Extend audio conversation info to include the major version of USB MIDI.
The major version in Audio Control header can be different than the
major version in MIDI Streaming header.
Ping-Bug: 15503
Change-Id: I7ef7c15b4fcab21cfaf380f46085a1a3a13021b5
Reviewed-on: https://code.wireshark.org/review/33168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prior to this change the MIDI Streaming descriptors were labeled as
UNKNOWN DESCRIPTOR.
Actual contents of MIDI Streaming descriptors are not dissected yet.
Ping-Bug: 15503
Change-Id: Ie55431bd89a09770ed832d7d0838eb8c2268d531
Reviewed-on: https://code.wireshark.org/review/33161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Internal support of libspeexdsp has been removed in favour of system
one in g186f985793. Add it to the list of optional debian packages.
Change-Id: Ie15c367c2a113349614351da8bbcc26ef6353028
Reviewed-on: https://code.wireshark.org/review/33180
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Have separate expert info items for the PDU length field being too
short, the PDU length field being too long, a CLV being too short, and a
CLV being too long.
Do the PDU length checks when we add the PDU length field, and add the
expert infos to the length item; remember the results of the checks for
future use.
Use DISSECTOR_ASSERT for the tests in osi_check_and_get_checksum() that
make sure the checksum field is contained within the data to be
checksummed, so that's reported as a dissector bug to the user.
That means that osi_check_and_get_checksum() only returns FALSE if we
don't have all the data available to checksum; that already gets
reported as an indication that the checksum is unverified, so we don't
need to put confusing and misleading expert infos about the PDU
length - whatever PDU length errors need to be reported have already
been reported, as per the above.
Make expert info names more consistent, and fix one expert info variable
name.
Make the length argument to isis_dissect_clvs() unsigned.
Clean up white space.
Change-Id: I0ce799c766dc427602d155c5b48099df8bf51c67
Reviewed-on: https://code.wireshark.org/review/33179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The length variable is the length of the value, not the length of the
entire CLV, so there's no need to subtract the length of the C and the
L from the length - it covers just the V.
Change-Id: I711657e4e0b76e2aac9d58efd88f45201b9c2c5b
Reviewed-on: https://code.wireshark.org/review/33174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When composing the error string to return to the UAT handling,
the proto name string is already free'd. Reverse the two calls
so that the string is free'd _after_ the error string composition.
Change-Id: I11615c07f6b00e59007e0c85c84283d486cc478c
Reviewed-on: https://code.wireshark.org/review/33167
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pytest-3 is the executable name on the docker image (ubuntu derivated).
Remove pip and pytest installation while here, since they're
provided by the docker image.
Change-Id: Iad2e9cafc42cd1e83b2868126abb91d5ee7bbd92
Reviewed-on: https://code.wireshark.org/review/33145
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Rename a variable to reflect the final name given to the option to get
rid of decryption secrets stored in the file.
Fix whitespace.
Change-Id: I19ea14fa205369500790adaa00244a15412548eb
Reviewed-on: https://code.wireshark.org/review/33154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the purported first tuple has a net of 0, it's a 3-octet version
indicator, not a tuple containing route information; the third octet is
a version number. Display the version number and skip it before
displaying the tuples.
If the first tuple is an extended network tuple, the sixth octet is a
version number; display it as such.
Change-Id: I7ffb8b9df025dd75eb43eba24a37ce6bd26e8019
Reviewed-on: https://code.wireshark.org/review/33152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The BSSMAP LCLS GCR field is specified in 3GPP TS 29.205, which
in turn was originally created to augment the ITU-T Q.190x BICC
with Mobile specific information elements. Let's add the latter
decoding function as a new packet-bicc_mst.c, so it can be used
also from other dissectors. For example, GSM MAP also includes
GCRs and hence should be modified to use this new decoder.
Change-Id: I247d2ccd2d16e996f4fe5d5952ba8a4091a4ffd0
Reviewed-on: https://code.wireshark.org/review/33117
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is achieved by calling the respective dissector functions
from other dissectors, which requires them to be exported.
Change-Id: Ifd01da8e5ff4ac3f3f3179b842e3a7223629b234
Reviewed-on: https://code.wireshark.org/review/33121
Reviewed-by: fixeria <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The Osmocom GSUP protocol was recently extended with additional
message types and information elements to support the use case
at the GSM "E Interface", which is the signaling interface between two
MSCs during Inter-MSC-Handover procedures.
