which is the name of the field before it
Change-Id: I7661bcff58b8a1031dcde84dd46499b7b93b42df
Reviewed-on: https://code.wireshark.org/review/26517
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mention Npcap on the WinPcap installer page and add a link to it.
Update some other text and tell developers to use NSIS 3.0 while we're
here.
Change-Id: I64728f014f518439ba4a38eda7a283274d40fcdc
Reviewed-on: https://code.wireshark.org/review/26515
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch a build example to CMake + Ninja. Add syntax highlighting
annotations.
Change-Id: I5ee0af548f44ed5be6f6e8367f5167dc499df017
Reviewed-on: https://code.wireshark.org/review/26514
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decrypting Observe responses with Partial IV within the
response. CoAP prioritizes the Partial IV from the response if present,
if not it passes Partial IV from the corresponding request.
Bug: 14417
Change-Id: Icb0f782de67bd0507db4f1f2a2ea90c72a4b6f0a
Reviewed-on: https://code.wireshark.org/review/25483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
OSCORE plaintext contains CoAP code, some CoAP options and CoAP payload.
To avoid code duplication, CoAP dissection of these fields used by
OSCORE is generalized and exported in packet-coap.h. Exported functions
and their subroutines now operate explicitly on local variables. This
allows OSCORE dissector to pass its header fields.
Use of "offset_end" instead of "coap_length" to denote the end of
message.
Bug: 14417
Change-Id: If51b0d585ab29d46c1c550fbf264fd3765ed4c32
Reviewed-on: https://code.wireshark.org/review/25482
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Structure oscore_info_t carries parameters needed by OSCORE for
decryption. These parameters are communicated in the CoAP layer within
the Object-Security option. To decrypt a response, OSCORE needs the
parameters from the corresponding request. Matching of responses to
requests on the CoAP layer is leveraged to pass the correct parameters
to OSCORE. This change adds an oscore_info_t pointer to coap_info and
coap_transaction structures in order to pass the parameters on to the
OSCORE dissector. Dissection of Object-Security option is reworked to
make use of the new coap_info element, instead of relying on local
variables.
Bug: 14417
Change-Id: I173057ba95407675aaa539ddbff51d02337551bc
Reviewed-on: https://code.wireshark.org/review/25481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change introduces the OSCORE dissector, following
draft-ietf-core-object-security-07. It performs decryption and
authenticity
check on requests.
Bug: 14417
Change-Id: I92e45d66d5df51f6d4dbea4ef44e707955b65bee
Reviewed-on: https://code.wireshark.org/review/25480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Note that we might remove Autotools support at some point.
Change-Id: Iebac8982514d39c9c76de0b4360b02c3e97591f9
Reviewed-on: https://code.wireshark.org/review/26484
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This makes it clear than the two entites, the MCC and the MNC are related
to each other and mirrors an earlier way of displaying the info. At a later
time we could print out the operator name as well. Eg, USA Verizon or
whatever next to the PLMN as well.
Change-Id: I6fef38a4e502514fdd78f69ffe650b6337f84cc9
Reviewed-on: https://code.wireshark.org/review/26491
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Allow FileHandlers to specify the extension that is used for saved
files. Implementation note: previously "fh->extensions" was unused;
memory is not freed anywhere because registered file handlers can
currently not be destroyed.
Bug: 14386
Change-Id: I65509c10a678fc6af0cf6a4c5c8aed56e79ea34a
Reviewed-on: https://code.wireshark.org/review/26399
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix up some markup while we're here.
Change-Id: I2299b8bec44ff08952e2f1bda3a40448e2fb55c6
Reviewed-on: https://code.wireshark.org/review/26487
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add col_data_changed, which checks to see if we have updated column
info. Add col_append_frame_number, which adds a frame number and sets
col_data_changed. Call col_append_frame_number instead of
col_append_fstr from some dissectors.
Add PacketListRecord::invalidateAllRecords, which invalidates any cached
record data. Add PacketListModel::invalidateAllColumnStrings which calls
invalidateAllRecords and signals that our data has changed. Call
invalidateAllColumnStrings when we have new name resolution or column
information.
Bug: 11414
Bug: 11468
Change-Id: I2671594a722f4f9436fe1df84d43489a148e0cee
Reviewed-on: https://code.wireshark.org/review/26373
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Includes new authenticated additional data required for decryption, see
https://tools.ietf.org/html/draft-ietf-tls-tls13-26#page-83
Tested with current openssl master (OpenSSL_1_1_1-pre2-131-gfa25763b55).
Change-Id: Ifb5bf6ab44bb13cbd8cfa60abe0a2665ad094f9a
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26447
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Rather than relying on the advertised ciphers in the Client Hello (which
might not match the early data cipher), try all TLS 1.3 ciphers when the
0rtt secret is available.
Whenever the client advertises the "early_data" extension, we will try
to decrypt it when keys are available. This is tried before decrypting
normal handshake/application data because a server might reject early
data and then no End Of Early Data (EOED) message is available. Care is
taken to decrypt as much 0RTT data as possible, only when when EOED is
seen *or* when 0RTT decryption fails, then it will switch to HS secrets.
Requires at least Libgcrypt 1.6 for verifying the auth tags, otherwise
it cannot recognize whether the "decrypted" result is correct.
Since the negotiated draft version is not known during Client Hello,
rely on heuristics to guess the actual draft. This is relevant since the
key expansion changed in draft 20. (Test with comment 56 in bug 12779.)
Change-Id: Ied3f2b4b9f38d1280a6158c3a3aff8296c035fc3
Ping-Bug: 12779
Bug: 14308
Reviewed-on: https://code.wireshark.org/review/26445
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In preparation for TLS 1.3 early data trial decryption, give the caller
of "ssl_decrypt_record" control over skipping integrity check failures.
As a side-effect, this will avoid a ssl preference from affecting DTLS.
If desired, a DTLS-specific preference can be added at a later point.
Change-Id: Ib84a127b4dab524902edeb2d335d069db0304ded
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26473
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
We can be reasonably certain that CMake sets CMAKE_C_COMPILER_ID,
MSVC12 and MSVC14 correctly. If we add a compiler flag based on those
variables don't bother passing it through check_c_compiler_flag or
check_cxx_compiler_flag. This speeds up CMake here quite a bit.
Change-Id: I3a681a8a9287b33353030fd37303aa32f04b79a9
Reviewed-on: https://code.wireshark.org/review/26475
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change the remaining ", <something>" listings into the Wireshark typical "<something> ,"
Change-Id: I990ab3798514ff8bfd77bc12c86c979365f43f72
Reviewed-on: https://code.wireshark.org/review/26469
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Convert the IPv4 and IPv6 GeoIP lookups to their MaxMindDB equivalents.
Change-Id: I7f6bd697e7d4b09fdd1f4bfa17011fc6ea1aec26
Reviewed-on: https://code.wireshark.org/review/26446
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The following functions are now also exported in the libwireshark.dll:
decode_zcl_time_in_100ms
decode_zcl_time_in_seconds
decode_zcl_time_in_minutes
dissect_zcl_attr_data
zbee_zcl_init_cluster
By doing this manufacturers can create manufacturer specif plugins that can dissect manufacturer specific ZCL attributes and commands.
Change-Id: I2b68c3a4d13f74d648d12816f7693423ba24953b
Reviewed-on: https://code.wireshark.org/review/26442
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin