Knowing how many bytes of C bits (1 or 4) relies
upon knowing config that is not currently available
to the dissector. Instead, see if the length
appears to match 1 byte, otherwise assume 4.
Change-Id: I08f21ab23077ef3665d3fb78a1dc2db0b16bc481
Reviewed-on: https://code.wireshark.org/review/36859
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
By providing the session id and the session key we can now
verify that the signature is correct for signed pdus.
Change-Id: I0db931e6263ed226b289c4ceda261af82fb9ca4b
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/36872
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
This patch complete dissection of WFA vendor specific MBO-OCE element
with the OCE attributes.
The OCE attributes are defined in 'Optimized Connectivity Experience'
specification. (version 1.1 has been used as reference).
Bug: 16494
Change-Id: I366f230efe1029ca2b97da78a8b80371c438043e
Reviewed-on: https://code.wireshark.org/review/36868
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add parsing of MBO ANQP element as defined by 'Wi-Fi Agile Multiband'
specification (v1.4)
Bug: 16494
Change-Id: If03a9d474912a607fa1752ac1f787b71a45e0fa6
Reviewed-on: https://code.wireshark.org/review/36867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For Vendor Specific ANQP element the OUI is not included in the packet
subset dissected by the anqp vendor specific function so adapt the
length accordingly.
Bug: 16494
Change-Id: I8082fdabc379cb3ea71c01e6fb009f49afd16dff
Reviewed-on: https://code.wireshark.org/review/36866
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Subtypes (refers to 'OUI type' in most specs) found in Wi-Fi alliance
vendor specific Element and vendor specific ANQP are not part of
single enum so treat them separately.
Also move the 'ANQP' in the macro prefix to allow more consistent
naming when more WFA ANQP are added.
Bug: 16494
Change-Id: I20b187a32230c623eaf1e6ff9f689c8376bb4b5b
Reviewed-on: https://code.wireshark.org/review/36865
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Multi Band Operation / Optimized Connectivity Experience element
is a vendor specific element defined by the Wi-Fi Alliance.
It is composed of two types of attributes MBO and OCE.
This patch only add support for MBO attributes as defined in
"Wi-fi Agile Multiband" specification (used version 1.4 as reference).
Bug: 16494
Change-Id: I764191f26591dc6b493983681e75bf328777a0b6
Reviewed-on: https://code.wireshark.org/review/36864
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Split Start and Split Complete have a difference of one field.
In Split Start, it is E whereas in Split Complete, it is U.
The U field is unused and always 0.
The E field is also always 0 for transfers except Split Isochronous
OUT.
For Split Isochronous OUT, S/E have a special meaning.
We display this special meaning only for Split Start packets as
they don't have Split Complete transactions.
Ping-Bug: 15908
Change-Id: I2470ac86fb13fd2749a8feeb083ac0b325b218b6
Signed-off-by: Ameya Deshpande <ameya.181co205@nitk.edu.in>
Reviewed-on: https://code.wireshark.org/review/36764
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As usbll_data_ptr is static variable, it was left pointing to
last dissected packet details. The details were freed when
capture file was closed.
Prevent crash if first packet is Handshake packet and
prev pointer is NULL.
Change-Id: I03eef3afbfa679349fb2e9ce6d90c5f56b9515a0
Signed-off-by: Ameya Deshpande <ameya.181co205@nitk.edu.in>
Reviewed-on: https://code.wireshark.org/review/36860
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Variable is only needed locally, so it can be moved to the local
entity.
Change-Id: I790c1616e27d5e85b3dabbdc327e3f54fc663d25
Reviewed-on: https://code.wireshark.org/review/36863
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes a regression introduced by d3c4dfa9ee.
It changed the type of the function, but not the way we access it. The
former code proceeded byte by byte, and we need to keep that behavior.
Bug: 16497
Change-Id: I02983635d7cf8e44a5631bf64d4a2854cb9c3bdb
Reviewed-on: https://code.wireshark.org/review/36858
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
It's possible to create a FrameInformation object that's not backed by
any frame data. In this case, fi_ is NULL and loadFrameTree() does not
run a dissection. However, we run epan_dissect_cleanup() unconditionally
in the destructor, even if edt_ is uninitialized. This causes a crash
when wireshark is closed.
Convert edt_ into a pointer. Run the cleanup only if we ran the
dissection before.
The issue can be reproduced by applying a display filter that makes the
list of the packets smaller than the packet list window. Right click
onto an "empty" part of the packet list and select "Mark/Unmark Frame".
Exiting wireshark at this point causes a segmentation fault
Thread 1 "wireshark" received signal SIGSEGV, Segmentation fault.
tvb_free_chain (tvb=0xf000e000d000c) at ../epan/tvbuff.c:124
124 tvb_free_internal(tvb);
(gdb) bt
#0 tvb_free_chain (tvb=0xf000e000d000c) at ../epan/tvbuff.c:124
#1 0x00007ffff430491e in epan_dissect_cleanup (edt=0x555558075b48) at ../epan/epan.c:648
#2 0x00005555558fa5a6 in FrameInformation::~FrameInformation (this=0x555558075b20,
__in_chrg=<optimized out>) at ../ui/qt/utils/frame_information.cpp:57
#3 0x00005555558fa5e9 in FrameInformation::~FrameInformation (this=0x555558075b20,
__in_chrg=<optimized out>) at ../ui/qt/utils/frame_information.cpp:55
...
