Fix compilation on OSX:
../epan/dissectors/packet-geonw.c:1248:164: error: format specifies type 'unsigned long' but the argument has type 'guint64' (aka 'unsigned long long') [-Werror,-Wformat]
proto_tree_add_uint64_bits_format_value(subtree, hf, tvb, (start << 3) + (*offset) - start, (((*offset) - start) << 3) - ((*offset) - start),tmp_val,"%lu",tmp_val);
~~~ ^~~~~~~
%llu
While here, minor indentation issues have been fixed.
Change-Id: I5fc37d337fc302a16210c784e75cf39085ef622e
Reviewed-on: https://code.wireshark.org/review/31186
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The use of this function has beed discontinued in
v2.9.1rc0-109-gee439bb82d.
Change-Id: I0106b0812ebabbe7fc754be6dc0e636c8088c835
Reviewed-on: https://code.wireshark.org/review/31181
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissects secured messages from GeoNetworking protocol as per
ETSI_TS_103_097 (v1 or 2). Msg_id or application id is used to determine
subdissector: "geonw.sec.v1.msg_type" and "geonw.sec.v2.app_id".
Unsecured and signed payloads are subdissected, encrypted payload is kept
as data.
Version 3 secured message dissection calls ieee1609dot2 dissector. No
subdissector is provided in this case.
Use Application ID as defined in ETSI_TS_103_965.
Change-Id: Iff90a0e433d7774790cda50a557631d65c6de2ce
Reviewed-on: https://code.wireshark.org/review/31164
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Editor change (No packet change)
Also update link to spec
Change-Id: I7b64edc1db85d6092858eab98098692ae5c69eb4
Reviewed-on: https://code.wireshark.org/review/31169
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AKE_Transmitter_Info and AKE_Receiver_Info commands now supported
Change-Id: I01b6c4811665023b60e26538c4678562eb217c1a
Reviewed-on: https://code.wireshark.org/review/31135
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Setting LIBRARY_OUTPUT_DIRECTORY to Wireshark.app/Contents/Frameworks
for each of our libraries ends up installing a fully versioned .dylib
along with soversion and unversioned symlinks, which is more than we
want and which wastes disk space when osx-app.sh dsymifies our
libraries.
Leave LIBRARY_OUTPUT_DIRECTORY unset and depend on osx-app.sh to copy
our libraries into place.
Bug: 15361
Change-Id: If0fbaa796b4be806e2aa13887e511a330fe55df5
Reviewed-on: https://code.wireshark.org/review/31139
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Failed Rule ID : FARDynamic by CP 3
to
Failed Rule ID : FAR: Dynamic by CP 3
Change-Id: Ib8383ec4f298c423bed38ffda36f0a0ebac65dc7
Reviewed-on: https://code.wireshark.org/review/31147
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will present the Header in unescaped format, without percent-coding.
ex.
&requester-plmn=%7B%22mcc%22%3A%22240%22%2C%20%22mnc%22%3A%2201%22%7D&
to
&requester-plmn={"mcc":"240", "mnc":"01"}&
Change-Id: I44296bf564a9dd75bf172503a277d48f116d26fd
Reviewed-on: https://code.wireshark.org/review/31119
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add temperature and power tags, represented using millidegrees/milliwatts.
Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number.
Also fix a few implicit floating point conversions (confirmed values are the same).
Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b
Reviewed-on: https://code.wireshark.org/review/31136
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Read the base64 decoded data into a wmem_alloc memory to avoid
a memory leak for each opened file.
Change-Id: I4cbb2c15dea43183ed741d54ae7c6ea2e83e46c0
Reviewed-on: https://code.wireshark.org/review/31112
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix according to review 31069
Change-Id: I03552eaba434597386d8bf386117a3366f2c3446
Reviewed-on: https://code.wireshark.org/review/31101
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All other error-return code paths set *dfp to NULL; make this one do so
as well.
Change-Id: I4015c1d53bdbac99cdeda158d7d01c8da7bf2562
Reviewed-on: https://code.wireshark.org/review/31102
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissector for Intelligent Transport System facility messages:
- Cooperative Awareness Message (CAM)
- Decentralized Environmental Notification Message (DENM)
- Infrastructure to Vehicle Information Message (IVIM)
- MAP (topology) Extended Message (MAPEM)
- Signal Phase And Timing Extended Message (SPATEM)
- Signal Request Extended Message (SREM)
- Signal request Status Extended Message (SSEM)
- Electric Vehicle Charging Spot Notification (EVCSN)
- Electric Vehicle - Recharging Spot Reservation (EVRSR)
- Tyre Information System (TIS) and Tyre Pressure Gauge (TPG) interoperability
Subdissectors:
- ITS version if ever the ITS PDU header is changed
- Version << 16 | MessageID to register new message dissectors
- RegionId << 16 | type to register regional extensions
AddGrpC regional additions already provided
TAP:
- its TAP with ItsPduHeader fields provided
Bug: 15148
Change-Id: I4c71d4dfa1d5d63cb57f61a4e1436a60a3482205
Reviewed-on: https://code.wireshark.org/review/31049
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When an open type is decoded in ASN.1 PER, one can define a dissector
for the content of the open type. Providing data to the inner dissector
is only possible through packet info private data or global vars.
