- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The only file system operations it does are printing of debugging output
to the standard output, so it doesn't need <wsutil/file_util.h>.
Change-Id: Ia5caf62a3aab418f039669aa0b54e163e54d0d21
Reviewed-on: https://code.wireshark.org/review/11635
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Either remove them completely, or put them inside an #ifdef.
Change-Id: Iceff4909e250c17812f38d94e067f7c37ab72e1b
Reviewed-on: https://code.wireshark.org/review/11630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have wsutil/file_util.h include them on UN*X, just as it includes io.h
on Windows, so we can have a rule of "if you do file operations, include
<wsutil/file_util.h> and use the routines in it".
Remove includes of unistd.h, fcntl.h, and sys/stat.h that aren't
necessary (whether because of the addition of them to wsutil/file_util.h
or because they weren't needed in the first place).
Change-Id: Ie241dd74deff284e39a5f690a297dbb6e1dc485f
Reviewed-on: https://code.wireshark.org/review/11619
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Having a single function call to format source-destination port column info serves the
current (and presently only) use case better by having a single place to manage the
display format.
This commit does not introduce any actual formatting changes.
Change-Id: I1d479d0fd5690d12afb47e538057fdc2dd369ca2
Reviewed-on: https://code.wireshark.org/review/11539
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The only remaining explicit user of the packet_info members is the NTLMSSP dissector. However, there may be "hidden" use of it in the spnego dissector passing between ASN.1 functions.
Someone more familiar with the protocols could possibly trim some of the "extra copies" between packet_info and gssapi_encrypt_info_t structure, but I went the "better safe than sorry" route.
Change-Id: I160d2cfccadc5f49b128609223cdff0162c3ca85
Reviewed-on: https://code.wireshark.org/review/11575
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also allow displaying the IPv6 header (correctly) as exactly 40 bytes long in
the bytes pane.
Ping-Bug: 10705
Change-Id: I1b4ea74202d519e7faf86c1c0f4f3c23403c2b2a
Reviewed-on: https://code.wireshark.org/review/11608
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is intentionally broken off of SSL to avoid confusion when UDP is involved.
Change-Id: Icfd3054be6aed2ebbd850a608efbc24f1a8f3831
Reviewed-on: https://code.wireshark.org/review/11612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since ssl_dissector_[add|delete] only take TCP dissectors, remove the parameter and just use it within the "internal" ssl_association_add call.
Change-Id: I0fdf941389934c20cbacf910250e17520614e706
Reviewed-on: https://code.wireshark.org/review/11591
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
SSDP now has its own protocol id to filter on (and use in Decode As), but all other fields are still HTTP as SSDP still doesn't have its own dissector.
Bug: 6190
Change-Id: I43394fb78ac699f0b06b9aa29df11a4e5345e260
Reviewed-on: https://code.wireshark.org/review/11616
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In response PDUs we may only get a smb2_fid_info_t
via si->saved->file instead of si->file.
Change-Id: I1e1ecdabec6267f4e4ee9246d020fe6e51a13c1d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11598
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info to the Change Cipher Spec tree when session resumption
is detected. This can be used as hint that decryption using a RSA key
file will not succeed because of missing key material.
The name of this expert info is "ssl.resumed" or "dtls.resumed" and the
expert info message is "This session reuses previously negotiated keys
(Session resumption)".
Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878
Reviewed-on: https://code.wireshark.org/review/11583
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a floating-point operation, so just use 4294967296.0.
Change-Id: I97258c8058821b6d46d740668271c0803617cdc1
Reviewed-on: https://code.wireshark.org/review/11615
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I guess it's not at risk of being clobbered by a longjmp() in a way that
affects the behavior of the code, but the older GCC on that buildbot
doesn't do the dataflow analysis to figure it out.
Change-Id: I770380e2a22d00aeccf5937203bc70968712d37f
Reviewed-on: https://code.wireshark.org/review/11611
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The field that uses it is also "#if 0"'ed out.
"#if 0" out, rather than commenting out, the variable for that field, for
consistency.
Change-Id: If3c6ba6c780f41b35d3f28adcf4d8a29117c4652
Reviewed-on: https://code.wireshark.org/review/11609
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Id4d8d9a2d2befee7b82ac4e0e6f2f1b8f03b4532
Reviewed-on: https://code.wireshark.org/review/11603
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A change-list is as follows:
- Removed un-necessary dissector revision updates from the file header since GIT tracks these nicely.
- Added proper size detection of Modbus RTU messages (including exception responses), when dealing with partial TCP segment reassembly.