#12 0x00005555559a74f7 in PacketList::~PacketList (this=0x55555602e930,
__in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130
Change-Id: I347dd4901b4e08c37008ff25ac1f20a67555d9fd
Reviewed-on: https://code.wireshark.org/review/36825
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set mustexist option to true to use Open file dialog instead of Save.
Change-Id: Ic8890facb6eebdacdc52881f617e8137585220f4
Reviewed-on: https://code.wireshark.org/review/36832
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: Iefd5cdfb5f24e95bc71768907c7474d3a61a24af
Reviewed-on: https://code.wireshark.org/review/36841
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I6316d82fec8ee87f56cabe27e269cc7ef98cedc8
Reviewed-on: https://code.wireshark.org/review/36842
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add convenience routines for getting and setting a per-protocol,
per-packet depth value, which can be used to limit recursion, nesting,
cycling, etc. Use them in the BACapp, DAAP, Mongo, VLAN, and WBXML
dissectors.
Change-Id: I172514828169253ae7fcf9162c9d7eeb3041ff9c
Reviewed-on: https://code.wireshark.org/review/36846
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move some of the documentation about documentation toolchain itself from
docbook/README.adoc to the documentation toolchain chapter in the WSDG.
Fix the Debugger section level.
Change-Id: I8db92d334dd479324453f7b0bd25b33ea770c532
Reviewed-on: https://code.wireshark.org/review/36843
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SubTemplateList is one of the 3 hierarchical data types supported by IPFIX.
Adding the capability to dissect fields of this type and show the list
of sub elements along with the 2 header fields in the subtemplate;
semantic and subtemplate id.
Tested with multiple level of nesting with subtemplate list fields
inside another list.
reference: https://tools.ietf.org/html/rfc6313#section-4.5.2
+ Review comment Changes
Change-Id: Iad00944c935cad8c0cdba457b9453fd13c68a6c2
Reviewed-on: https://code.wireshark.org/review/36745
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Do not copy addresses at when dialog opens, they will be initialized
in tapall_tcpip_packet(). Do not clear addresses when switching stream,
they will be properly removed in graph_segment_list_free().
Correctly free addresses in graph_segment_list_free() which is called
when switching stream and when closing the dialog. Free copied addresses
when switching direction (address swap).
Remove redundant and unused code.
Change-Id: I4328aa4df333f59c587f841b74a24dc71d329079
Reviewed-on: https://code.wireshark.org/review/36840
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Instead of guint8* the used type looks more precise. Moreover there
is no need to use local unions in the dissectors to switch between
the actual address and address bytes.
bgp, eigrp and isis-lsp dissectors have been updated accordingly.
Change-Id: I7785fe4c12913a09bd31cd6ef26e53027646d35c
Reviewed-on: https://code.wireshark.org/review/36836
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Complete Additional Controller Advertising Data dissecting, this was just
reported as advertising data in the extended header. Put it under a new tree
for ACAD info in the extended header.
Also fix the wrong length field used for the length of the ACAD field.
In addition put the scan response data under it's own scan response, similar
to SCAN_RSP handling. We can only do this if the context has given us the
information that this is the aux scan response data.
Remove an accidental addition used for debugging, and an empty if-statement for
a reserved flag.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531e
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Calculate the packet time of an LE Coded PHY using both S8 and S2 coding.
The First part of the packet is always sent in S8 coding. And the CI flag
tells which coding rate is used for FEC block 2.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531f
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36788
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for dissecting packet format on LE Coded PHY. This only includes
one additional field, the Coding Indicator (CI) which provides information
about the symbol rate of the FEC Block 2 of the pdu.
The TERM1 and TERM2 bytes are like the preamble assumed not included in the PDU,
these blocks are just bit-sequences for the radio and contains no important
information.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531d
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36787
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Newer version of CMake complains with warnings like the one below:
The package name passed to `find_package_handle_standard_args` (POWERSHELL)
does not match the name of the calling package (PowerShell). This can lead
to problems in calling code that expects `find_package` result variables
(e.g., `_FOUND`) to follow a certain pattern.
Change the capitalization of the variables to match the filename.
Change-Id: I5bd763add92e9e279f8e28f31576acb5b9ea7776
Reviewed-on: https://code.wireshark.org/review/36833
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
In case of successfull delivery, TP-Status IE looks as follows:
TP-Status
0... .... = Definition of bits 0-6: as follows
.00. .... = Error: Short message transaction completed (0)
...0 0000 = Reason: Short message received by the SME (0)
in particular, "Error: Short message transaction completed" looks
confusing. Let's make it a bit cleaner:
TP-Status
0... .... = Definition of bits 0-6: as follows
.00. .... = Error: No error, short message transaction completed (0)
...0 0000 = Reason: Short message received by the SME (0)
Change-Id: I95830877c1ff2f45e3c68a40febcf357abda597d
Reviewed-on: https://code.wireshark.org/review/36829
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
According to 3GPP TS 23.040, section 9.2.3.15, the TP-Status IE
indicates the status of a previously submitted SMS-SUBMIT and
certain SMS COMMANDS for which a Status-Report has been requested.
Currently Wireshark dissects this IE as follows:
TP-Status
0... .... = Definition of bits 0-6: as follows
.000 0000 = Error: Short message transaction completed (0)
.000 0000 = Reason: Short message received by the SME (0)
so it's not clear how exactly both Error and Reason are derived
from 7 less-significant bits of the first (and the last) octet.
As can be seen from the section 9.2.3.15, two less-significant
bits of those 7 define the Error, while the remaining 5 bits
define the Reason.
With this change applied, dissected TP-Status IE looks as follows:
TP-Status
0... .... = Definition of bits 0-6: as follows
.00. .... = Error: Short message transaction completed (0)
...0 0000 = Reason: Short message received by the SME (0)
To achieve this, type of the 'dis_field_st_error_rvals' was changed
from 'range_string' to 'value_string', and the range / string array
'dis_field_st_reason_rvals' was split into 4 arrays corresponding
to 4 possible Error values.
Change-Id: I8418ae3532c5e4b0ad2c956c5cd8cd90767d2fd6
Reviewed-on: https://code.wireshark.org/review/36828
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Add protocol for the nRF Sniffer for BLE version 3 of the UART protocol.
These changes provides support for giving different packet IDs for advertising
physical channel and data physical channel.
The flags for advertising physical changes are intepreted differently,
the direction, encryption and MIC valid flags are always zero and are therefore
marked as reserved for future use instead.
The time_delta field is changed to be a firmware timestamp instead. This is to
allow better timestamping of the packets as the timestamp earlies was provided
by the extcap python code, which does not provide accurate timestamps.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531c
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36786
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide a mechanism for the capture context to provide the auxiliary PDU type
name since this value cannot be inferred from the bytestream and must be taken
from context instead.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345319
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36783
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The length field of a struct can be configured to 0, 8, 16, or 32 bits.
Independent of the config, it will always be ignored as set to 0 bits.
This patch repairs this.
Bug: 16490
Change-Id: Idde3616ec06067363e767bd52bb5f443439c9aca
Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Reviewed-on: https://code.wireshark.org/review/36770
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Prefer:
- html (rather than txt)
- https
Also includes the script check_dissector_urls.py,
that can be used to find links in code and test them.
Change-Id: Iafd8bb8948674a38ad5232bf5b5432ffb2b1251b
Reviewed-on: https://code.wireshark.org/review/36821
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added support for RFC 8770 Host Router Support.
As LSA flags are independent of set options fix flags handling also.
Change-Id: Ib74cae55fb9a3b26f27084168d0e15e4f3d2d6b8
Reviewed-on: https://code.wireshark.org/review/36824
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FieldInformation::parentField() allocated a new FieldInformation,
so ensure to delete this when done.
Change-Id: Id0f538cc696551ec47169103be823eb1e55d1777
Reviewed-on: https://code.wireshark.org/review/36823
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Document that the payload of the BLE_EVENT packet is excluding the preamble
that is sent on air.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531b
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36785
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add BTLE physical channel pdu type from capture context. The dissector uses
the access address to determine if the packet is either an Advertising physical
channel PDU or a Data physical channel PDU.
This assupmtion is not valid for Periodic Advertising where the AUX_SYNC_IND
advertising packet will be sent with a non-advertising access address.
There is also the new Isochronous physical channel PDU which can be both
broadcasted or connection-oriented.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345318
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36782
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Document the RSSI sample result in the nordic_ble dissector. This value is
directly from the RSSISAMPLE register which is a positive number. It must
be converted to negative value.
Change to using INT8 because the RSSISAMPLE is only 7 bits value, and will
always be a positive number.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531a
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36784
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Dissect the common extendend advertising payload header which is common for
the following advertising PDUs:
- ADV_EXT_IND
- AUX_ADV_IND
- AUX_SYNC_IND
- AUX_CHAIN_IND
- AUX_SCAN_RSP
- AUX_CONNECT_RSP
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345317
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36781
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add handling of ADV_EXT_IND and setting valid adv header flags.
Advertising Extension assumes channel selection #2, and both TX and RX address
type bits must be checked if present in the extended advertising header by
reading the extended advertising header flags.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345315
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36780
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Like in markFrame, the integer list of selected rows is not used in
ignoreFrame. Remove it.
Change-Id: Ic2bf4b1d2d330767370a2e831e321e285cb00e91
Reviewed-on: https://code.wireshark.org/review/36805
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "rows" variable is populated with the indices of all selected rows.
It seems that rows is never read and can be removed.
(In parallel, there's QModelIndexList frames. This list is used
when it comes to actually marking the selected packets.)
Change-Id: If2b97a2f5d87fe24717b9ad56444e2a779e0b3fc
Reviewed-on: https://code.wireshark.org/review/36804
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Mathieson