Use the private_data field from ASN.1 context as the data for the inner
dissector. This avoids using packet info private data to communicate
with the inner dissector, especially if the data to be provided are only
"local" matter.
Ping-Bug: 15148
Change-Id: I8fd2cb69d52e371e7d713afe2cc4b2856fb39f7c
Reviewed-on: https://code.wireshark.org/review/31087
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When decoding an open type in ASN.1/PER and the content length is zero,
do not try to create a buffer. Doing so triggers an error in tvbuff.c.
Ping-Bug: 15148
Change-Id: If892e8c6a84cdfb268e3f6c50af0f7e30a89c59b
Reviewed-on: https://code.wireshark.org/review/31088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to TS 29.274, ch8.38. the UE NR security capability coding
is specified in clause 9.9.3.53 of 3GPP TS 24.501
Change-Id: I4e5352bf7a5c75a3766b2d1162d8d85c3566da86
Reviewed-on: https://code.wireshark.org/review/31074
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add ws_dofile() and ws_loadfile(), which are like the substitute
dofile() and loadfile() we provide, but that, on Windows, take a UTF-8
path rather than a path in the local code page.
Use that to load console.lua.
This means we can load console.lua on Windows even if the full path to
it includes non-ASCII characters.
Bug: 15118
Change-Id: Iaa00639563fe53a34e1e24e42022f3886a38e7c5
Reviewed-on: https://code.wireshark.org/review/31075
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also add the below minor fixes/enhancements:
- Fix O-bit in MT TLV (rfc5120)
- Add IPv4/IPv6 prefix string in a parent subtree
- Modify the IPv6 Reachability TLV dissector so that it would dissect in TLV format order
- Add a new SR Local Block TLV dissector (draft-ietf-isis-segment-routing-extensions-21)
- Fix offset in SID/Label sub-TLV
Change-Id: Ie317f094ff8f2ed3352e844c212eb59a677e18c6
Reviewed-on: https://code.wireshark.org/review/31069
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_cip_cm_data() was getting hard to read so:
1. Pull out some some logic into separate functions
dissect_cip_cm_unconnected_send_req
dissect_cip_cm_fwd_close_req
dissect_cip_cm_fwd_close_rsp_success
2. Reduce the scope of some variables.
No functional changes
Change-Id: I40c3dd5d2505b29991589ede4752c383348006ec
Reviewed-on: https://code.wireshark.org/review/31051
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id720d7857328c1f464c4568b0a279a864921b031
Reviewed-on: https://code.wireshark.org/review/31052
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Reassemble TCP segment so that IMAP dissector is called on message elements.
Content of fetched messages are parsed by IMF dissector. Dissected fields
are available to "Export Objects" menu item.
2. Request/Response tracking with timestamp between request and response in response frame.
Bug: 15090
Change-Id: Icdbef8c237965d2a59aa7726c5e6a681602c71ce
Reviewed-on: https://code.wireshark.org/review/30876
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I22450f09490f3d508f3865984d710469a8d119f0
Reviewed-on: https://code.wireshark.org/review/31050
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In IE User Plane IP Resource Information. If Associated Source Interface is present the length of Network Instance
is 1 octet less than the remaining length.
Change-Id: I4fc74f8ab69d0c441947d3d0149fe9e2106a2bc7
Reviewed-on: https://code.wireshark.org/review/31046
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Andreas Schultz <andreas.schultz@travelping.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replaced global vars with fPresentValue and wrapper functions.
Split bacapp.present_value dissector based on datatype for filtering.
Replaced char array buffers with wmem api calls.
Rebased commit onto latest master branch.
Removed date and time present_value field dissectors.
dissectors added:
bacapp.object_name
bacapp.to_state
bacapp.from_state
bacapp.notify_type
bacapp.error_code
bacapp.error_class
bacapp.event_type
present_value dissectors added:
bacapp.present_value.null
bacapp.present_value.boolean
bacapp.present_value.uint
bacapp.present_value.int
bacapp.present_value.real
bacapp.present_value.octet_string
bacapp.present_value.char_string
bacapp.present_value.bit_string
bacapp.present_value.enum_index
Change-Id: I3ba9327ee22787da59190204e808f8c10dc8fabd
Reviewed-on: https://code.wireshark.org/review/30847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implements V2X protocol dissectors:
* Geonetworking (network layer):
Dissector is registered on top of Ethernet (ethertype=0x8947). Secured
Packets are dissected up to the basic header, the rest is shown as data.
