The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
If we shortcut the HTTP header check because the file starts with
a non-ASCII character, but we think that it is Continuation Data
because we've seen real HTTP in the same conversation, mark the
data as file data and send it to the follow tap, just as we would
if it failed the more extensive checks for being a header. Deals
with cases where desegmentation isn't performed (whether because
of prefs, missing packets, bad checksums, etc.)
Related to #13918.
According to tvbuff.h, tvb_new_subset_length() with length -1
should behave like tvb_new_subset_remaining(). That means that
the reported length should subtract off the offset into the
original tvb.
Add support for displaying one or more packet hashes that
have been recorded in EPB options.
A patch to add support for EPB hash option is pending for next
DPDK release.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When calling quic_find_stateless_reset_token, only change the
from_server pointer is the reset token is actually found.
Fixes a few cases where a new Initial connection is sent with
client and server reversed. Also fixes an error failing to
dereference a pointer to a boolean.
ECC_SM4_GCM_SM3 is defined in GB/T38636-2020
Information security technology-Transport layer cryptography protocol
which is a Chinese national standard.
the gcm behaviour of ECC_SM4_GCM_SM3 is the same as TLS1.2.
Added dissections for the following PIDs:
- PID_PARTICIPANT_SECURITY_DIGITAL_SIGNATURE_ALGO
- PID_PARTICIPANT_SECURITY_KEY_ESTABLISHMENT_ALGO
- PID_PARTICIPANT_SECURITY_SYMMETRIC_CIPHER_ALGO
- PID_ENDPOINT_SECURITY_SYMMETRIC_CIPHER_ALGO
ECC_SM4_CBC_SM3 is defined in GB/T38636-2020
Information security technology-Transport layer cryptography protocol
which is a Chinese national standard.
prf alg of ciphersuites defined in GB/T 38636-2020 are the same as TLS1.2.
These IEs were introduced back in 2018, see:
https://gerrit.osmocom.org/q/I93850710ab55a605bf61b95063a69682a2899bb1https://cgit.osmocom.org/libosmocore/commit/?id=1b729ce106f474e29e7bbd57c01c3472e75a8b25
Below is an example PDU containing them:
GSUP SendAuthInfo Request, IMSI: 901700000043352
Message Type: SendAuthInfo Request (8)
IE: IMSI, 901700000043352
Information Element Identifier: IMSI (1)
Information Element Length: 8
IMSI: 901700000043352
[Association IMSI: 901700000043352]
Mobile Country Code (MCC): International Mobile, shared code (901)
Mobile Network Code (MNC): Clementvale Baltic OÜ (70)
IE: Supported RAT Types
Information Element Identifier: Supported RAT Types (41)
Information Element Length: 1
Supported RAT Type: EUTRAN (SGS) (3)
IE: Current RAT Type
Information Element Identifier: Current RAT Type (42)
Information Element Length: 1
Current RAT Type: EUTRAN (SGS) (3)
Modernize the handling of experimental TCP options based on
RFC 6994. In particular use ExID instead of magic (which
in the context of RFC 6994 are the last two bytes of a
32-bit ExID) and add a desciption of ExID based on the
current state of the IANA registry.
Don't add the protocol to the tree if heuristics fail.
Make sure that we have enough bytes to perform the heuristics.
If the magic number is wrong, don't go on to retrieve the ifd offset.
Windows processes inherit all inheritable handles when a new process is
created using CreateProcess() with bInheritHandles set to TRUE. This can
lead to undesired object lifetime extension. That is, the child process
will keep ineritable handles alive even if it does not use them. Up to
Windows Vista it was not possible explicitly list handles that should be
inherited. Wireshark no longer works on Windows releases earlier than
Vista, so use the new API without checking Windows version.
Require all callers to win32_create_process() to pass in the list of
handles to inherit. Set the listed handles as inheritable shortly before
calling CreateProcess() and set them as not inheritable shortly after
the process is created. This minimizes possibility for other callers
(especially in 3rd party libraries) to inherit handles by accident.
Do not terminate mmdbresolve process on exit. Instead rely on process
exit when EOF is received on standard input. Previously the EOF was
never received because mmdbresolve inherited both ends of standard input
pipe, i.e. the fact that Wireshark closed the write end was not observed
by mmdbresolve because mmdbresolve kept write handle the standard input
pipe open.
That should never be the case; if you slice off part of a sausage, the
remainder of the sausage cannot be longer than the original sausage.
Warn about that.
If ssl_add_vector is called with a offset past offset_end,
add the malformed buffer too small expert info and return
failure instead of failing an assertion. Malformed packets
can cause this to happen, so it's not necessarily a dissector
bug.
Also change the other assertion to output the result of the
comparison to aid in debugging.
Related to #17890.
The semantics behind ws_pipe_close() were broken since its introduction.
Forcing process termination on Windows, while simply setting variable on
other systems results in more OS specific code sprinkled all over the
place instead of less. Moreover ws_pipe_close() never handled standard
file handles. It is really hard to come up with sensible ws_pipe_close()
replacement, as process exit is actually asynchronous action. It is
recommended to register child watch using g_child_watch_add() instead.
Do not call ws_pipe_close() when deleting capture interface. Things will
break if extcap is still running when interface opts are being freed and
terminating process won't help.
Rework maxmind shutdown to rely on GIOChannel state. For unknown reason
TerminateProcess() is still needed on Windows. The actual root cause
should be identified and fixed instead of giving up hope that it will
ever work correctly on Windows. In other words, TerminateProcess()
should not be used as a pattern, but rather as a last resort.
Move all the declarations of routines that are internal and
not for use by dissectors from column-utils.h column-info.h
Move the column max length defines into column-utils.h because
dissectors might need that
Since packet.h already includes column-utils.h, dissectors don't
need to include column-utils.h anymore.
Remove or downgrade a few other column header includes that are
unnecessary.
The ECN-Echo flag is abbreviated in RFC 3168 using ECE, not ECN.
In addition, when displaying the flags, no abbreviations are
used. Therefore, do the same for the CWR flag.
Guy Harris
Vadim Yanitskiy