This patch adds the bulk of the E interface decoding, leaving only
the dissection of RR/BSSAP/SM cause values for follow-up patches,
as this requires modifications to those respective dissectors.
Change-Id: I0ef2fe4eac108de6804ede152cddac8551d4918e
Reviewed-on: https://code.wireshark.org/review/33120
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Remove docbook/examples/test.cap. According to Git we've never used it.
Change-Id: Ie789862fd3c9448a306194e6f5b3d1b92cb11084
Reviewed-on: https://code.wireshark.org/review/33139
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And, for DDP packets, set the length in the LLAP tvbuff based on the
length to which the DDP dissector set its tvbuff.
That lets padding be recognized as such, and also prevents dissectors
called from the DDP dissector from running past the end of the packet.
Report invalid lengths with expert info.
Change-Id: Icc6ed222a4e7b33463c7c0b02c954952fe21949a
Reviewed-on: https://code.wireshark.org/review/33142
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At least on the document we cite here, the company's name is "VSS
Monitoring",not "VSS-Monitoring".
Perhaps this dissector should be disabled by default, so people don't
get shown bogus VSS Monitoring trailers when the packet just has
one or two bytes of padding at the end.
Change-Id: I367fab67d9e0cc294a668ee8532d46c02feffbfa
Reviewed-on: https://code.wireshark.org/review/33138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Since draft 17, IETF QUIC retry packets carry the Original Destination Connection ID Length (ODCIL)
in the four least-significant bits of the first byte.
However Wireshark's QUIC dissector expects the ODCIL to be after the source connection ID,
which was the behaviour before draft 17, which results in incorrect dissection
Issue reported by Jeremy Lainé
Bug: 15764
Change-Id: I7c6ed2988a0b0ab3f4dfe6de9f9571ae522148cf
Reviewed-on: https://code.wireshark.org/review/33116
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also dissect UUID flags.
Change-Id: Ic63ff2e7d9aeb46b0ad0a3bf6501bb0862087c55
Reviewed-on: https://code.wireshark.org/review/33132
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Need to make sure to read UM/AM direction before reading SN-length. Also fix a backward test while looking up
stored SNLength.
Change-Id: I4dbb701efe80c78fee5e1af9e405b2cf883f7401
Reviewed-on: https://code.wireshark.org/review/33129
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
We may want to have a preference to allow the user to specify which Mac
extended character set to use.
Change-Id: I0b8cc0c3f0f46f211aec37b428ab875205a1a000
Reviewed-on: https://code.wireshark.org/review/33126
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add export DPKG_GENSYMBOLS_CHECK_LEVEL=4 to debian/rules in order to
ensure that we update the Debian config when we change the API.
Change-Id: Ieeaf08342790c075de62a52079d874fe9d36bed8
Reviewed-on: https://code.wireshark.org/review/33119
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
EtherTalk and TokenTalk frames use LLC/SNAP headers with an OUI of
08:00:07 and a PID of 0x809B.
Frames with an Ethertype of 0x809B - either as the Ethertype field of an
Ethernet frame or as the PID, in combination of an OUI of 00:00:00, of
an LLC/SNAP frame - have an LLAP frame, complete with an LLAP header, as
the payload.
Don't treat 08:00:07 as a special case - register it as an OUI and give
it a dissector table, and register the DDP dissector in that dissector
table with ETHERTYPE_ATALK. Register the LLAP dissector in the
"ethertype" table with the Ethertype ETHERTYPE_ATALK.
This means we now have two separate LLC+SNAP PID tables for Apple; name
them appropriately.
That also means we need to add packet-atalk.c to the list of files
allowed to add "llc." named fields.
Change-Id: I00bafd692f83f73bd347628cb9e950863c26a2b7
Reviewed-on: https://code.wireshark.org/review/33125
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ACK tracking did not work for protocols like ZigBee because the ACK is
send without address information. By moving the ACK tracking out-side
the conversation and only use the interface and the sequence number to
match requests and ACKs this is now working.
If addresses are present in the ACK they will still be used to avoid
invalid matches.
The nature of the wmem_tree ensures that the ACK tracking will always
work on the latest requests.