GN_ADDR address type is registerd and provides resolution of station
type and country code in the address. MID is shown as an ethernet address.
All the fields are dissected for non Secured Packets.
A subdissector table named "geonw.ch.nh" is provided on the next header
field. IPv6 is automatically registered. Heuristic dissectors is not
supported. If no dissector is foundd, payload is shown as data.
A preference boolean allows to enable/disable sequence number checking.
Tap "geonw" gets headers of all packets (with most fields).
Expert info tests if and provide feedback on:
- version is zero (no other version possible),
- reserved fields are zeros,
- payload_len matching with reported length of buffer,
- Remaining Hop Limit is 1 for Beacon and SHB,
- low RHL or RHL > Max Hop Limit,
- country code is less than 999 (3 digits ITU-T E.164),
- latitude, longitude, heading and angle limits,
- (suspected) duplicate packets,
- LS_REQUEST/LS_REPLY matching.
* Basic Transport Portocol:
BTP-X (X=A or B) dissectors are registered on top of Geonetworking.
Subdissector tables "btpx.port" allow to register for a given port,
while heuristic dissector can register to "btpx.payload". Decode as
capability is supported.
"btpx" taps get headers of all packets with ports/@ infos.
"btpx_follow" taps get the payload.
Bug: 15148
Change-Id: Iab5f4486d4c38068d9ad4361e77296b747f9b1bb
Reviewed-on: https://code.wireshark.org/review/30992
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group RAN-Secondary-RAT-Usage-Report and decoding of Secondary-RAT-Type
Change-Id: I33c1a0e21be64b5b5b4b9a4a40e9e718d89c9943
Reviewed-on: https://code.wireshark.org/review/31036
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie6bd309134ebbd27e90b2bf92a2df1abfdfe45a5
Fixes: v2.9.1rc0-3-g4803390686 ("Add new "rsa_keys" UAT for storage of RSA private keys")
Reviewed-on: https://code.wireshark.org/review/31031
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This fix prevents that a BoundsError is thrown in function try_decrypt for
packets with captured length less than packet length. Otherwise, some data
is not dissected.
Change-Id: I0dcd89b85b959f5712ff58b184bfa2e064746d0b
Reviewed-on: https://code.wireshark.org/review/31026
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Type of field wlan.ext_tag.ess_report.ess_info.thresh
must be FT_INT8 instead of FT_UINT8.
Change-Id: Icd1a121832d6a660550023a91d0b732385f68b60
Reviewed-on: https://code.wireshark.org/review/31016
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
v5 of sFlow has another bitmask for output interface
as v2 and v4.
This commit dissects v5 output interface according to
https://sflow.org/sflow_version_5.txt
Bug: 15325
Change-Id: I1c0f1958e5491a7683c716538e103a5d6b49869e
Reviewed-on: https://code.wireshark.org/review/30999
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
New built-in dissector for PCOM protocol (ASCII and binary modes included)
Bug: 15315
Change-Id: Ie13da6bfd7fefefbc5bb5df3461c7fc18261df81
Reviewed-on: https://code.wireshark.org/review/30823
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should eventually replace the "ssl_keys" UAT which additionally
contains a useless address, port and protocol field. This prepares for
HSM support through PKCS #11.
Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582
Reviewed-on: https://code.wireshark.org/review/30977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for different OUI: ST/IoTecha and Qualcomm-Atheros
Signed-off-by: Sergey Rak <sergrak@iotecha.com>
Bug: 15348
Change-Id: If71479339b95b5c26e84ffceb2f00307b3de680c
Reviewed-on: https://code.wireshark.org/review/30969
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Revert a wording Sub-TLV back to SubCLV according to review 30985.
Change-Id: I1f7a2a586d45fe8548c1589baa2803616cf5bd20
Reviewed-on: https://code.wireshark.org/review/31008
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The calculation for relative times incorrectly converted ms to ns.
Change-Id: I4357d89e45b3f31a5c222e4b8f82edc720766a6e
Reviewed-on: https://code.wireshark.org/review/31009
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Changed modelines: c-basic-offset: 4 to keep consistency between files
Also added style for emacs as it is the most common for this file
Signed-off-by: Sergey Rak <sergrak@iotecha.com>
Change-Id: I62b6e16d614ebe2bacce330e3aaa12796d6b248b
Reviewed-on: https://code.wireshark.org/review/30988
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extra data could be an indicator of a problem, or it could be that we
haven't added support in Wireshark for it yet. Either way, it's helpful
to show it, instead of hiding it.
Changes:
1. Show unparsed data in the CIP CM dissector
2. Clean up some offsets
Change-Id: Ieebe208aab1f293f97a8774a6a4de5d5dbd3df67
Reviewed-on: https://code.wireshark.org/review/31003
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Added a check that the Common Packet Format Item Length < remaining
data for that layer.
2. Added a check that there should always be at least 4 bytes available
for each Common Packet Format item (Type ID + Length)
Change-Id: Ie6f2b7904d52d8699c06cfef6844cf0032293d97
Reviewed-on: https://code.wireshark.org/review/31002
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add 2x new Safety Supervisor services
2. Add more enum types for Device Status
3. Match field names to current spec
4. Add some BASE_UNIT_STRING units
Change-Id: I8fedb7cea55fb44eccf641ca60ab849847db2620
Reviewed-on: https://code.wireshark.org/review/31001
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add cip.connection. This works just like tcp.stream, but for CIP
connections. This is added to CIP connected messages and the Forward
Open/Close messages.
Change-Id: Ib358c00dc0a4fd61065cb22b0e9b574ac43a44a4
Reviewed-on: https://code.wireshark.org/review/30984
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also add Strict SPF in SR-Algorithm Sub-TLV (draft-ietf-isis-segment-routing-extensions-21)
Change-Id: Icc564f093075d2d6edf5b25ac90e41c987ea71e8
Reviewed-on: https://code.wireshark.org/review/30985
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Data PDU sequence number 0 is illegal, add an expert info for this.
Don't include this packet in SEQ/ACK analysis.
Bug: 15337
Change-Id: I476088531e8a3605393ee1dedf1e8b159dac342b
Reviewed-on: https://code.wireshark.org/review/30980
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix false positive warning:
epan/dissectors/packet-cipsafety.c:1960:37: warning: suggest braces around initialization of subobject [-Wmissing-braces]
enip_conn_val_t eip_conn_info = {0};
This is a Clang bug: https://bugs.llvm.org/show_bug.cgi?id=39931
Change-Id: I9f3040ae6bd4d5a2fafe21a37ac4b504933eabcf
Reviewed-on: https://code.wireshark.org/review/30979
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dylan Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. For each connected data message, display generated connection
information including:
a. Connection Path from the initial connection
b. API values
c. Forward Open packet number. (This already existed, but moving it to a
consistent place in the tree)
2. Display O->T or T->O in the Info column depending on the direction of data.
3. Remove cip.conn_path_class filter. This was originally added to show
which type of data is in a given packet. But, it's not really needed
anymore because we have the generated connection path in each connected
data packet now.
4. Ensure dummy structs used for Decode As menus are zeroed out.
5. memset -> zero initialization
pcaps from the following bug reports are good examples:
Bug: 14939
Bug: 6617
Bug: 14916
Bug: 14958
Change-Id: I63885a5ca41f95e04f855a1e1dcd9ab3684f7eec
Reviewed-on: https://code.wireshark.org/review/30808
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Both NFSv3 and NFSv4 ACCESS reply dissection will be
sensible when the ACCESS request is not available (because the packet
containing the request was either not capture or truncated).
Bug: 15343
Change-Id: I5bf7b9905e85b1c1eb30e2949b9b246b54f9ec68
Reviewed-on: https://code.wireshark.org/review/30965
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is intended to be a replacement for get_token_len (from strutil.h) when its used on a tvb. It should be a little safer and remove the need for a dissector to use tvb_get_ptr.
Change-Id: Ib2d4a79718b6fba4eb9acc0129b13be6c8199a43
Reviewed-on: https://code.wireshark.org/review/30892
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add message type named 'fast extension' to analyze unprocessed messages
Bug: 15345
Change-Id: I62fce2b753899cb4f2ba833a58388906c9f0d2d3
Reviewed-on: https://code.wireshark.org/review/30954
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The CAT-TP specification says explicitly that the version bits must be
zero. Fail the heuristic check if they aren't.
I checked ETSI TS 102 127 V15.0.0 from
https://www.etsi.org/deliver/etsi_ts/102100_102199/102127/15.00.00_60/ts_102127v150000p.pdf
Bug: 15342
Change-Id: I05a886ccd5811f367abdb9faead4983d137c12c6
Reviewed-on: https://code.wireshark.org/review/30970
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Using the recent updates occasional 'trailing' byte warnings
occur if the key encodes a collection-ID, with these changes
we now get much better key decoding, without the warnings
with and without collections.
