This matches the description at
https://www.museek-plus.org/wiki/SoulseekProtocol,
where some fields are uint32 but many are just 'int'.
Change-Id: I192aaf9ca84ccee7b52d266083bbbd8baef28685
Reviewed-on: https://code.wireshark.org/review/38060
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix some status message and tooltip issues introduced when enabling
autocomplete on find packet search in g0162ba73.
1. Enable or disable completion only when search type is changed.
This setting is used in checkDisplayFilter(), which used to be
called *before* changing allowCompletion in updateWidgets(), and
this was causing issues with wrong status messages.
2. Check filter (usually triggered by changes in the search line)
or reset filter syntax (added by DisplayFilterEdit) when search
type is changed. This will trigger an update of the status message
and the tooltip.
3. Stop checking display filter if not doing completion (not display
filter search). This will avoid setting a status message from a
previous illegal display filter.
Ping-Bug: 16638
Change-Id: I1534d9494cc4d7b7a0583cb845c091ae709458ae
Reviewed-on: https://code.wireshark.org/review/38061
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some heuristic functions (example: dtls over stun) perform exact checks on
paylaod length, so we need to skip any padding added by TURN layer
(RFC 5766, 11.5).
Bug: 16756
Change-Id: Iaaf3dc83fbc5f5f8d0af1cabfe94861480fe7c98
Reviewed-on: https://code.wireshark.org/review/38042
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Pop the filter syntax message in search frame when changing search type
and when hiding the widget to avoid having outdated status messages.
Change-Id: I87c63c070621cff0d5ecebc2fcd41f9d7c02adec
Reviewed-on: https://code.wireshark.org/review/38051
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibaa5b074a1d98a5be17e5f1514c5666a64fefafb
Reviewed-on: https://code.wireshark.org/review/38050
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
code to dissect PASSWORD-ALGORITHMS and PASSWORD-ALGORITHM attributes is
ready to go.
Change-Id: I6fcfb1da49c596a11b3c5b0e3dce51e47f1f7c1c
Reviewed-on: https://code.wireshark.org/review/38047
Reviewed-by: Guy Harris <gharris@sonic.net>
The current TECMP code shows embedded CAN or FlexRay frames but
does not allow other dissectors to further dissect them. This
patch adds this feature.
Bug: 16738
Change-Id: I7f886c8d42a52c4bd55bdb14aed7459eed1af42d
Reviewed-on: https://code.wireshark.org/review/37972
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Autokey was not properly supported, the v2 version check looked at the
wrong field (Code instead of Field Type). Since nobody noticed it, let's
remove it to simplify the code.
Improve the Extension Field (EF) heuristics to ensure that larger digest
sizes such as SHA-512 are recognized, and to support messages without
MAC. Previously only MD5 and SHA-1 were supported as these are the only
ones that are defined by the RFCs.
The ntp_ext_field_types array was generated by:
curl -s https://www.iana.org/assignments/ntp-parameters/ntp-parameters-3.csv |
awk -F, 'NR>=2{printf "{ %s, \"%s\" },\n", $1, $2}' | sort -n
Tested with md5_dgrams.pcapng and sha1_dgrams.pcapng (Bug 11580) and
NTP-with-mac.pcap (Bug 16640). Also checked against the NTS capture
(go_embeded.pcapng, bug 16222), but TCP reassembly is not supported so
the last part of the first segment is wrongly dissected as MAC.
Bug: 16640
Change-Id: I07fc46c6d8995e6c791952dd7cd84d798cddd21a
Reviewed-on: https://code.wireshark.org/review/38037
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable Link Time Optimization, also known as Interprocedural Optimization
if the compiler supports it.
Added a CMake option (ENABLE_LTO), defaulted to ON only on Windows
Change-Id: Iea02b00aac12cc9a62595eeb8ff52382f1c4ddcd
Reviewed-on: https://code.wireshark.org/review/37573
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bellcore (now Telcordia) GR-317 and GR-394 are used in the U.S. and are
more similar to ANSI ISUP than ITU Standard ISUP. This fixes decoding
the Jurisdiction (aka JIP) optional parameter.
"gr317" is listed in RFC 3204, Table 1 on Page 2. Telcordia's name for
this standard is "LSSGR: Switching System Generic Requirements for Call
Control Using the Integrated Services Digital Network User Part
(ISDNUP)".
"gr394" is the value used by our Ribbon (formerly Genband) C15 switch.
Telcordia's name for GR-394 is "LSSGR: Switching System Generic
Requirements for Interexchange Carrier Interconnection (ICI) Using The
Integrated Services Digital Network User Part (ISDNUP)". The difference
from GR-317 is "Call Control" vs "Interexchange Carrier Interconnection
(ICI)". These calls are indeed interexchange calls.
Given that only "gr317" is listed in RFC 3204, arguably our Ribbon C15
should be sending this as "version=gr394; base=gr317" or just as
"version=gr317", but I have no control over that and would like to
decode the traffic as seen in the wild.
Bug: 16752
Change-Id: I24c7b2e175606e1c91bcb2e96a3372f62055e293
Reviewed-on: https://code.wireshark.org/review/38038
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
generate_merged_idb() can generate multiple IDBs, so rename it to
generate_merged_idbs().
Change-Id: I4c54326f69ff0de16f0a716b7c82beefdda99cbd
Reviewed-on: https://code.wireshark.org/review/38040
Reviewed-by: Guy Harris <gharris@sonic.net>
Make the DCE/RPC heuristics a bit more discriminating by checking
a few more header fields for illegal values. Reduces false positives.
Change-Id: Ic3d6c7ce62b64b2042922adb104294600b0db673
Reviewed-on: https://code.wireshark.org/review/38028
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include stdlib.h for bsearch(). This is needed when building on RPi.