Change-Id: I5c763e34ec340b19a7998ddcfe9f72fccfd2acd1
Reviewed-on: https://code.wireshark.org/review/32927
Reviewed-by: James Ko <jck@exegin.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Subdissector compatibility is enhanced. flexray_identifier structure can now be
used by subdissectors.
Change-Id: I89f80c03f0f75746fc477d21c3614ae8263cb1b3
Reviewed-on: https://code.wireshark.org/review/33030
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ManageInterfacesDialog local view model hierarchy is as follows:
* InterfaceSortFilterModel
* InterfaceTreeCacheModel
* InterfaceTreeModel
Each model should return model indexes associated with itself.
The InterfaceTreeCacheModel::index() broke the data flow by returning
model index associated with InterfaceTreeModel. This lead to
InterfaceSortFilterModel to pass model index associated with
InterfaceTreeModel to a InterfaceTreeCacheModel instance.
This resulted in asserts in debug builds.
Fix the problem by returning model index associated with the
InterfaceTreeCacheModel.
Bug: 13744
Change-Id: I03a08dbda0bf7cce8f6832e1f34c1a75b8d3cfab
Reviewed-on: https://code.wireshark.org/review/33014
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix for compilation on platforms without GCrypt library.
Change-Id: I049f7d60f3b65f713ee3e43f62361790901982a6
Reviewed-on: https://code.wireshark.org/review/33113
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix compilation on Centos:
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_record_update_cb':
epan/dissectors/packet-btmesh.c:2057:9: error: implicit declaration of function 'k4' [-Werror=implicit-function-declaration]
if (k4(rec)) {
^
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_label_uuid_record_update_cb':
epan/dissectors/packet-btmesh.c:2198:9: error: implicit declaration of function 'label_uuid_hash' [-Werror=implicit-function-declaration]
if (label_uuid_hash(rec)) {
^
cc1: some warnings being treated as errors
[224/2387] Building C object epan/dissectors/CMakeFiles/dissectors.dir/packet-btmesh-pbadv.c.o
ninja: build stopped: subcommand failed.
Change-Id: I0ffbce46285c7883f3ef604d06fad3a94b2197cd
Reviewed-on: https://code.wireshark.org/review/33108
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This protocol is spoken between the BSC (Base Station Controller) and
the CBC (Cell Broadcast Centre). It runs over TCP Port 48049 and is
specified in 3GPP TS 48.049.
Change-Id: I183e4741e2db5b9cc4dfe2b89f7920a32af67971
Reviewed-on: https://code.wireshark.org/review/29745
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Thanks to Peter Wu for the deep analysis of the issue:
Reproduce this issue with master v3.1.0rc0-662-gfd30adca44 and the reproducer from
the oss-fuzz issue tracker:
HOME=/x FUZZSHARK_TABLE=ip.proto FUZZSHARK_TARGET=ospf fuzzshark
clusterfuzz-testcase-minimized-fuzzshark_ip_proto-ospf-5128657784799232
Attached are the traces for watchpoints on changes to parent_tree.tree_data.count,
this revealed 7 nodes that were added from the catch block in epan/expert.c:759
show_reported_bounds_error adds a proto node and calls expert_add_info:
1. _ws.malformed - protocol node via epan/show_exception.c:177
expert_create_tree adds two items:
2. _ws.malformed - expert tree via epan/expert.c:480
3. _ws.malformed - protocol filter because group==PI_MALFORMED via epan/expert.c:488
Because an explicit ei field was given: "add_expert_info(..., &ei_malformed)", two
fields are added instead of one:
4. _ws.malformed.expert - none node via epan/expert.c:543
5. _ws.expert.message - string node via epan/expert.c:545
Two more fields are added for the severity and group:
6. _ws.expert.severity - uint node via epan/expert.c:549
7. _ws.expert.group - uint node via epan/expert.c:552
So this problem would never occur when an exception is triggered via DISSECTOR_ASSERT,
but only for ReportedBoundsError exceptions (which occur when trying to use proto_tree_add_item
with invalid bounds for a tvb).
In conclusion, increasing EXCEPTION_TREE_ITEMS by 2 would suffice, but bump it to 10
(double the current value) to prevent similar crashes to happen if few more items
will be added in the future.
Bug: 14978
Change-Id: Ib9f5e254aeb4d756da5bab8f2e7ccf2572764aa4
Reviewed-on: https://code.wireshark.org/review/33060
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tomasz Moń
Harald Welte