Change-Id: I9fc1e0d807c8054065a7346a09b0ce99d05f1e63
Reviewed-on: https://code.wireshark.org/review/30956
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Previous decoding showed "Unknown TLV: <TLV value>". This was confusing, because people interpreted the value as the type of the unknown TLV.
Change-Id: Ia9259db547fca393c248f78ea7c758969b69548e
Reviewed-on: https://code.wireshark.org/review/30959
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
UATs are loaded at startup, no need to do it again. Call chain:
epan_load_settings -> read_prefs -> init_prefs -> uat_load_all.
Change-Id: I57caabafb16b0b46fcb6d1621dd6b503154c805c
Reviewed-on: https://code.wireshark.org/review/30958
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Correctly print out the AP Tx Power level.
2. The A-Control UL MU Response field was renamed to the TR Response field.
3. Handle padding correctly in the A-Control field.
Change-Id: I33000aa28b9e00ab97ca30d53907685e302c49c2
Reviewed-on: https://code.wireshark.org/review/30918
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those IEs have specific dissect methods that expect offset to point to
the IE type, not to its value. Furthermore, those methods already add a
subtree, so no need to create it for them.
Related: https://osmocom.org/issues/3705
Change-Id: Ia63253b95678b799f59ed945d1381f4eb01be636
Reviewed-on: https://code.wireshark.org/review/30931
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always initialize our length in dissect_oer_length_determinant. Its
callers assume that this happens and doing so should fix some scan-build
warnings.
Change-Id: I67abc19417e6437b9302b880164140fb8a773204
Reviewed-on: https://code.wireshark.org/review/30935
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not allways good to pick up frames for related call legs when
filtering.
Make different hf:s for the two use cases.
Change-Id: I33c640636a76173f3a7952f4a740491ccfac276d
Reviewed-on: https://code.wireshark.org/review/30922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To stop accepting SIP messages on the
hart-ip port.
Change-Id: Ifc653f4a3defb823336914e8be6f20453aedb6fe
Reviewed-on: https://code.wireshark.org/review/30914
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to MS-SFU 2.2.2 PA_S4U_X509_USER checksum section;
PA-S4U-X509-USER may be returned inside encrypted-pa-data, but
it contains just the checksum data so do not try to dissect it.
Quote:
The padata of type 130 in the encrypted-pa-data field contains
the checksum value in the S4U request concatenated with the
checksum value in the S4U reply.
Change-Id: Ia124f56914ef2fefd5b0a64fccd176911321f246
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding a collection-ID from the
key-bytes.
Update DCP as collection_len is no longer in the
protocol and the system events have changed.
Change-Id: Ib910083d929a906729e2bba2b0f07ba23e093cf5
Reviewed-on: https://code.wireshark.org/review/30895
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of Support Type Object LB type.
Change-Id: I7e654faed4874a87865f1d94a372eb8f00dde412
Reviewed-on: https://code.wireshark.org/review/30903
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the couchbase packet dissector with some re-factoring of the
FlexFrame dissector and then extra functionality for:
* FlexFrame on requests (magic 0x08)
* Durability
* Out-Of-Order requests
* DCP Stream ID
Additional checks are added to warn/error for invalid frame lengths and
for the case where the FlexFrame byte0 is 0xff, which is not defined by
the protocol.
Change-Id: I5f1fec8293284dadbdef717d02fa1eef27da7a0c
Reviewed-on: https://code.wireshark.org/review/30894
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 4154e35cde.
Apparently we do need to call PeekNamedPipe on Windows.
Change-Id: I9c9bbcb56bf1e1c2e6ae240ac5056b8a80674f15
Reviewed-on: https://code.wireshark.org/review/30900
Reviewed-by: Gerald Combs <gerald@wireshark.org>
GAP field dissection shows an acknack analysis. This analysis doesn't
make any sense in the GAP field.
Change-Id: I9c4cca2b722390112b6a350bd2310b48874e5c9d
Reviewed-on: https://code.wireshark.org/review/30897
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Somewhere in the code the handling of the offset goes wrong.
Instead of incrementing the offset it's the pointer to the offset
which is being incremented, leading to all sorts of problems.
Add a dereference to these few statements which lack them.
Bug: 15322
Change-Id: If575711a5b120f25f0172e0efb26e01f07244e8b
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30899
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
use an hf variable of type FT_ADDR
Change-Id: Ice88965825d05ee10825b1a7dc91475ffaa75cb2
Reviewed-on: https://code.wireshark.org/review/30890
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When no content is provided, creating the tree with empty content leads
to malformed IMF.
