Cisco uses propietary option 65004 to transmit RPF Proxy Vector
information. Add the name of the option to the option identification.
Change-Id: I5ee9e4d44d6326d8a457a8a4bbb24896e17216e8
Reviewed-on: https://code.wireshark.org/review/22186
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ITU-T Q.703 2.3.3 specifies that the length indicator MUST be set
to its correct value. Adding a expert_info warning makes it easier
to determine if a capture uses the optional extended sequence number
format found in Appendix A, for which a preference already exists.
Change-Id: I7c99c7f2801a6d44d1bc693b59f38a76e08cfe4a
Reviewed-on: https://code.wireshark.org/review/22135
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some phones (Android and iOS smartphones) encode emoji characters as
UTF-16 big endian and although the UTF-16 is not specified in the 3GPP
23.038 (GSM 03.38) it seems to be widely supported
Bug: 13808
Change-Id: Ic4a600e42fb4b471223aaef1a661bd002835b519
Reviewed-on: https://code.wireshark.org/review/22181
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change guard that prevents decryption of v2015 to only check if frame counter
suppression is not used.
Add new aux header fields.
Cleanups.
Bug: 13805
Change-Id: Ib025e724415d7d7b85d63e2f44a37c7c691e9de6
Reviewed-on: https://code.wireshark.org/review/22165
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In abda30e9e validation of JSON UTF-8 characters was implemented but it
doesn't handle well the valid characters
Bug: 13806
Change-Id: Id8777065cfff9deae94f457dee08017d03b50f20
Reviewed-on: https://code.wireshark.org/review/22169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The two code paths don't share any code, so they might as well be in
separate routines.
That makes it even easier to read.
Change-Id: I8ee335f4cac2aedc42216db7f9674e1a609d9347
Reviewed-on: https://code.wireshark.org/review/22179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move some commented-out code where it belonged, and #if 0 it out
instead.
Have only *one* test for OCTO.
Change-Id: I6e8803f936ebd88f1705b2185f034ec0b2bddb77
Reviewed-on: https://code.wireshark.org/review/22177
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Two separate checks for OCTO, one right after the other, is a bit
confusing.
Change-Id: I702aa1809dc7271b69b5419dc850228fac516ed6
Reviewed-on: https://code.wireshark.org/review/22175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, note in the comment for get_utf_16_string() the
"decoding UTF-16" algorithm in RFC 2781.
Change-Id: I5d7dc5c09af0474c055796e49e0c7b94fa87d2ad
Reviewed-on: https://code.wireshark.org/review/22171
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's now FindMACOS_FRAMEWORKS.cmake.
(But is it actually *used*? CMakeLists.txt does the check itself.)
Change-Id: I6e972869b94da959dc7c9a3fccacfbd35e0e992c
Reviewed-on: https://code.wireshark.org/review/22163
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's now "macOS".
While we're at it, note that the property list from which it fetches
version information still calls it "Mac OS X".
Change-Id: I438ef9dc65c2619d7378b0deb5efc84734a2ac6d
Reviewed-on: https://code.wireshark.org/review/22159
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13745
Change-Id: Ibd00ea4818eb4b47a2c46324c1bfc878fef03d1e
Reviewed-on: https://code.wireshark.org/review/22155
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put them in the same order as the order in which the _VERSION values are
defined and in which they're invoked.
Similarly, do the "make sure we have the requested version installed"
tests in the same order as the un-installation order (which is the
reverse of the installation order).
Change-Id: I0e2bd1d249832090c3d81bacfe010de19de54cdf
Reviewed-on: https://code.wireshark.org/review/22158
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We now require libgcrypt, and libgcrypt requires libgpg-error.
Change-Id: Ifdf40acb11fef84485310321523500b1396736b6
Reviewed-on: https://code.wireshark.org/review/22157
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We want a newer version of libgcrypt to get additional crypto functions.
Update to the current release, 1.7.7.
Update to the current release of libgpg-error, 1.27, while we're at it.
Update to the current "stable" version of GnuTLS, 3.4.17; 2.12.19
doesn't work with libgcrypt 1.7.7. 3.4.17 requires Nettle, and Nettle
requires GMP, so, if we're building with GnuTLS, download and install
the current versions of Nettle and GMP.
GMP requires lzip, so download and install it as well.
Clean up some "version >= x.y.z" checks to check the major version
number in all cases.
Change-Id: I39cccd34e0d7f49ac35b0bbacdab03251d42a1de
Reviewed-on: https://code.wireshark.org/review/22156
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When a mandatory information element is missing, try to report an expert info,
instead of throwing a fatal malformed exception (or of reporting nothing at all).
According to TS 24.007 11.2.3, a mandatory i.e. may be part of the imperative part
of the message, so that expert info should be at PI_ERROR level
Change-Id: Id399c236f2923db36540bbda0d29d666548f7cbd
Reviewed-on: https://code.wireshark.org/review/22134
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This makes those tests more like other such tests.
