANCEL and OFFLOAD_STATUS
As coded, the reply of the OFFLOAD_STATUS decodes a stateid.
However, in the spec, the reply is count and an array of
statuses. I propose the following fix to match the spec
for the OFFLOAD_STATUS.
Change-Id: Ibaddba96446b8d9b520ca977f0b1ed66749d3388
Reviewed-on: https://code.wireshark.org/review/17805
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The "Checksum incorrect" note in COL_INFO was inadvertently
broken in gad6fc87d6.
Change-Id: I064c3c79aa3e1ae72d3a8167538e709d0b5fe94a
Reviewed-on: https://code.wireshark.org/review/17842
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
also remove padding function (don't needed)
Bug: 12922
Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
Reviewed-on: https://code.wireshark.org/review/17825
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise a string shorter than 7 characters will trigger an out of bounds access
Bug: 12825
Change-Id: I54a7909d74838dcb56583374e5753f877ff74fe2
Reviewed-on: https://code.wireshark.org/review/17826
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: I758ff81bdfcb9c18810baad12554d7f7f0e7705f
Reviewed-on: https://code.wireshark.org/review/17707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always give the netlink data struct to dissect_netlink_attributes() so
we can extract which endianness we should use. This fixes the netlink
dissector on big endian.
Change-Id: Ia485a29035c947908c29a9e30d0aba8d4fc94093
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no field which indicates which endianness is used for netlink
data, try to guess it by checking if the length in little or big endian
fits better.
Change-Id: I02884763931f3f3589b7ac5bff2781797c1d0f87
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17635
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I35db77ee05c3c873577b4f40c41f283e5666a4e2
Reviewed-on: https://code.wireshark.org/review/17701
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28325d655ccd5d363aac89e49e5333b3d75f68a2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17810
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ieeb9de0f54a22afc3adcd52d8af2c45e8b82b0ab
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17808
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I951a317da795c94ac6518be73cb2c836e7afb836
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17807
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not found in any specification, but it appears to be implemented by
kubernetes (using "SPDY/3.1" value).
Ping-Bug: 12874
Change-Id: I9fc7ad2f657a739b415f6801fe0f43f6ef75ca70
Reviewed-on: https://code.wireshark.org/review/17786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
as defined in RFC6925
Bug: 12907
Change-Id: I546d243f4b188025d8c96a1eaa0798b70a847a25
Reviewed-on: https://code.wireshark.org/review/17775
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add decoding of the upcall->flags value. This mask currently used do
give hints about the cache-invalidation structures.
Change-Id: I4a3ab03bec6e2a2c9f8c7bbf17babb2bc93c9d7b
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Equalize attribute dissecting functions:
* Convert all attribute type names to range_string.
Add "Unassigned" and "Private use" ranges while we are at it.
* Swap the order of format and type fields for config attributes.
Move common code into the new function dissect_attribute_header().
Try to keep the parameter list short:
* Group the hfindex values for attribute details into a struct.
* Merge attribute subtree types.
Add a colon in the main attribute item label for visual separation.
Skip dissection of config attributes for unknown IKE versions.
Change-Id: I6e6286f3d4cf16f3cd16a23aca540c4af72f3442
Reviewed-on: https://code.wireshark.org/review/17663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In one of the two cases where we treat the first byte of an identity as
a prefix, we know it's EAP-AKA. (In the other, we do *not* know that!)
Change-Id: I16625f7193eb3ab0840739ec37dbd64e2a5a0fb5
Reviewed-on: https://code.wireshark.org/review/17767
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no guarantee that the identity is a string whose first character
is a prefix indicating the type of identity; only display it as a prefix
if it's one of the known types. We really may need some other mechanism
to determine how to parse the identity, perhaps based on what the
protocol layers below it are.
Put back the display of the full string in one case where that was
inadvertently removed.
Change-Id: I2e3324f964fa25ebd7065ddb0de82ffae6597509
Reviewed-on: https://code.wireshark.org/review/17764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This used to be string item, its value was not 0-terminated. This
resulted in out-of-bounds mem acceess when eap_identity_prefix was used
by proto_tree_add_string_format().