- Moved the 'register' decode preferences to the Modbus dissector as TCP vs. RTU granularity isn't needed in this case.
- Obsoleted un-unused 'address type format' user preferences
- Cleaned up dissect_modbus_data to remove proto_tree_set_text instances.
- For decoded register tree objects, use register 'address' instead of 'value' for the filter field to provide a more useful filter.
- Added in conversation support, to attempt to track responses back to matching requests.
- Use conversation support to attempt to populate proper register address offsets in the response messages. Currently each request is saved and each response looks for the last prior request that matches the function code.
- Re-factored Modbus dissector to split apart request vs. response decoding. This has led to cleaner code paths, but some duplication where replies and requests are identical format.
Change-Id: I0c86ae85b8ae4cc59b037e5f68f408833205fadd
Reviewed-on: https://code.wireshark.org/review/9914
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes memleak in reassemble.c
480 bytes in 60 blocks are definitely lost in loss record 3,010 of 3,059
at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xADA3328: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0xADBA512: g_slice_alloc (in /usr/lib/libglib-2.0.so.0.4600.1)
by 0x6575C7D: fragment_reassembled (reassemble.c:804)
by 0x6577785: fragment_add_seq_check_work (reassemble.c:2027)
by 0x6577880: fragment_add_seq_next (reassemble.c:2068)
by 0x6E614E6: dissect_sccp_message (packet-sccp.c:2875)
by 0x6E63641: dissect_sccp (packet-sccp.c:3401)
by 0x6546CF7: call_dissector_through_handle (packet.c:620)
by 0x6546EA1: call_dissector_work (packet.c:706)
by 0x6547A04: dissector_try_uint_new (packet.c:1163)
by 0x6547A65: dissector_try_uint (packet.c:1189)
Change-Id: I0117b48e1e5d5688c49f264f24387dd6de1d6e08
Reviewed-on: https://code.wireshark.org/review/11541
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't have any Flex scanners that support an interactive command-line
interface, so none of our scanners are, or need to be, interactive.
Mark text2pcap's scanner as not interactive.
That means none of our scanners should call isatty(), so they don't have
any need to include <io.h> on Windows; remove that include from the
Lucent/Ascent text capture scanner.
Update a comment to reflect that what matters isn't whether we can read
from a terminal or whether we actually do so, what matters is whether
they read *interactively* from a terminal (if you want to run text2pcap
reading from the standard input and type at it, be my guest).
Change-Id: I59979d1fdb37e1913125a400963ff7a3fa6b9bbd
Reviewed-on: https://code.wireshark.org/review/11587
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by clang analyzer.
Change-Id: Idb2e80edbb5b264fd257a7b4208ff75bd543df88
Reviewed-on: https://code.wireshark.org/review/10970
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
not including the padding and auth data.
Change-Id: Ib883fcb44def8d6fbdde19729519b40b32d78577
Reviewed-on: https://code.wireshark.org/review/11563
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a regression in commit e0e574d167.
Change-Id: I447001a84e17a76ec77c48f736bbfcd8cc6324a1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11574
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This fixes a regression in commit e0e574d167.
Change-Id: Iccdeeb488ec70727fc637ca548637e5a5e54ef1c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11573
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Found by clang analyzer.
Change-Id: I1c5cb13e174df588c8834508b10790d3fd5b272a
Reviewed-on: https://code.wireshark.org/review/11564
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clean up indentation while we're at it.
Change-Id: If2068fe17664d78c8fc9747b0ee63bac0213d174
Reviewed-on: https://code.wireshark.org/review/11567
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add "placeholders" in Profinet dissector to make that possible.
Change-Id: I000069ec72b5810c5675a30df1c121aa179000b3
Reviewed-on: https://code.wireshark.org/review/11557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is hopefully just the first step in getting DCE/RPC dissection to use "standard" APIs instead of homegrown ones.
For starters, it allows Decode As functionality to be less hacky (although incomplete in Qt)
Change-Id: Ia0923a3d8d514ab7acce32e26ee7e08f6e24feca
Reviewed-on: https://code.wireshark.org/review/11468
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The target here is the Decode As dialog where protocols have multiple registrations into a dissector table and that shows up as multiple entries in the Decode As dialog list with the same name so users are unsure which "dissector" they are choosing.
The "default" behavior (done in this commit) is to not allow duplicates for a dissector table, whether its part of Decode As or not. It's just ENFORCED for Decode As.