Change-Id: Ide920d4083f6092ce5892adf4fc178236c49729f
Reviewed-on: https://code.wireshark.org/review/22150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have them all be "usb-XXX", where XXX indicates the type of header.
Change-Id: I7f1bfea7e264b17c57f94c484d64d1cce91b9b78
Reviewed-on: https://code.wireshark.org/review/22147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Correct some symbolic references in source file comments
and add a note about the CMake configuration options.
Change-Id: Idb670a2c798c2a52cdce142340ce8fc5a2022508
Reviewed-on: https://code.wireshark.org/review/22138
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
udpdump has local copies of the tag values from exported_pdu.h, so the
dependency isn't needed. exported_pdu.h required tv_buff.h and packet_info.h,
whose inclusion caused link errors on SPARC.
Bug: 13801
Change-Id: Icbf7b59b8af0d3a0fc73599baad6932e76dc3462
Reviewed-on: https://code.wireshark.org/review/22131
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13793
Change-Id: I8863da14f889c68d161f4e53aa6a4e0d2636ba48
Reviewed-on: https://code.wireshark.org/review/22140
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RETH remote key might be needed in protocol's dissectors.
Remote access key is shared out of band usually via RDMA
send operation. This key sharing is upper layer protocol specific
and protocol dissector knows about the key.
infiniband layer do not know about which rkey is shared.
For protocol dissectors to associate data packets with past
command packets, infiniband needs to provide the rkey.
Change-Id: I927116d649ed2b01c388afbcdb924cb7e5128e12
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Tested-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/22123
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Icdcb770723e3783013f525524c3fe745d5dd862d
Reviewed-on: https://code.wireshark.org/review/22122
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iaf705172496e26f571f77902bcc1a95f3b817c80
Reviewed-on: https://code.wireshark.org/review/22098
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
concatlen was not updated if FCParm was unknown, leading to an infinite loop.
Bug: 13797
Change-Id: I1b64d757a369183a711f01b0b5cd1ba7aa0787bc
Reviewed-on: https://code.wireshark.org/review/22120
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tvb_get_guintvar can generate some unrealistic values so do some
sanity checking on them.
Bug: 13796
Change-Id: I2d5f7a48c2e982a419ea6ab3ac0000be3b6bcbc7
Reviewed-on: https://code.wireshark.org/review/22121
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for the fields Position Information, Mode Information
and Alignment Information in the FILE_ALL_INFORMATION query response.
Bug: 13800
Change-Id: I838fba1df26fe0f65394f0fe31b83645a707c166
Reviewed-on: https://code.wireshark.org/review/22117
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: Ia82fa67bbb9056204ed70b150f3d1e6db9ceed25
Reviewed-on: https://code.wireshark.org/review/22116
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clear DUMMY_ADDRESS_ENTRY when add_ipv4_name/add_ipv6_name. This flag is checked in ipv4_hash_table_resolved_to_list().
TODO: clean up these flags as they are confusing and DUMMY appears somewhat redundant.
Change-Id: I81d40cc778cbe5c36314631d3fa0997cee409368
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22109
Reviewed-by: Michael Mann <mmann78@netscape.net>
That squelches a compiler warning.
Change-Id: Ia39a9e5fe54a03e813bc3b82088ddf5de4a19c72
Reviewed-on: https://code.wireshark.org/review/22113
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I987b4a9a86b0000b726f7e514be741e713b6ec5a
Reviewed-on: https://code.wireshark.org/review/22112
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The pcapng spec[1] suggests that the first octet marks the filter type,
but it is not clear whether this other types are implemented. Just skip
over the byte for now.
[1]: https://github.com/pcapng/pcapng/blob/c0dd7a7391/draft-tuexen-opsawg-pcapng.xml#L1083
Change-Id: I272dac55ea9ca3798e1fea45ce92023f7aa82564
Reviewed-on: https://code.wireshark.org/review/22043
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Simply had to copy an existing one and remove unneeded field etc.
Fix bug 13795. Attached a capture showing the problem to the bug report.
Change-Id: I93d5cdac3f336cbe0bd93db76a84bf97cbfa00ac
Reviewed-on: https://code.wireshark.org/review/22106
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Whenever a SSL preference is set (e.g. through tshark -ossl.psk:x),
proto_reg_handoff_ssl is invoked. This is currently necessary for
registering ports from the RSA keys table, but things like heuristics
dissectors should be registered only once. Fixes warning during tests:
"Protocol Secure Sockets Layer is already registered in "tcp" table
Change-Id: I08fc9da524888e00eea7b0d0df54f3f0a3f08eb5
Fixes: v2.5.0rc0-109-ge815bbb2e6 ("ssl: add heuristics to detect SSL/TLS on non-standard TCP port")
Reviewed-on: https://code.wireshark.org/review/22105
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Was sign extending the key to 64-bit in Linux.
GPOINTER_TO_UINT should not be stored in 'int', use guint.
Change-Id: Ib4a994fdda5d69a589d3cffce644584103f2cd1d
Reviewed-on: https://code.wireshark.org/review/22107
Reviewed-by: Anders Broman <a.broman58@gmail.com>