That could help find the problem if all we have is the error message, as
it'd at least indicate where the problem is occurring.
Change-Id: I01154ff62088a4b710c131cb153e8e4593ebc3b2
Reviewed-on: https://code.wireshark.org/review/27878
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to dissect the body if 1) we're *not* building a protocol
tree (tree == NULL) *and* 2) the PDU doesn't have content that can be
handed off to subdissectors.
(Fix which vs. that issue in a comment while we're at it.)
Change-Id: I90890975c05e72cc9ebc776a21683905828f57b5
Reviewed-on: https://code.wireshark.org/review/27876
Reviewed-by: Guy Harris <guy@alum.mit.edu>
USB has three possible tables, usb.device, usb.product and usb.protocol
(shown in that order in the Decode As dialog). For single packets with
no prior device descriptors, the last two tables have no valid selector
(integer zero). In such cases it seems more reasonable to use tables for
which a valid selector exists (for example, "usb.device").
Bug: 14717
Change-Id: I2319817fa11318a97519d8cfc912343b16224c12
Reviewed-on: https://code.wireshark.org/review/27820
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"fillTable()" overwrites "sctp_assocs" with an external address.
Change-Id: I415d424f16a2306b1b79fde7b5f836458da14b16
Reviewed-on: https://code.wireshark.org/review/27833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dissect_cip_segment_single was huge and too hard to read and update.
This change pulls out segment parsing into individual functions to make
it easier to read, and will help with upcoming changes.
There are no functional changes. I verified that the packet parsing is
identical before and after using feature_cip_all_segments.pcap from
Bug: 12049
Main changes:
1. Pulled out the following code into separate functions:
dissect_segment_port
dissect_segment_safety
dissect_segment_data_simple
dissect_segment_ansi_extended_symbol
dissect_segment_logical_service_id
dissect_segment_logical_special
dissect_segment_network
2. In dissect_cip_segment_single, no need to explictly check for zero
segment_len in many cases because the function will already return
zero in those cases.
Change-Id: Id437bb34dc665ac37f428b8fdab0c89c454ad25e
Reviewed-on: https://code.wireshark.org/review/27845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ping-Bug: 14755
Fixes: v2.3.0rc0-1236-gdcb49539d ("ICMPv6: Convert flag fields to use proto_tree_add_bitmask")
Change-Id: I5ba03391739b34fcba60f636d87d46ec5a3f7660
Reviewed-on: https://code.wireshark.org/review/27847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It'd only overflow if the value is *so* large that it won't fit in the
packet (given that we have a 2^32-1-byte limit on the packet size), so
use tvb_ensure_bytes_exist() to ensure we have the entire value before
processing the value.
(The real problem is that we don't handle the case where there's a value
multiplicity > 1 for some types; in those cases, we should loop,
processing all the values, which would cause us to eventually throw an
exception when we ran past the end of the packet. This is just a quick
fix.)
Bug: 14742
Change-Id: I447ece81d1c84d3b1d218faeb2c155f910208c29
Reviewed-on: https://code.wireshark.org/review/27853
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the area address/address prefix is 13 octets long, use the 13th
octet, not the 21st octet; the latter is *not* part of the area
address/address prefix, and might either not be in the packet or might
be some random other part of the packet.
Add/expand comments while we're at it.
Bug: 14744
Change-Id: I7b90318a72a49b67d8ec17952add528185fd064b
Reviewed-on: https://code.wireshark.org/review/27848
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use proto_tree_add_boolean(), not proto_tree_add_uint(), for FT_BOOLEAN
fields.
Change-Id: I00c8da977dcb2d232d6837bd58137e7aebe0ca7f
Reviewed-on: https://code.wireshark.org/review/27837
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have dissectors register with their protocol ID string in that table,
rather than having a table in epan/dissectors/packet-ssl-utils.c that
has to be updated for new protocols.
Have a table of protocol ID string prefixes, to handle the case of
protocols such as SPDY and HTTP2 drafts, where multiple protocol IDs are
used for different versions.
Change-Id: I363d04895a88e779fbbca7dc8e1f31aa1970a31a
Reviewed-on: https://code.wireshark.org/review/27836
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix a bunch of copy-and-pasteos, incorrectly using
proto_tree_add_bits_item().
Fix bitmaps to reflect the bit counts.
Show the top-level fields with appropriate zero padding.
Use the appropriate field widths and fix the bit masks.
Change-Id: I8fa34246710dc835f2b30a1af94b997f4ffb10bf
Reviewed-on: https://code.wireshark.org/review/27827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Different dissectors are required for protocols running atop SSL/TLS and
protocols running atop DTLS - SSL/TLS provides a byte-stream service, so
there's no guarantee that there's a correspondence between SSL/TLS
application data record boundaries and packet boundaries, but DTLS
provides a datagram service, with packet boundaries corresponding to
application data record boundaries.
This is similar to the difference between dissectors for protocols
running atop TCP and protocols running atop protocols such as UDP.
So have two separate tables mapping Application-Layer Protocol
Negotiation (ALPN) Protocol IDs to dissector names - one for SSL/TLS and
one for DTLS.
There are both "over a byte-stream protocol" and "over a packet-oriented
protocol" dissectors for STUN and TURN ChannelData packets. Register
the "over a byte-stream protocol" ones by name, and use the appropriate
ones in the appropriate tables. (There is not one named "stun", so the
STUN dissector wouldn't have been called at all.)