Bug: 3949
Change-Id: Ibe14fa61aaeca0881f9cc39b78799e314b5e8127
Reviewed-on: https://code.wireshark.org/review/11405
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It ends up dragging in libwireshark headers, which programs not linking
with libwireshark shouldn't do. In particular, including
<epan/address.h> causes some functions that refer to libwireshark
functions to be defined if the compiler doesn't handle "static inline"
the way GCC does, and you end up requiring libwireshark even though you
shouldn't require it.
Move plurality() to wsutil/str_util.h, so that non-libwireshark code can
get it without include epan/packet.h. Fix includes as necessary.
Change-Id: Ie4819719da4c2b349f61445112aa419e99b977d3
Reviewed-on: https://code.wireshark.org/review/11545
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This can hopefully lead to the removal of the GSS-API specific members of the packet_info structure.
Change-Id: I7622d66e9f02c6e4cb76adcf0737b35c6ec88cdd
Reviewed-on: https://code.wireshark.org/review/11509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the definitions of hashipv4_t and hashipv6_t to wiretap/wtap.h, as
that's the main place they're used. Change them a bit not to depend on
other stuff from libwireshark, and change the code as required by those
changes.
This should fix the Solaris build; apparently, the Sun^WOracle compiler
is generating code for static inline functions even if they're never
called, so that libwiretap ends up including code that calls tvbuff and
wmem functions.
There's probably further cleanup that could be done here, but this
should at least fix the build, as well as getting rid of a dependency
between two libraries that are at least somewhat independent (libwiretap
should *not* depend on libwireshark, as some programs use libwiretap but
not libwireshark, and, ultimately, we probably want it to be possible to
use libwireshark without libwiretap but that'd be more work).
Change-Id: I91c745282f17d7c8bff7809aa277eab2b3cf47c1
Reviewed-on: https://code.wireshark.org/review/11537
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
when displaying the contents of a RFC5444 message containing an address block
with a tail, the tail's value is incorrectly displayed as:
Head: <value of tail>
while it should say:
Tail: <value of tail>
This commit fixes that.
Bug: 11673
Change-Id: Ibeb921cb712f98c9651970529e5240f871b85c0b
Reviewed-on: https://code.wireshark.org/review/11538
Reviewed-by: Michael Mann <mmann78@netscape.net>
not work with multiple SIP packages in one frame.
Change-Id: Ie142aeea0c6ad28cfdd6206738a6f147094c479f
Reviewed-on: https://code.wireshark.org/review/11516
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See [MS-SWN], https://msdn.microsoft.com/en-us/library/hh536748.aspx
Change-Id: Ie92dad2c229ec08e7f7e31be9422450305b3908a
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-on: https://code.wireshark.org/review/11366
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I8bc9af431e70243b05f4f0ce8c2b8ee451383788
Reviewed-on: https://code.wireshark.org/review/11463
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5fd1f82ff193cfface0b5d1e5be227dfc3e04f9a
Ping-Bug:11630
Reviewed-on: https://code.wireshark.org/review/11292
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For those crazy enough to try to decode PDUs sent in transparent mode ;)
Change-Id: Iab0a1325a6764846e23d8f04bd3147625b970638
Reviewed-on: https://code.wireshark.org/review/11498
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This callback was added by a mistake when adding support for
P3 over RTSE in commit 0a6d1f98.
Change-Id: Ifff0bed3b2a2a0fd2354f9c6b7072de3303dae27
Reviewed-on: https://code.wireshark.org/review/11500
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I1d3515371f50454acbcbdde75f2f1a3e614a5512
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11495
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From api ref :
warning: argument 'uint_val' of command @param is not found in the argument list of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val)
The following parameters of dissector_get_guid_handle(dissector_table_t const sub_dissectors, guid_key *guid_val) are not documented:
parameter 'guid_val'
From -Wdocumentation
parameter 'uint_val' not found in the function declaration [-Wdocumentation]
Change-Id: I9c7b82e4ecb5a126cb96c7d6c057440eb5d24bdd
Reviewed-on: https://code.wireshark.org/review/11499
Reviewed-by: Michael Mann <mmann78@netscape.net>
we can #include <wsutils/wsgcrypt.h> without doing the check ourselves
Change-Id: I248431bdb6cfa1bd85b794ec04ce1e4fcd3a7d2d
Reviewed-on: https://code.wireshark.org/review/11483
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following parameters of register_srt_table(const int proto_id, const char *tap_listener, int max_tables, tap_packet_cb srt_packet_func, srt_init_cb init_cb, srt_param_handler_cb param_cb) are not documented:
parameter 'max_tables'
The following parameters of init_srt_table(const char *name, const char *short_name, GArray *srt_array, int num_procs, const char *proc_column_name, const char *filter_string, srt_gui_init_cb gui_callback, void *gui_data, void *table_specific_data) are not documented:
parameter 'table_specific_data'
Change-Id: I7c14a46c89c58985a5000b1760ba088d9f0da293
Reviewed-on: https://code.wireshark.org/review/11491
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following parameters of register_rtd_table(const int proto_id, const char *tap_listener, guint num_tables, guint num_timestats, const value_string *vs_type, tap_packet_cb rtd_packet_func, rtd_filter_check_cb filter_check_cb) are not documented:
parameter 'num_tables'
Change-Id: I93e9297d0755077ad619839c44d2feb7b2a0c18d
Reviewed-on: https://code.wireshark.org/review/11490
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RTPS uses NTP encoding with a BASETIME equal to 0.
