Added the dissection of three parameters.
Change-Id: I07e7b655ad7fd3462625c2fb565e41593c62f897
Reviewed-on: https://code.wireshark.org/review/17346
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Pardue
Change-Id: Ic3c53fce9751a556c5f1aa30d55687a60c9c6a4d
Reviewed-on: https://code.wireshark.org/review/17345
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I4852f6bad7a4c98b345ff198b33ab560eacb5ed0
Reviewed-on: https://code.wireshark.org/review/17341
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Lucas Perdue
Change-Id: I9c4ede6ba2fb0303aab05f1d59835e5a8b386a3e
Reviewed-on: https://code.wireshark.org/review/17340
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Before redissection, PacketList::freeze() is called which clears the
model. This results in a NULL-deref when pressing Ctrl-F (Packet
Search) or Ctrl-G (Go To Packet). Reproducer: in a large capture file,
enter some display filter (e.g. "udp") and immediately press Ctrl-F.
Thanks to Github user SNAPESNATCH for the initial report via IRC that
included a helpful stack trace on Windows.
Change-Id: If7334d6df4e9591fb1f2a52e3e2f837285b2959f
Reviewed-on: https://code.wireshark.org/review/17326
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Both of them need to have the CAN ID/flags field of the header
byte-swapped as necessary to make sure it's in the *reading* host's byte
order, not the *writing* host's byte order, if the two are different.
Change-Id: Iac1589fdd9fe4d9ee6fbac8d821b48694d68919b
Reviewed-on: https://code.wireshark.org/review/17333
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The created XML proto_item can be faked (if not visible and not referenced),
so ensure we store the correct item length to be used in XMPP.
This will avoid an invalid "Malformed Packet" for some XMPP packets.
Change-Id: I79d805b725dbeb93f26a38b72bdcc84187aee16f
Reviewed-on: https://code.wireshark.org/review/17324
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
RFC 6120 section 4.6.1 defines the use of a single whitespace as
"whitespace keepalive", so indicate this in the Info column.
Change-Id: I685431d91be2a37fbd66f8d1cdabe53f33092e93
Reviewed-on: https://code.wireshark.org/review/17323
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I842fd2339788c2cbe5ca88294aaf74bf9adc5ae2
Reviewed-on: https://code.wireshark.org/review/17285
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
and also use the name of spec for field (Header BLock Fragment
Change-Id: I5a3884186258dac1f243f991a3392c875403eb97
Reviewed-on: https://code.wireshark.org/review/17310
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
show expert infos and return the number of bytes we dissected
Change-Id: Ibb12372e8670380137f4fc3d012d0b0afa4cd638
Reviewed-on: https://code.wireshark.org/review/17313
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use RVALS + BASE_RANGE_STRING for range_strings. This should fix the "-G
values" failure on the Win32 buildbot.
Change-Id: I9a42b66a22b615d3de9c04b485adc7b9aa2cc154
Reviewed-on: https://code.wireshark.org/review/17309
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When we set VG_ERR_CNT=1 print the reason.
Change-Id: Icb8f2a1e7074044521873b116fc891cc4be4b204
Reviewed-on: https://code.wireshark.org/review/17287
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This can happen for example is the heuristics changed between the Wireshark
version used to export PDUs, and the one used to open the file.
Instead, call data dissector.
Change-Id: I29f7754f883fd710c3557a610583ef988ca13e43
Reviewed-on: https://code.wireshark.org/review/17280
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Sharon Samuel Enoch
Bug:12780
Change-Id: I94ad5355cdfa4d8cd3915c9e261931ff56dc765b
Reviewed-on: https://code.wireshark.org/review/17272
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Read 4 bytes from the packet instead of 1 because that is the
correct size of the DOI field.
Reference: RFC 2408
Change-Id: I5745363811bb46af307a925d688ec36cfb29984b
Reviewed-on: https://code.wireshark.org/review/17271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Problem is that not all fields of UAT are updated on change (only those
defined in UAT definition with ikev2_uat_flds, specifically pointers to
encr_spec and auth_spec in ike2_decr_data_t were set to NULL.
Fixed by re-setting pointers after update table callback was called.
Also fixed memory leaks after UAT modification.
Bug was partially resolved with change
Ibdab979b5959eb561635cbcb446e17138baca87b
https://code.wireshark.org/review/17078
which eliminated crash, but decryption still didn't work after UAT
modification (DISSECTOR BUG was displayed).
Bug: 12748
Change-Id: I8209edd8e214d62e34b641fdd2e046b9ff4c95eb
Reviewed-on: https://code.wireshark.org/review/17249
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They follow the same dissection as normal 'Analog Change Report' Responses (FC0)
Change-Id: I854084f43fd0cc52ba02b6f1e760a63033ab48dd
Reviewed-on: https://code.wireshark.org/review/17270
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
We now check much earlier for an invalid message length; remove the
check done afterwards.