Change-Id: I054e169f6ae3291abdc7eb58918ef65a17c90a63
Reviewed-on: https://code.wireshark.org/review/27822
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not free a tsn_t element if it has already been inserted in a GList.
The code structure is complex enough to add an explicit check before
calling g_free().
Fixes a regression introduced in gb19ca06fcc.
While we are at it, let's call the correct free function and plug some
memory leaks.
Bug: 14733
Change-Id: I071da96982da569083fd98b790e0d37ac0826ff1
Reviewed-on: https://code.wireshark.org/review/27808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
And it is a STRING display
Change-Id: I0f6521e936219bc98cd8eae2862bf6c582123f57
Reviewed-on: https://code.wireshark.org/review/27797
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since we're returning the key_len, there is no point in returning
a signed int.
Change-Id: I8854868ecf5250dca1894fdb8910d9ed48c070db
Reviewed-on: https://code.wireshark.org/review/27781
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix a tpyo.
draft-ietf-behave-turn-ipv6 is now RFC 6156.
No need to give a particular URL for one of the RFCs in question.
Add RFC 6544, which discusses the use of RFC 4571-style framing for ICE.
Change-Id: Ie2c4f7747f0d08c92dc95d06a54175b2f8b9df76
Reviewed-on: https://code.wireshark.org/review/27817
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"nstime_t{A, B}" is defined as "A + B * 10^9" rather than an integer
part A and fractional part B.
Bug: 14720
Change-Id: I5321db7d5ecea8f976291d2a22667b02162194e2
Reviewed-on: https://code.wireshark.org/review/27775
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When an error occurs while saving packets using the Export Specified
Packets dialog (e.g. try to overwrite the opened capture file), the
dialog is displayed again. As PacketRangeGroupBox freed the packet
selection range, a crash (use-after-free) occurs.
Removes some unnecessary code in MainWindow::exportDissections as well.
Change-Id: I63898427eff7e71799d89c8a22246db8f93a9ff6
Fixes: v2.5.0rc0-968-g38b40acb2d ("Qt: fix a memory leak when exporting packets")
Reviewed-on: https://code.wireshark.org/review/27695
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From gcc version 7 this causes an error:
../epan/dissectors/packet-ua3g.c:1293:28: error: this statement may fall through [-Werror=implicit-fallthrough=]
if (parameter_id == 0x02)
^
../epan/dissectors/packet-ua3g.c:1295:21: note: here
case 0x03: /* Type Of Service */
^~~~
cc1: all warnings being treated as errors
Fixes: 31663c40
Change-Id: I7622614e5472cc70aac5690d4bfc327be7628ece
Reviewed-on: https://code.wireshark.org/review/27800
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The active selection color and inactive selection color can be configured via Edit / Preferences / Font and Colors
There are 3 styles that can be used for the selection color:
Default: legacy behavior
Flat: Use background and foreground color with no gradient.
Gradient: Use background and foreground color with a gradient.
Bug: 14714
Change-Id: Ieca293bb9830d2c5702949d0459d1d6f679e41e4
Reviewed-on: https://code.wireshark.org/review/27701
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
While SMB1 FIDs are 16-bit, those used in SMB2 are a GUID of 128-bit
which are compressed down to 32-bit using g_str_hash. To reduce
collision probability which could associate wrong file data with an
Exported Object entry, do not truncate this hash value to 16 bits.
Bug: 14662
Change-Id: I2a353eca96b0f5ed2157f3678280642151e2e4e7
Reviewed-on: https://code.wireshark.org/review/27794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Add a heuristics dissector list for 802.11 data frames. With this
a heuristics dissector can be registered with "wlan_data" to
retrieve the raw data portion of 802.11 data frames.
Subdissectors can then either perform heuristics directly on
the frame data content or (via parent wlan fields) on frame
header to determine whether it's the protocol of interest.
Change-Id: I8466236835a2d524ccab5c6ebfafefad08ea2d0e
Reviewed-on: https://code.wireshark.org/review/27641
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove unused documentation extensions (.dbk or .fo) and what appear to
be files generated or used by QMake.
Change-Id: I8635436e6e7e7117ef9d0aadf97f925751d8df18
Reviewed-on: https://code.wireshark.org/review/27795
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove registering media_type application/octet-stream from both
thread and uasip because the settings will interfere each other.
Enable decoding as for media_type instead.
Bug: 14729
Change-Id: I58c527977fe4713418219fc3126ce7a93c4bb641
Reviewed-on: https://code.wireshark.org/review/27789
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AsciiDoc allows dashes in macro names but not underscores. Current
versions of AsciiDoctor allow the inverse. Remove underscores to allow
for easier copying and pasting.
Remove asciidoc.conf while we're here. It's no longer used.
Change-Id: I32d8a4ec695b9e17a80ac720ee9faf62dbb362d3
Reviewed-on: https://code.wireshark.org/review/27787
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The recent changes to support the current 22-byte DMC Capabilities IE
defined in IEEE802.11-2012 prevents Wireshark from handling frames
in the earlier format.
This change allows Wireshark to dissect both the earlier and current
formats but gives an error if the IE does not have a length of 22.
The error could perhaps be demoted to a warning.
Also made a minor correction to the header fields to conform with
other uses.
Bug: 14727
Change-Id: I3dc333b273f915fa5f5f4cc5c13c1b84863b6713
Reviewed-on: https://code.wireshark.org/review/27782
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dario Lombardo