Change-Id: Ia0969d7785b59b4adfd10a332a20beb26a99fcb7
Reviewed-on: https://code.wireshark.org/review/38036
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reduce the minimum systemd journal block size from 212 to 35. The larger
minimum was based on the Journal Export Format file reader, but we don't
need to be as strict here.
Update some comments.
Bug: 16734
Change-Id: Iad7227f29ff22f908e2fd49be0f11c9ad03fa7b9
Reviewed-on: https://code.wireshark.org/review/38035
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to 3GPP TS 44.014, section 8.1, type of the TCH loop is
edcoded in bits 2..6, so we should exclude bits 1, 7, and 8.
Before the patch:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 0100 = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
after:
DTAP Tests Procedures Message Type: Close TCH Loop Cmd (0x00)
Close TCH Loop Cmd Sub-channel
..00 010. = Test Loop: C
.... ...0 = Subchannel: Sub-channel 1 of two half rate channels is to be looped
Change-Id: Ie8ee23c6ce0a487d6a96b27324537372449946cb
Reviewed-on: https://code.wireshark.org/review/37981
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We have two places where we want to dissect some fields as being in the
opposite byte ordere from the host on which we're running; move the
definition of ENC_ANTI_HOST_ENDIAN from packet-socketcan.c to proto.h,
and use it in packet-enc.c.
Change-Id: I1d0f9b037fe3b8ca6ed774a11063ba518a3922bf
Reviewed-on: https://code.wireshark.org/review/38023
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Change-Id: Id2b1cbc9e5416c24556c1c2f42d68e4012e29e24
Reviewed-on: https://code.wireshark.org/review/38017
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ifad2e02ef6e710c67801ea8479495736bf310d29
Reviewed-on: https://code.wireshark.org/review/38020
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the fiels that are claimed to be in "host endian byte order" are
also used for the Linux USB/IP protocol, where they're big-endian.
Change-Id: I8e17d6d6e848ba9cd3465bb3b1debe385c522392
Reviewed-on: https://code.wireshark.org/review/38022
Reviewed-by: Guy Harris <gharris@sonic.net>
We now have ENC_HOST_ENDIAN, so we can use it to add host-endian fields
with proto_tree_add_item().
Instead of fetching field values directly, use
proto_tree_add_item_ret_{}int() to get the value.
Change-Id: I96b9a55174594bf04f805af559c2521cd813e8f3
Reviewed-on: https://code.wireshark.org/review/38021
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The type for this field really can be -ve - it corresponds to errno.
Change-Id: I842664b692ffd944a0c02ad5de750b321b247dbf
Reviewed-on: https://code.wireshark.org/review/38019
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
_ret_uint() doesn't work for UNIT_BYTES and UINT_STRING. In these cases,
what was wanted was the total length in order to increment the offset.
(Note _ret_length() includes the fixed width length field; these were
written wanting only the value in the length field, not the total length.)
Change-Id: I9c7c2bc644c414d02eec3fff481e8863778f51fa
Reviewed-on: https://code.wireshark.org/review/38006
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The field does seem to be an int (kernel/srouce/drivers/usb/mon/mon_bin.c),
so item type (FT_INT32) is correct, but was using uint API.
Change-Id: I3c45785d18f890c362c96deb06120904ffea2081
Reviewed-on: https://code.wireshark.org/review/38014
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
packet-usb-audio.c:790:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:791:82: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:795:26: warning: initializing 'const gchar *' (aka 'const char *') with an expression of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
packet-usb-audio.c:796:97: warning: passing 'const gchar *' (aka 'const char *') to parameter of type 'const guint8 *' (aka 'const unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
Change-Id: I1024612833ee25a10f49dbda90e9cbd6a14e055d
Reviewed-on: https://code.wireshark.org/review/38012
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(d)tls.quic.parameter.length' exists multiple times with incompatible types: FT_UINT16 and FT_UINT64
Change-Id: Id229843d1372afa371998f97c0b803b4775ad930
Reviewed-on: https://code.wireshark.org/review/38009
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
actually get info for Pegasus and Ursa, need to found for other model...
Change-Id: Icd8a89414ab7e077fa98813134ca3e9124ec5e2b
Reviewed-on: https://code.wireshark.org/review/37518
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently, if the sequence of HashedId3 is 111111222222333333, wireshark
will display the following 3 elements:
* 111111222222333333
* 222222333333
* 333333
This is wrong, as a HashedId3 is defined as a 3 byte ID.
This patch makes sure we only output 3 bytes at a time, so the output
will look like the following:
* 111111
* 222222
* 333333
Change-Id: I331ef473a452c3574bfca90fe2180ae27f93a480
Reviewed-on: https://code.wireshark.org/review/37996
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When decoding a publickey of type ecies_nistp256, increment the offset
after decoding the SymAlgo. Otherwise, the value is parsed again as part
of the EccPoint.
Change-Id: Ic93ceda7f9e8e2a1ce0bc64332c5f9cfa46634d8
Reviewed-on: https://code.wireshark.org/review/37995
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Detected by Martin Mathieson, some calls to proto_tree_.._ret_[value_type]()
were made with incorrect field types. This change fixes a few.
Change-Id: I4fb4877ad12a3bcc68ea173b806d908090921df5
Reviewed-on: https://code.wireshark.org/review/38004
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The ByteViewText widget has been refactored a few times. At one point it
was based on QHexView by Evan Teran, and had a comment saying so. A
later refactor removed the comment but didn't completely rewrite all of
the code. Put the comment back (and spell Evan's name correctly this
time around).
Change-Id: I2fe7779e1b6773a5e8b38d317ebfd26b07900272
Reviewed-on: https://code.wireshark.org/review/37989
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>