Ping-Bug: 15090
Change-Id: Idf521c26f69638a94300792e50dba29645a45a68
Reviewed-on: https://code.wireshark.org/review/30874
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The asn1 is based on [MS-SFU] 2.2.2 PA_S4U_X509_USER
Change-Id: Ic072b7c4eca5c924da8833f85529098f6a93f436
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Correct cluster ID
- Parse ZDP Status
- Move from client to server
- Classify as notify instead of request
Change-Id: Idb3d26d3212af2762465d7ec02efcb8978830af3
Reviewed-on: https://code.wireshark.org/review/30859
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic559133086f4529f8dcc7b99cce6dbb97c11e197
Reviewed-on: https://code.wireshark.org/review/30860
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Two trivial cleanups of the definition of the tftp.destination_file field:
There is probably no need to shout DESTINATION in capital letters, and change
"source" to "destination" in the field's blurb.
Testing Done: Built on macOS 10.12.6. Examined the capture attached to
bug 10305 (tftpConversationError.pcapng, which includes a TFTP WRQ), and saw
that the capitalization of the "Destination File" field is as expected in
the packet dissection, and that the status bar now describes the field as
the "TFTP destination file name".
Change-Id: I9f5bded321c16d4e200bf1caf80ad5733ecc8287
Reviewed-on: https://code.wireshark.org/review/30857
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handling of preferences is often done in the dissector handoff
registration. Therefore this function is often registered as
callback while registering preference handling for the module.
In this way the preferences are processed both when registering
the dissector and when changes happen.
Some dissectors opt to register a seperate callback function to
be called when preferences change. Now these have to be called
from the dissector handoff function explicitly, in order to have
the preferences processed during dissector registration.
This becomes explicitly apparent when the port registration comes
into play. With the migration to using dissector registration on
ports with preference this port (range) is often retrieved from
the preferences to match against the ports in a packet to determine
an incoming or outgoing packet of a server. In case the callback
function is not called from the dissector registration this
determination fails, until the preferences are applied/changed,
causing the preference handling callback to be called.
This change add the calling of the callback during dissector
registration, fixing some dissector port registrations in the
process.
Change-Id: Ieaea7f63f8f9062c56582a042a3a5a862e286406
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30848
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done in epan_init.
Change-Id: I2bbfd22ef4a552003dc3644e9d21b5a5ca3465ba
Reviewed-on: https://code.wireshark.org/review/30849
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Apply change 30835 to dissector functions for version draft_01_v6 of the
protocol.
Dissector code added flag values in the "branch" label. Individual flags
are '0' when expanding the branch in the packet details pane due to
wrong definition.
Values on the branch label should be added by proto_tree_add_bitmask.
Use proto_tree_add_bitmask_with_flags instead. Remove code that adds
flag values to label "by hand" and remove unused local vars.
Change-Id: I1f639e4b0e617834276f2e11283315ac8b1594f1
Reviewed-on: https://code.wireshark.org/review/30843
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector code added flag values in the flag branch label.
Values should be added by proto_tree_add_bitmask.
Individual flags were all '0' when expanding the branch
in the packet details window.
Use proto_tree_add_bitmask_with_flags instead and correct
flags values and length (as in packet-ip.c). Remove flag
values adding to label "by hand" and remove unused local vars.
Change-Id: Id5bc63d2e1a0453664d21f554f0f3b8c36d7263f
Reviewed-on: https://code.wireshark.org/review/30835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/3241539.3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for
decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer).
Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9
Reviewed-on: https://code.wireshark.org/review/30833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RSA private keys can only be used for decrypting TLS sessions with a
full handshake that use the RSA key exchange. However currently the RSA
private key is always looked up even if it cannot be used (for example,
due to an (EC)DHE cipher or due to a resumed session).
Defer lookup of these private keys and make some more code conditional
on the availability of GnuTLS at compile time since future changes
switch to GnuTLS for RSA decryption.
Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a
Reviewed-on: https://code.wireshark.org/review/30831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently our Windows code looks for data files in the same
folder as the binary executable (presumably to make the
application relocatable, although it should be possible
to improve this with relative paths?).
Ping-Bug: 15301
Change-Id: I0fef4e87dc9d1d8edef81dd11755761fddd0fd12
Reviewed-on: https://code.wireshark.org/review/30819
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to the lack of setting the size of the data objects,
the exported objects file contains junk data. Set the
actual size of the object data feed to the tap.
Patch originally from Darius Davis <darius@vmware.com>
Bug: 15304
Change-Id: I020a9f010e97f960e8a60b4c991acd0f678ec39c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30803
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The attribute value of the ifname attribute is a 0-terminated string that
contains the interface name. Add an hf variable for this name and
display it as a string.