==14744== Conditional jump or move depends on uninitialised value(s)
==14744== at 0x4C294F8: strlen (mc_replace_strmem.c:390)
==14744== by 0xC19C97F: g_strdup (gstrfuncs.c:355)
==14744== by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
==14744== by 0x67136A9: proto_tree_add_string (proto.c:3515)
==14744== by 0x6713870: proto_tree_add_string_format (proto.c:3547)
==14744== by 0x69BB494: dissect_eap (packet-eap.c:838)
==14744== by 0x66FD0B4: call_dissector_work (packet.c:649)
As the content is a number anyway, the simplest solution is to make
eap_identity_prefix a numeric item and use
proto_tree_add_uint_format_value().
Bug: 12913
Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
Reviewed-on: https://code.wireshark.org/review/17760
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those are the only ones meaningful. Let's convert the buggy dissectors
and add an assert to avoid the misuse of the pool parameter in the future
Change-Id: I65f470b757f163f11a25cd352ffe168d1f8a86d3
Reviewed-on: https://code.wireshark.org/review/17748
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
with TLS 1.3, there is a new 'Hello' type (Hello Retry Request)
Change-Id: If7a11b70a5b0a69044126c50e1d6ab4e1d443f77
Reviewed-on: https://code.wireshark.org/review/17573
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no session_id and compression method with TLS 1.3 Server Hello
Also no time on first bytes of random field
Bug: 12779
Change-Id: Id79221c2ad50695cf6d46cd5c9255deab99e2d2c
Reviewed-on: https://code.wireshark.org/review/17225
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There are a number of dissectors who are subdissectors of TPKT (and OSITP) that are
not called by TCP dissector directly, yet can possibly register a TCP port "on the
behalf" of TPKT. Just allow TPKT to support a range of ports to possibly include
these protocols.
Remove the preferences from these dissectors, but add backwards compatibility for
the preferences by hooking into set_prefs and have the preferences just hook into
Decode As functionality directly.
Change-Id: Ic1b4959d39607f2b6b20fa6508da8d87d04cf098
Reviewed-on: https://code.wireshark.org/review/17476
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The unsigned variable num_blocks was initialized to -1. Which caused the
dissector to set the total length to 4294967295 fragments when the second
fragment was processed. This made the dissector unable to reassemble data
made of more than two fragments.
Change-Id: I120af090ed29ac73a1fa699bea2bfc91798ef92b
Reviewed-on: https://code.wireshark.org/review/17712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gcry_cipher_get_algo_keylen() returns a size_t, which is bigger than a
guint on most if not all 64-bit platforms; however, if the key is bigger
than 2^32 bytes, we have bigger problems, so just cast it down.
Change-Id: Ia7c97d2742686daf2e42f634c6e349cb580fa9df
Reviewed-on: https://code.wireshark.org/review/17731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ensure that Libgcrypt and zlib memory are freed when closing a pcap.
Change-Id: I420f9950911d95d59ff046fee57900ca6f7e9621
Reviewed-on: https://code.wireshark.org/review/17718
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There was an implicit dependency between the block size in the cipher
suites table and the size expected by Libgcrypt. Just remove the block
size from the table and rely on the value from Libgcrypt to avoid the
risk of mismatching values (which could lead to a buffer overflow).
While at it, remove the size of the key ("bits") and the size of key
material ("eff_bits") too. Move the key material sizes for export
ciphers away from the table and use byte quantities instead of bits.
Additionally, this fixes an issue where 8 bytes of uninitialized stack
memory is written to the SSL debug log for stream ciphers like RC4.
The size of the Write Key is also corrected for export ciphers, now it
prints the actual (restricted) number of bytes that are used.
Change-Id: I71d3c83ece0f02b2e11e45455dc08c41740836be
Reviewed-on: https://code.wireshark.org/review/17714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ssl_cipher_init should only set the IV for CBC cipher suites. NULL
cipher suites will not invoke gcry_cipher_setiv and AEAD ciphers will
set the nonce in a different place anyway.
Fixes a buffer overrun (read) by 12 bytes for any AES-CCM and AES-GCM
cipher suite because the "block size" is set to 4 bytes while the
reported block size for AES is 16 bytes (128 bit). (The four bytes are
the "salt" part of the nonce that is extracted from the "client/server
write IV" part of the key block.)
