RFCs 5101/7011 make it clear that sequence numbers are uniquely
associated for each Observation Domain withing a Transport Session.
That means that the sequence number tracking should be conversation
data. (This is not quite right on SCTP, because "Each SCTP Stream
counts sequence numbers separately, while all messages in a TCP
connection or UDP session are considered to be part of the same
stream," but find_conversation_pinfo for SCTP gets a conversation
based on the association, and getting the stream id is not transparent.
It is closer to correct.)
This prevents warning about bad sequence numbers when there are
multiple Transport Sessions within a capture for the same
Observation Domain ID (most likely for the default value 0.)
Go ahead and make the other map with the stored sequence analysis
results that is keyed by frame number into proto data as well.
This patch allows to parse messages for the upcoming 2019 Amd1 version
that uses header version 4. Since the standard is not final yet, more
changes to fully support it are (probably) required.
In addition, this patch does not stop parsing, if the version is
unknown. Since the last releases were basically compatible, assuming
that the header can be parsed is the better choice.
While it is the correct action for a TCP end-point to stop
processing of the options when an EOL is found, a protocol
analyzer should at least ensure that there is no non-zero
data after it.
And change them to say "set" rather than "create"; they do more than
just allocate an array of conversation elements, they stuff a pointer to
that array into pinfo, which may affect what other dissectors do.
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
PT_TCP and ENDPOINT_TCP happen to have the same numerical value, and
PT_UDP and ENDPOINT_UDP happen to have the same numerical value, but we
shouldn't cheat and just type-pun a PT_ value to an ENDPOINT_ value.
Instead, make the relevant structure members endpoinnt_type values and
assign them ENDPOINT_ values.
For a PDU where we haven't seen a request, response, or
header line yet, check to see if the header name is valid
before deciding that it is a header. Prevents many false
positives on continuation data that happens to have a line
end and a colon, where we couldn't do desegmentation for
some reason.
If we get a new contiguous fragment that is inserted into the
middle of a MSP in progress, we need to update maxnextseq by
looking at all the fragments part of that MSP that are now contiguous.
Related to #17406
Similar is done for CGI, where LAC (%x)/CI (%u) is shown.
Let's do the same for SAI case, otherwise it's confusing since it first
looks as if LAC Cell Identifier was sent, but it is actually of type
SAI.
Handle RFC 2920 and RFC 3030 pipelining of DATA and BDAT. This
involves:
Instead of storing a single PDU type for each frame, storing
a linked list of PDUs (with end offsets), in order to handle
frames that switch between data and command state. This includes
handling other commands before or after a BDAT command, or handling
other commands after a DATA EOM. That means parsing the remaining
lines after BDAT and EOMs on the first pass instead of assuming that
the rest of the frame has a known type.
Also, RSET commands allow switching between BDAT transaction
and DATA transactions, per RFC 3030.
The case where more than one message is completed in a single frame
is not yet handled. RFC 2920 and 3030 imply that this is non-standard,
but it could work. To handle it, we would also have to track message
numbers in order to give fragment_add_seq_next unique frag IDs.
(It doesn't handle more than one fragment with the same ID ending in
the same frame.)
Fix#17269. Fix#17267.
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce LBC-IE (see
"6.3.2.3.1.17 LFN Broadcast Configuration Information Element
(LBC-IE)").
The last specification of the Wi-SUN FAN (I have not checked when it
appeared, but it is present in 1.1v04) introduce the field
broadcast_sync_period in LBS-IE (see "6.3.2.3.1.13 LFN Broadcast
Schedule Information Element (LBS-IE)").
The =1 part does not make any sense in reporting SACK_PERM=1.
There is no value in the option and if it is not supported the
option is not there. So remove the =1 part.
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
If we shortcut the HTTP header check because the file starts with
a non-ASCII character, but we think that it is Continuation Data
because we've seen real HTTP in the same conversation, mark the
data as file data and send it to the follow tap, just as we would
if it failed the more extensive checks for being a header. Deals
with cases where desegmentation isn't performed (whether because
of prefs, missing packets, bad checksums, etc.)
Related to #13918.
Add support for displaying one or more packet hashes that
have been recorded in EPB options.
A patch to add support for EPB hash option is pending for next
DPDK release.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When calling quic_find_stateless_reset_token, only change the
from_server pointer is the reset token is actually found.
Fixes a few cases where a new Initial connection is sent with
client and server reversed. Also fixes an error failing to
dereference a pointer to a boolean.
ECC_SM4_GCM_SM3 is defined in GB/T38636-2020
Information security technology-Transport layer cryptography protocol
which is a Chinese national standard.
the gcm behaviour of ECC_SM4_GCM_SM3 is the same as TLS1.2.
Added dissections for the following PIDs:
- PID_PARTICIPANT_SECURITY_DIGITAL_SIGNATURE_ALGO
- PID_PARTICIPANT_SECURITY_KEY_ESTABLISHMENT_ALGO
- PID_PARTICIPANT_SECURITY_SYMMETRIC_CIPHER_ALGO
- PID_ENDPOINT_SECURITY_SYMMETRIC_CIPHER_ALGO
ECC_SM4_CBC_SM3 is defined in GB/T38636-2020
Information security technology-Transport layer cryptography protocol
which is a Chinese national standard.
prf alg of ciphersuites defined in GB/T 38636-2020 are the same as TLS1.2.
Gerald Combs
Pau Espin
Vadim Yanitskiy