Change-Id: I0bd4caae49274f3e471a6eefb210db8d56f020f7
Reviewed-on: https://code.wireshark.org/review/30789
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix `tools/generate-nl80211-fields.py --update` to match the output from
v2.9.0rc0-1896-g43134ae252 ("netlink-*: fix various VALS/TFS misuse").
Update to match nl80211.h from Linux v4.19-rc6-1865-g0d4e14a32dca.
Change-Id: I101146867a62f2f881752c42229a218c12d6dda7
Reviewed-on: https://code.wireshark.org/review/30794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Due to a incorrect check the details of MCAST-VPN NLRI were
never dissected. Also the Originating Router's IP Addr of a
S-PMSI A-D Route was not dissected.
Bug: 15307
Change-Id: Ic7481ed034e4cbf0dcab4aa150f05da2f5aac508
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30796
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When frame data exceeds the snap length given in the PCAP file header,
add an expert item warning of this inconsistency.
Change-Id: I700fd987320d7505aee33158895ba32ec2b480f6
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30788
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TFTP protocol uses 16-bit block numbers. After block 65535, the block
number simply wraps back to zero. This change implements recovery of the bits
lost from the upper end of the block number, allowing for correct tracking of
block numbers in large TFTP transfers. The resulting "Full Block Number" is
added to the TFTP tree, marked as GENERATED; The "Full Block Number" is now
used in all places which previously received the truncated 16-bit block number.
An expert note is added when the block number at the protocol level is about to
wrap around to zero.
I chose to use 32 bits for the block numbers... even with the absolute-minimum
blocksize (8 bytes), that allows for 32 GByte files to be correctly handled;
With a more reasonable blocksize, it theoretically allows for files on the
order of terabytes.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including the transfer of a large file
(115,836 blocks of 1,456 bytes each). Observed that the packet info shows
untruncated block numbers where previously the displayed block numbers would
wrap back to zero after block number 65,535. Constructed a few packet
captures with bizarre sequences of block numbers, and observed that they
were dissected as expected. Checked that a display filter for "tftp.block"
and "tftp.block.full" worked as expected.
Bug: 15305
Change-Id: Ic72ca49c975b1db76e8c5653e64e2a7c34eede5d
Reviewed-on: https://code.wireshark.org/review/30775
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Adding rfc4884 support failed to properly add the unused fields if
no length field was present.
- The was a logic error when both length and MTU size were present.
- reformat the lines in that section to no longer adhere to 80 columns
Change-Id: I3bcca25cc7d5e866a040c5c6a8011144ebc3370e
Reviewed-on: https://code.wireshark.org/review/30781
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes a bug where the packet direction was reversed
for WTAP_ENCAP_BLUETOOTH_HCI (aka raw HCI or H1).
Change-Id: I2f404ed543062818ac6a8c6ca58d5ecfd7644bc8
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30778
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 6733, ch3. specifies message length field as three octets and indicates the
length of the Diameter message including headers and padding.
Change-Id: I73694a085bbafb3ae280e02fa4c9e26868b31f76
Reviewed-on: https://code.wireshark.org/review/30772
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Instead of annotating every TFTP ERROR packet as "TFTP blocksize out of range",
let's flag them as TFTP error packets using their own expert info type.
Let's also try to figure out whether an ERROR packet represents a "close"
operation after a transfer-size ("tsize") query. Such ERROR packets aren't
really errors, so we can use a separate expert info type to report those with
lower severity.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including tsize probes and real errors
(file not found, permission denied). From the menu, chose Analyze > Expert
Information, and saw the tsize probes listed together at "Chat" severity,
and actual errors reported at "Warning" severity, all appropriately labeled.
Change-Id: I5605ce00559264ed94a47435c8f6d253f143fefb
Reviewed-on: https://code.wireshark.org/review/30760
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In RTI Connext DDS 5.3.3 and later PID_TYPE_CONSISTENCY has six
new fields: Ignore Sequence Bounds, Ignore String Bounds,
Ignore Member Names, Prevent Type Widening, Force Type Validation,
Ignore Enum Literal Names.
Change-Id: I456097a3baf733351dcb86f2cba0a3f03d2fc100
Reviewed-on: https://code.wireshark.org/review/30753
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packets.
Topic Information Feature used to link packets belonging to the same
topic now is used in APP_ACK and APP_ACK_CONF packets.
Change-Id: Ib4e1dd4dfed41962bc76e8600a1213247a3bf588
Reviewed-on: https://code.wireshark.org/review/30752
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When no mask is allowed, reject addresses like "aa:bb:cc:...".