Observed with the DTLS packet capture from
https://ask.wireshark.org/questions/55487/decrypt-application-data-pending-dtls-abbreviated-handshake-using-psk
Change-Id: I4cc7216f2d77cbd1eac9a40dca3fdfde7e7b3680
Reviewed-on: https://code.wireshark.org/review/17713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To do so, memorize whether a given eNB UE S1AP ID belongs to a NB-IoT
TAI or not.
Also add a preference allowing to force dissection as legacy LTE or
NB-IoT if automatic mode fails.
While we are at it, let's remove the global variables and introduce
a S1AP private data info stored in pinfo.
Change-Id: I7e30b3d59d909684e5cfe13510293ed38ad52574
Reviewed-on: https://code.wireshark.org/review/17709
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use new heuristics based on the EAP Code field to determine whether a
field originates from the client or server. This is more reliable than
using "pinfo->match_uint" for two reasons: (1) the heuristics dissector
does not set "match_uint" (resulting in an arbitrary match on the
previous value) and (2) with EAP over EAPOL, there is no matching port
number (resulting in two conversations with different addresses and port
number zero).
To fix TLS decryption, make sure to create a single conversation for
both direction and allow the port type to be PT_NONE (to avoid reporting
all packets as originating from the server).
Bug: 12879
Change-Id: I7b4267a27ffcf68bf9d3f6a90d6e6e2093733f51
Reviewed-on: https://code.wireshark.org/review/17703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change prevents to accept netmasks as /24x. The
mask must be an clean integer.
Change-Id: I46aeb089dd6538b5cc4bde7efd4dc317621a5245
Reviewed-on: https://code.wireshark.org/review/17612
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change based on BlueZ code on the same license that Wireshark is.
It seems that a lot of commands/events are incomplete or unknown,
however better to have them.
Also rename variables (etc.) of the first dissector to contain
vendor name like new one, to distinguish them.
Change-Id: I2db3ed73d477699032a44bac2d3c88a9230b0095
Reviewed-on: https://code.wireshark.org/review/17657
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The structured id handling is not in use by anyone.
Change-Id: I643fb03f642a5c1900aaec7d41e2b66dba5a2b05
Reviewed-on: https://code.wireshark.org/review/17655
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
length of the PDU is not known(length is exluding escape bytes).
Change-Id: I762419f12ca80f6597163e232c4b853819927b65
Reviewed-on: https://code.wireshark.org/review/17302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, let's reorder them in the .cnf file to match their
definition in S1AP-PDU-Contents.asn and ease review
Change-Id: I4c433fa862d83053d8b01cc951e756379356fa57
Reviewed-on: https://code.wireshark.org/review/17649
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tried to poke various fields (including the capture filter field), this
revealed some memleaks.
Change-Id: I1eca431a09839906a4b3c902ad85e55bffc71ca8
Reviewed-on: https://code.wireshark.org/review/17648
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes a memleak that occurs on (re)loading a pcap. While at it, remove
some unnecessary variables.
Change-Id: Ibb662e5c608881bc7dfde9d12cdb77f699ff6542
Reviewed-on: https://code.wireshark.org/review/17639
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added version 3.1.1 CONNACK session present flag and SUBACK failure
indication. Adjusted SUBSCRIBE and SUBACK QoS values.
Added string length values. Removed the message type subtree as it
had no purpose. Put the message type in the top tree mqtt node instead.
Removed unused code and fixed code layout.
Change-Id: I8a9ae26ac9a2af04dc6f8d08ac46aa305c225c4f
Reviewed-on: https://code.wireshark.org/review/17590
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is a v4 (and v5) with some change (patches coming !)
Change-Id: I3107727e2b86f7f6c0019ba6f2638bb40b41c0fb
Reviewed-on: https://code.wireshark.org/review/17626
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Append the length to the extension and display the contents of
unknown extensions as bytes.
Change-Id: Iba1204a1d5e187f28cb41c4369b10eeb86e6b43a
Reviewed-on: https://code.wireshark.org/review/17265
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The bytes that are not part of the address are not dissected.
Added them to the tree as "unused", to have a complete dissection
of the packet.
Found by incomplete dissector check.
Change-Id: Iafffebe8bc0f8254ac0b451d007e0a99aab91924
Reviewed-on: https://code.wireshark.org/review/17608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12687
Change-Id: Ib489b4c6aff1e0611e9b8a086054e56284f24b84
Reviewed-on: https://code.wireshark.org/review/16787
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was just a wrapper over regular HTTP dissector, which can already
pick its own ports to use.