Also, changed "magic" by "Magic"
Change-Id: I2512176f2018396edaa6b2a1478facd26118cb13
Reviewed-on: https://code.wireshark.org/review/11184
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add heuristic support
Better documentation
Change-Id: I236c1f4d3613aa58d608aee0e5edc40c3b158d25
Reviewed-on: https://code.wireshark.org/review/10120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ibdc7fec48cef53041c1791fb4f6decb0a4df0c89
Reviewed-on: https://code.wireshark.org/review/11458
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I30095150ea639d773b887f191e0028c765beba12
Reviewed-on: https://code.wireshark.org/review/11457
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6bcc5538149e36eed31933897a95fa7592baa84a
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11363
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Addition of several fields to cover all login parameters.
Bug: 11661
Change-Id: I1cb1620b0e1a8c40b311f4dd4b6eb91e6e55a74d
Reviewed-on: https://code.wireshark.org/review/11455
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It seems like DCE/RPC could benefit from a GUID dissector table, where a dissector can register it's GUID with a dissector handle. So here is a basic start.
Change-Id: Id407117687a1a648d87f6f99c2ecbf858d8c0911
Reviewed-on: https://code.wireshark.org/review/4718
Reviewed-by: Michael Mann <mmann78@netscape.net>
Commit 301a5b7cea introduced a small
regression with the dissection of the BVID. BVID should be extracted
from the 12 most significant bits not the 12 least significant bits.
Make it so.
Change-Id: Idcf0492eea1f6cb7282641ae243aa7092e5a1418
Reviewed-on: https://code.wireshark.org/review/11472
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iee1d1cf3e24dacca3c1a353001a8af71e074a96b
Reviewed-on: https://code.wireshark.org/review/11454
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It prevents an assert in case of malformed packet
Bug: 11662
Change-Id: If5d7196c7e6ecd0ffe8ed97213dbd64bc1f69cbb
Reviewed-on: https://code.wireshark.org/review/11464
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
do the bounds check for obj_length before we use it
Change-Id: I9e15fae6de05c5833c6959239fcdc0a7d2ca59cb
Reviewed-on: https://code.wireshark.org/review/11459
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ibfb49738ea35d1d02220d69187a6083d5ebbae25
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11365
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I92711ee39850f6710eaebf5c678496e7cd9b5f59
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11364
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icc4bf0149af81c35bc6b615add473168600468fb
Reviewed-on: https://code.wireshark.org/review/11429
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to RFC 6062, once the connection is established, data is sent as-is
To stop the STUN dissector from interfering, add the ability to specify a starting
frame for a conversation dissector and use it
Bug: 11641
Change-Id: I65ca96bddacf70444009c0642ea22173fa68992e
Reviewed-on: https://code.wireshark.org/review/11372
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
packet scope is not valid when called from GUI.
To keep API constant, introduce a rpc_proc_name_internal() function allowing to
define the memory scope used for string allocation.
Bug: 11654
Change-Id: Iff36c090650939c9f2bebfd9c3fd25c51fd97dc0
Reviewed-on: https://code.wireshark.org/review/11425
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0bbbe3f92cf88c3d3d051ad613e237411b828e43
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11360
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove the need for the registration of a dedicated SIII dissector,
as this might interfere with "Decode As" handling, as well as being
redundant and no longer needed.
The udpdata dissector can handle both and gate to the correct
sub-dissector if necessary.
Change-Id: I756cd845e7e8d64848d9928ad9ff04d571434835
Reviewed-on: https://code.wireshark.org/review/11421
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix some not updated link to wiki...
Change-Id: Iafaa743c4adda36e6dffe2ec2a3a25b8228b9778
Reviewed-on: https://code.wireshark.org/review/11424
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>