Fix the type of 'cp' to avoid reading from a negative array index.
Fix parsing, a nibble is four bits, not eight.
Bug: 15297
Change-Id: Ibb0d0c17005b1e6213c09092e4b3c888a9024304
Fixes: v2.9.0rc0-2629-g3bb32ede26 ("addr_resolv: add fast path for parsing addresses from manuf")
Reviewed-on: https://code.wireshark.org/review/30768
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manuf file is large but has a consistent format (25.7k entries with
three octets, 9.8k entries with a mask). Add a fast path for this file
that is 20% faster (saves 20ms on an unoptimized Debug+ASAN build).
Change-Id: Ida509b0305caf4e26131dc5cf5fb04c49392ad4b
Reviewed-on: https://code.wireshark.org/review/30757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Cleanup to unify the two distinct places where tftp_info was identically created
and initialized. While we're here, remove two unnecessary initializers of
'conversation'. Behavior should be unchanged.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of TFTP
packet captures in the GUI.
Change-Id: I9702a3dbeea357ec903166144918a71abc742846
Reviewed-on: https://code.wireshark.org/review/30758
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The key for the manuf table is 24 bits of the ether addr while the key
for services table needs is a 16 bit port. Store this value directly,
saving some memory and improving startup time by a tiny bit.
Likewise for ipxnet_hash_table and vlan_hash_table. These tables seem
unused though, perhaps it should be removed.
Change-Id: Ide9ffad8e2c9af24afa82adb2e009f32a5f43d38
Reviewed-on: https://code.wireshark.org/review/30756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
An unoptimized, Debug+ASAN `tshark --version` takes about 1 second. 17%
of the cycles are spent in addr_resolv_init and 7% within fgetline. Use
fgets instead, now fgetline only costs ~0.5% (11% for addr_resolv_init).
This limits the line length to 1K which should more than be sufficient
for all involved files (longest lines: manuf 154, services 222).
Change-Id: I8fe4dff317beaa2926c4106909b10898bcd35f21
Reviewed-on: https://code.wireshark.org/review/30755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie900a70477a21b82650e6504d3b2f175f20c7caa
Reviewed-on: https://code.wireshark.org/review/30725
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new line that explains the Platform ID, e.g. "Z101: vCMP Guest"
Also: Include the terminating zero bytes of STRINGZ values in the highlighting.
Change-Id: I6b79af708816c5c2b45d1c50d9a3587f46906018
Reviewed-on: https://code.wireshark.org/review/30724
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
systemd Journal Export text fields are UTF-8. Use tvb_get_string_enc
instead of tvb_format_text. Use col_add_str to add packet-scoped strings.
Change-Id: I01d8d9127e6baf2f9c27d1e4a66071ec6173f181
Reviewed-on: https://code.wireshark.org/review/30708
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following CIP Safety Supervisor services skipped processing the first byte:
Safety Reset
Configuration Lock
Mode Change
Change-Id: I90e411ced410f9924565d50c8d6bf44e92859e2c
Reviewed-on: https://code.wireshark.org/review/30728
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added decodings for TLVs 46.10 and 46.11.
Fixed formatting of TLVs.
Change-Id: Iec8829929a8b6981e1760614f76d16400b94d05c
Reviewed-on: https://code.wireshark.org/review/30709
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implementing ICMP extended echo (RFC8335) for IPv6.
To dissect ICMP Extension objects we use the IPv4
implementation.
Bug: 14457
Change-Id: I5be59ccf9058466369c072cfed3ad1cd17bf243b
Reviewed-on: https://code.wireshark.org/review/30563
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
JSON-GLib was added in v2.9.0rc0-201-g511c2e166a, but is no longer
necessary since we have a home-grown JSON dumper (wsutil/json_dumper.h).
Remove the remaining traces and additionally remove GObject from
FindGLIB2.cmake since it was only added for JSON-GLib.
Change-Id: If9dfd2c60cec130f98109d100bdb6618bde06ba0
Reviewed-on: https://code.wireshark.org/review/30733
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.
API design goals of the new JSON dumper library:
- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.
Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).
The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)
A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.
Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename wsjson_unescape_json_string to json_decode_string_inplace
(inspired by the g_base64_decode_inplace name). Rename
wsjson_is_valid_json to json_validate (inspired by g_unichar_validate).
Ideally json_parse is inlined with its user (sharkd_session.c), but that
requires exporting the jsmn_init and jsmn_parse functions... Hence the
dependency on jsmn.h remains in wsjson.h.
Change-Id: I7ecfe3565f15516e9115cbd7e025362df2da5416
Reviewed-on: https://code.wireshark.org/review/30731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo
Pau Espin