Also some other minor cleanup related to removal.
Change-Id: I20dd37670c676551a06aaeb69fd657684af9685d
Reviewed-on: https://code.wireshark.org/review/17567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-Manufacturer error field has 5 bytes (not 4)
-corrected two descriptions
Change-Id: Ic6f3e8fdf08c52f1d4f987410e1e0597a9f6aaed
Reviewed-on: https://code.wireshark.org/review/17575
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol version from a SSL/TLS record contains the minimum
supported SSL/TLS version and is the best guess for Client Hello
handshake messages if no authorative version is available.
By considering the version from the conversation for the initial
col_set_str call, we can also remove some other calls down the road.
Change-Id: I4be25f5c9057ffd0abcea7280d826867c135fed7
Reviewed-on: https://code.wireshark.org/review/17490
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show the filehandle and lockowner for the callback.
Change-Id: Id09b260d4b31f8fa35ba8452dc143095e5cc88ec
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17574
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some messages related to LVB data are mistakenly treated as malformed.
This patch fixes it by checking LVB flags before parsing LVB data.
I found that "Convert lock" and "Unlock" use PUT_LVB flags, but "Proxy AST" uses GET_LVB flags.
Ping-Bug: 12122
Change-Id: I2c62c8cc9f9bd84abaf92de9f216550101962520
Reviewed-on: https://code.wireshark.org/review/17532
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- xxx-time values are not UNIX timestamps (that is a CUPS-ism - they are
time since bootup in IPP itself)
- Change all of the display strings to use the official IANA values
(confusing otherwise)
- Add support for newer value/group tags.
- Add support for all enum attribute values.
- Add request/response tracking so you can easily match things up.
- Decode octetString, rangeOfInteger, textWithLanguage, nameWithLanguage,
dateTime, and resolution values.
- Don't treat integers and enums as interchangeable (they aren't).
- Integers and enums are signed integers.
- Put operation id or status code in info column.
Change-Id: I9fb5cd89d3c386a2b3932ef4c75967ce2547bc22
Reviewed-on: https://code.wireshark.org/review/17192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For debugging...
Change-Id: I23eb70c89ac95371e1d7b05a52ffeed4f993a52a
Reviewed-on: https://code.wireshark.org/review/17135
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch fixes incorrect endian conversion in pdu length.
Actually pdu length is big endian.
Ping-Bug: 12122
Change-Id: I9f8827293e684a5b4c957138f5879efdd140c500
Reviewed-on: https://code.wireshark.org/review/17533
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Keepalive req/resp messages are shown as "Unknown type (0x00)" in info column.
This patch fixes them to "Keepalive Request" and "Keepalive Response".
Ping-Bug: 12122
Change-Id: If09192067736b78c7785ba1ff05ae62a05d3dc23
Reviewed-on: https://code.wireshark.org/review/17497
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It contains the same password field that appears in the Registration
message. Make this field generic and reuse it here.
Change-Id: I7be9a99b5da1713937ffca5624be66150ff453d1
Reviewed-on: https://code.wireshark.org/review/17489
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
add the value for euro
Change-Id: Id8624e356ad4fcddcf77483a721428782c6bb0b2
Reviewed-on: https://code.wireshark.org/review/17487
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Implement the same changes in the ELEM_TLV() and ELEM_TV() macros as in
packet-gsm_a_common.h, to remove superfluous code and squelch about 50
Coverity issues.
Change-Id: I262dc60fdfa3482876d8525b34f6b1dbbe371257
Reviewed-on: https://code.wireshark.org/review/17478
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a function that dissects FILE_GET_QUOTA_INFORMATION
structure ([MS-FSCC] 2.4.33.1)
This structure is used to define a set of SIDs whose quota
is to be fetched.
Change-Id: I81f6bca98fb239935ca593bd8725cebbb2037fbe
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17445
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.
Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.
Update the User's Guide accordingly.
Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.
Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dissector abort on short tags.
Fix value typo in hash mode enum.
Differentiate unexpectedly short value, zero length (deliberate invalid)
and off-end-of-record tags through expertinfo.
Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly
long tags for now.
Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not
currently implemented outside Wireshark anyway.
Ping-Bug: 12303
Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816
Reviewed-on: https://code.wireshark.org/review/17382
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)
Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.
Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To be usable by SMB2 dissector
Change-Id: I7f5b9a021951c2529f8058cd2fc160eff2e865c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17441
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In SMB user quota records, parse unknown 8-byte field
as quota record's last change time
(source - [MS-FSCC] 2.4.33)
Change-Id: I1f2839934fc0ab8e3d38105e02ef91a547256a70
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As requested by bug 10969 add a link to OSM for locationEstimate.
Bug: 10969
Change-Id: I715b3b5eae9728999d5c8f8c155bbcef3911ee93
Reviewed-on: https://code.wireshark.org/review/17375
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Memleaks could occur in these scenarios:
- Two consecutive fields fail in their chk callback, overwriting the
first heap-allocated error message.
- After parsing one record, the internal record was never freed.
- Syntax errors abort the parsing process and leaks the record and
current field value.
These leaks will only happen at startup, when the UAT files are read or
when UAT strings are loaded (e.g. from the ssl.keys_list preference).
Change-Id: I4cf7cbc8131f71493ba70916a8f60168e5d65148
Reviewed-on: https://code.wireshark.org/review/17432
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
No functional change, fixes typos, adds some meaningful function
parameters and tries to clarify the memory management concerns.
Also fix a -Wdocumentation issue in epan/proto.h
Change-Id: I59d1fcd2ce96178e0a64a0709409a9a7a447c7c6
Reviewed-on: https://code.wireshark.org/review/17431
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Introduced with v2.3.0rc0-112-gdcb7b71, nxt is only a guint8* which
fails on 32-bit glib before 2.31.2.
Change-Id: Ide1816a971fa213f5669a7fa71bc111d5b1cc921
Reviewed-on: https://code.wireshark.org/review/17418
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In commit v2.3.0rc0-121-gb6d13ef, GUINT_TO_POINTER(ah_nxt) was added,
but on 32-bit glib before 2.31.2 this results in a type error. Change
the type of ah_nxt since all its users take a guint anyway.
Change-Id: I2fb030f79011b8a7159a0b0df26d3545b0ce3c06
Reviewed-on: https://code.wireshark.org/review/17419
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Also manually add PLMN 460 02 (Chian Mobile) as it is not listed by ITU yet
Bug: 12622
Bug: 12798
Change-Id: I7c6fab9dcb9da90178186e94f624301ef1861421
Reviewed-on: https://code.wireshark.org/review/17428
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This should fix crashes on Windows, _strdup should not be mixed with
g_free. This was only uncovered in v2.3.0rc0-474-ga04b6fc, before that
ddict_free was never called.
Change-Id: I34111385c82715de70fb42fe44b99b89e132a374
Reviewed-on: https://code.wireshark.org/review/17423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The RFtap protocol is a simple metadata header designed to provide
Radio Frequency (RF) metadata about frames.
For official specifications see: https://rftap.github.io/
Signed-off-by: Jonathan Brucker <jonathan.brucke@gmail.com>
Change-Id: I0d008b2baadcc5cc9577113e9795eef2691b961a
Reviewed-on: https://code.wireshark.org/review/17355
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 5fea2b5f41.
I.e., it puts back the change; the reverted version passed the tests on which the versions with this change crashed.
Change-Id: Idcc0eb11588cf14e2fe666de1905ee63917b0fcf
Reviewed-on: https://code.wireshark.org/review/17413
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit a04b6fcb3d.
Temporary revert to see if this prevents the "tshark -G" crashes being seen on the 64-bit Windows buildbot.
Change-Id: I561439039ca2667b72d7e2319a6f3f5f97e18d15
Reviewed-on: https://code.wireshark.org/review/17412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the debugging printouts.
The changes that were committed between the last build that didn't crash
and the first build that did were:
commit 961f743d69
Author: Peter Wu <peter@lekensteyn.nl>
Date: Mon Aug 29 01:34:22 2016 +0200
xml: fix some memleaks
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit a04b6fcb3d
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 22:19:29 2016 +0200
diameter: fix 400kb leaked memory on exit
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit 14312835c6
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 19:20:59 2016 +0200
pcapng: do not leak blocks
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
*If* one of those is the cause, my guess is that it's the Diameter one,
as the crash happens before any file is read (so it's probably not the
pcapng one) and thus before any dissection is done (so it's probably not
the XML dissector one).