Also, note that dissect_netlink_error() should also check the message
length, to make sure it doesn't run past the end of the message, and
indicate why we are assuming an "integer" is 4 bytes (it's because the
RFC is vague here).
Change-Id: Ie0b5074acc852cdeaa008fee1125130a6c8771a1
Reviewed-on: https://code.wireshark.org/review/17279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
0 would cause an infinite loop. and any value < 16 is clearly wrong, so
if we see such a packet, just show the header's length field and stop
dissecting.
Bug: 12776
Change-Id: Iefc56b26b83ff5424968d065bdb9fa84a7a65481
Reviewed-on: https://code.wireshark.org/review/17277
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Msg3 PUSCH narrowband index parameter depends on the UL bandwidth
Change-Id: Ib57c85ffbd4c108e9c8f3d14fa53a48f0df1b0e6
Reviewed-on: https://code.wireshark.org/review/17274
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
doc/idl2deb.pod is licensed explicitly under GPL-2+ it is just
not recognized by the check.
Change-Id: Iabc7ee6bd6fe9080d6cdd28a29bb4c5f97b0ece9
Reviewed-on: https://code.wireshark.org/review/17268
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch shows the Information Elements (IE) defined by the
IEEE802.15.4. It dissects the information of those IE which are used
by the IETF WG 6tisch and announces the others. Here the list of the
fully dissected ones:
- For the header IEs:
- Time Correction.
- Header Termination 1.
- Header Termination 2.
- For the payload IEs:
- MLME:
- Nested Shorts:
- TSCH Synchronization IE.
- TSCH Timeslot IE.
- TSCH Slotframe and Link IE.
- Nested Longs:
- Channel Hopping IE.
- Payload Termination IE.
For the rest of the IEs defined in the standart, this patch shows them
but does not analyze their inner fields.
References:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal/
IEEE Standard for Low-Rate Wireless Personal Area Networks (WPANs).
Change-Id: I45292315fa532f08be6a218eb5756284a22eeee4
Reviewed-on: https://code.wireshark.org/review/16671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN with WIRESHARK_DEBUG_WMEM_OVERRIDE=simple set.
Manually inspection of all type casts to decrypt_data_t and
ikev2_decrypt_data_t showed no other users that do not check
isakmp_version first.
Change-Id: If889afff85a20e31222d33cbea8db3a91a77f389
Reviewed-on: https://code.wireshark.org/review/17246
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michał Skalski <mskalski13@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Return a value length of 0 if there's no parameter value.
(And don't return anything if the pointers through which we return them
are null.)
If no value is present, return NULL from ws_find_media_type_parameter().
Change-Id: I32b57623d7651bcf065af5b81f2390a600988b21
Reviewed-on: https://code.wireshark.org/review/17255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Backslash, in a quoted-string, escapes quotes (and any other characters,
although the only ones that *need* escaping are a double-quote and a
backslash).
This means that the value of a parameter isn't just the raw characters
from the parameters string; for a quoted string, it needs to be
un-escaped, and for a *non*-quoted string, it has to stop at the first
non-token character (you can put comments in). So
ws_find_media_type_parameter() must return an allocated string with the
actual value.
Get rid of index_of_char(); it doesn't do anything that strchr() does.
Change-Id: I36328ea71c28fe6ac4918a8e73c281a25f6be844
Reviewed-on: https://code.wireshark.org/review/17251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update to reflect current reality. Still needs a lot of work.
Change-Id: Id6bb12f5e8ca42bbadc237f148bb388b54a321e2
Reviewed-on: https://code.wireshark.org/review/17247
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some symbols are marked as appearing in 2.2 intentionally,
because they are cherry-picked to master-2.2.
Change-Id: Ia7807b3bddab0a069812f56c1be2eca8bf7d1cd4
Reviewed-on: https://code.wireshark.org/review/17232
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The symbols exported from libs should use less generic. preferably
prefixed names to avoid name collisions with other shared library
symbols.
Change-Id: I8323b3e194a7ee4d61baec0c007342fab6cbde84
Reviewed-on: https://code.wireshark.org/review/17229
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variable "channels_per_frame" could have caused a division by 0.
This is now changed, by stopping dissection in this case. A warning is
shown for this case.
Change-Id: I6d4dcb91b833a7d7f0759e28f56950b94ab1ed7e
Reviewed-on: https://code.wireshark.org/review/17228
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iea7c8d24f52cf8bd11e13a53853e11ec1ecdcd36
Reviewed-on: https://code.wireshark.org/review/17058
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Juanjo Martin