RFCs 5101/7011 make it clear that sequence numbers are uniquely
associated for each Observation Domain withing a Transport Session.
That means that the sequence number tracking should be conversation
data. (This is not quite right on SCTP, because "Each SCTP Stream
counts sequence numbers separately, while all messages in a TCP
connection or UDP session are considered to be part of the same
stream," but find_conversation_pinfo for SCTP gets a conversation
based on the association, and getting the stream id is not transparent.
It is closer to correct.)
This prevents warning about bad sequence numbers when there are
multiple Transport Sessions within a capture for the same
Observation Domain ID (most likely for the default value 0.)
Go ahead and make the other map with the stored sequence analysis
results that is keyed by frame number into proto data as well.
This patch allows to parse messages for the upcoming 2019 Amd1 version
that uses header version 4. Since the standard is not final yet, more
changes to fully support it are (probably) required.
In addition, this patch does not stop parsing, if the version is
unknown. Since the last releases were basically compatible, assuming
that the header can be parsed is the better choice.
While it is the correct action for a TCP end-point to stop
processing of the options when an EOL is found, a protocol
analyzer should at least ensure that there is no non-zero
data after it.
Use the variables WIRESHARK_QT{5,6}_PREFIX_PATH.
This allows having Qt5 and Qt6 paths configured isimultaneously and switch easily between them.
Use list(APPEND) to avoid clobbering other CMAKE_PREFIX_PATH paths.
Follow-up to b33210750c.
And change them to say "set" rather than "create"; they do more than
just allocate an array of conversation elements, they stuff a pointer to
that array into pinfo, which may affect what other dissectors do.
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
Since we require CMake version at least 3.7, we can use fixtures
to ensure that the unittests have been built before running
suite_unittests.
This only applies to running the tests via ctest (including
'[ninja|make] test'), not when running pytest directly.
Fix#17191
Our ubuntu container has Qt6 so use the default Qt version.
The APT packages are still using Qt5 at the moment. We may want to
migrate those to Qt6 in the future and choose a single Linux build
using Qt5.
PT_TCP and ENDPOINT_TCP happen to have the same numerical value, and
PT_UDP and ENDPOINT_UDP happen to have the same numerical value, but we
shouldn't cheat and just type-pun a PT_ value to an ENDPOINT_ value.
Instead, make the relevant structure members endpoinnt_type values and
assign them ENDPOINT_ values.
For a PDU where we haven't seen a request, response, or
header line yet, check to see if the header name is valid
before deciding that it is a header. Prevents many false
positives on continuation data that happens to have a line
end and a colon, where we couldn't do desegmentation for
some reason.
If we get a new contiguous fragment that is inserted into the
middle of a MSP in progress, we need to update maxnextseq by
looking at all the fragments part of that MSP that are now contiguous.
Related to #17406
One or both Qt version deps can be selected with a command line option.
If no option is given the script will select Qt6 for Ubuntu 22.04 or
later, Qt5 otherwise.
Similar is done for CGI, where LAC (%x)/CI (%u) is shown.
Let's do the same for SAI case, otherwise it's confusing since it first
looks as if LAC Cell Identifier was sent, but it is actually of type
SAI.
Handle RFC 2920 and RFC 3030 pipelining of DATA and BDAT. This
involves:
Instead of storing a single PDU type for each frame, storing
a linked list of PDUs (with end offsets), in order to handle
frames that switch between data and command state. This includes
handling other commands before or after a BDAT command, or handling
other commands after a DATA EOM. That means parsing the remaining
lines after BDAT and EOMs on the first pass instead of assuming that
the rest of the frame has a known type.
Also, RSET commands allow switching between BDAT transaction
and DATA transactions, per RFC 3030.
The case where more than one message is completed in a single frame
is not yet handled. RFC 2920 and 3030 imply that this is non-standard,
but it could work. To handle it, we would also have to track message
numbers in order to give fragment_add_seq_next unique frag IDs.
(It doesn't handle more than one fragment with the same ID ending in
the same frame.)
Fix#17269. Fix#17267.
In the case that this is being called with an address type that
is neither IPv4 or IPv6, make sure that the char array used
to construct the QString is null terminated so that there's no
warning about using addr uninitialized or a possible strlen running
off the end.
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce LBC-IE (see
"6.3.2.3.1.17 LFN Broadcast Configuration Information Element
(LBC-IE)").
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce the field
broadcast_sync_period in LBS-IE (see "6.3.2.3.1.13 LFN Broadcast
Schedule Information Element (LBS-IE)").
The =1 part does not make any sense in reporting SACK_PERM=1.
There is no value in the option and if it is not supported the
option is not there. So remove the =1 part.
Martin Mathieson
Pau Espin