Change-Id: I816c1bbd6078eab251efd02ebb7c3195f6dd1483
Reviewed-on: https://code.wireshark.org/review/17411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ifb68af443c6f13dfab99e32488d86c148621a316
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17399
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I72812fa0650da0cde37ea6cbef81a3c7a9ba333d
Reviewed-on: https://code.wireshark.org/review/17373
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The OMG standard has changed in this new version. I have fixed
the implementation.
Change-Id: Ie9054ed52c66580c76096af86e0fb8e34a44e9d1
Reviewed-on: https://code.wireshark.org/review/17348
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ica9fc960946542badb64af12769e7dfa3793db82
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17397
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We register dissectors for "Decode As" for {SSL,TLS}-over-TCP, so we
should actually set up the "Decode As" stuff for it.
Change-Id: I2a738667efdec1007069df74885a4fe8fc3fcbab
Reviewed-on: https://code.wireshark.org/review/17400
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dissection and display the problem more prominetly.
Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the heuristics fail to detect a resumed session, then it must mark
the session as a normal session. This will also prevent from
applying secrets that do not apply to this renegotiated session.
Bug: 12793
Change-Id: I90f794a7bbaf7f1839e39656ac318183ecf48887
Reviewed-on: https://code.wireshark.org/review/17376
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
strdup and strcmp is a recipe for leaking.
Change-Id: I522c71964e39f671a4101df9b2b432433fc1c12e
Reviewed-on: https://code.wireshark.org/review/17363
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use same wmem_epan_scope() as "w" (tvbparse_wanted_t).
Change-Id: I73fdb1fb3b55a91b7bb0fc36e435024c6f0b3d73
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17361
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix the "Number of SPIs" field name in the Delete payload.
References: RFC 2408, RFC 7296
Change-Id: I205fb830275fc011e6605fdae53c6b9141e1628b
Reviewed-on: https://code.wireshark.org/review/17353
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A XMPP stanza may be fragmented inside a conversation, so don't
check for this only when starting a new conversation.
Change-Id: I63b987184f52645e6c72c3c4155b39b7948de828
Reviewed-on: https://code.wireshark.org/review/17344
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Search address type by name iterates over an array, but fails to find its end.
Therefore it may dereference invalid pointers, or NULL.
Add the proper check in the for loop and make sure an end condition is always
there in the array searched.
Change-Id: I60ade9d438dc394340b6483b4fcb23e5ce432000
Reviewed-on: https://code.wireshark.org/review/17337
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some type changes were not carried forwared into the conversation
debugging code. These changes allow compilation again.
Change-Id: I90dde7cc94496828cf8931d74225773c2cea42a1
Reviewed-on: https://code.wireshark.org/review/17336
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added the dissection of three parameters.
Change-Id: I07e7b655ad7fd3462625c2fb565e41593c62f897
Reviewed-on: https://code.wireshark.org/review/17346
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Pardue
Change-Id: Ic3c53fce9751a556c5f1aa30d55687a60c9c6a4d
Reviewed-on: https://code.wireshark.org/review/17345
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I4852f6bad7a4c98b345ff198b33ab560eacb5ed0
Reviewed-on: https://code.wireshark.org/review/17341
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I9c4ede6ba2fb0303aab05f1d59835e5a8b386a3e
Reviewed-on: https://code.wireshark.org/review/17340
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The created XML proto_item can be faked (if not visible and not referenced),
so ensure we store the correct item length to be used in XMPP.
This will avoid an invalid "Malformed Packet" for some XMPP packets.
Change-Id: I79d805b725dbeb93f26a38b72bdcc84187aee16f
Reviewed-on: https://code.wireshark.org/review/17324
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
RFC 6120 section 4.6.1 defines the use of a single whitespace as
"whitespace keepalive", so indicate this in the Info column.
Change-Id: I685431d91be2a37fbd66f8d1cdabe53f33092e93
Reviewed-on: https://code.wireshark.org/review/17323
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
and also use the name of spec for field (Header BLock Fragment
Change-Id: I5a3884186258dac1f243f991a3392c875403eb97
Reviewed-on: https://code.wireshark.org/review/17310
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
show expert infos and return the number of bytes we dissected
Change-Id: Ibb12372e8670380137f4fc3d012d0b0afa4cd638
Reviewed-on: https://code.wireshark.org/review/17313
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>