We want things like aes-256 keys to be displayed completely.
Change-Id: I746f3282440c036cfb60263be40e3b3a6ed859c2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid repeating code dealing with dissection of version and flags fields
that ISO/IEC 14496-12 defines in FullBox class.
Change-Id: I72cb4072c8bb41a670d41187692dd72697dd1049
Reviewed-on: https://code.wireshark.org/review/35888
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Times before 1970-01-01 should be represented as a negative number of
seconds in nstime_t.
e.g. MP4 creation_time of 0x00000000 (which appears frequently as the
default in mp4 files) was rendered as Feb 6, 2040 07:28:16 CET
Change-Id: I979aeeb8a625caad3dfbce114cff6f9967d59d6e
Reviewed-on: https://code.wireshark.org/review/35904
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ack overflow data was incorrectly dissected causing checksum errors. For now
just display raw data.
Change-Id: Icdd858bdbeeb4dd40e48c45fc46e5e188d53be69
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/35915
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
With BUILD_androiddump and EXTCAP_ANDROIDDUMP_LIBPCAP enabled, the
linker notices a couple of cases of underlinking:
extcap/androiddump.c:541: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:685: error: undefined reference to 'ws_hexstrtou32'
extcap/androiddump.c:2513: error: undefined reference to 'cmdarg_err_init'
extcap/androiddump.c:2517: error: undefined reference to 'data_file_url'
extcap/androiddump.c:2629: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2592: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:2646: error: undefined reference to 'ws_strtou16'
extcap/androiddump.c:1708: error: undefined reference to 'ws_inet_pton4'
extcap/androiddump.c:1783: error: undefined reference to 'ws_inet_pton4'
Fix that by explicitly linking against libwiretap and libwsutil when the
linker cannot find those symbols by linking to them through libwireshark.
Change-Id: I4db266fe82927c12d18fec06f9d766b9390bcec3
Reviewed-on: https://code.wireshark.org/review/35855
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IO Graph used to show a value of 0 if there are no relevant
fields/packets when using SUM, MAX, MIN or LOAD. This is an
issue because you can not distinguish if there was a value
of 0 or if there was not even a relevant field/packet. With
this patch IO Graph shows no point in the interval if there
is no relevant field/packet when using SUM, MAX, MIN or LOAD.
Change-Id: I9b17447cb38efe6dbf9299ec67aac999cfa744a3
Reviewed-on: https://code.wireshark.org/review/35859
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
XXX comment reworded to be more informative and reflect lack of
consensus on removing RFC 3514.
Change-Id: If15b8f5d7c450192b1b6ebbfa463b19f27de177c
Reviewed-on: https://code.wireshark.org/review/35934
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
If tf.handle() fails, it returns -1; we shouldn't call ws_fdopen() on
its return value. (I'm not sure whether it can fail, but this code is
all a bit twisty.)
If tf.handle() succeeds, and we hand its return value to ws_fdopen(),
and we get back NULL, *that* indicates that ws_fdopen() failed.
This should fix Coverity CID 1457929, preventing a FILE leak.
Change-Id: I23bb04579d26928037f8b9284b7741affc3596f7
Reviewed-on: https://code.wireshark.org/review/35940
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The drift values should use the relative time (arrivaltime) instead
of the absolute time (current_time) otherwise, the values are wrong.
Bug: 16343
Change-Id: Icdc65476ab68ce51088314b7c9de939c86472ae9
Reviewed-on: https://code.wireshark.org/review/35908
Reviewed-by: Aymeric Moizard <amoizard@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The offset variable was not incremented in that case
Bug: 16345
Change-Id: Ifb73a2ef9371ef5e4567013056fc77ca83a89e37
Reviewed-on: https://code.wireshark.org/review/35919
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
- Add VLC transmision bit to talk_to_me field
- Add targeted mode bit to talk_to_me field
- Add targeted top and bottom port range fields
Change-Id: Ibe12d2418129ef431ba3e832df11185fb123c9e7
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/35914
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The SubSwitch field holds bit 7-4 of the 15bit port address, but
it holds it in bit 3-0 so we have to shift it 4 bits instead of
taking bit 7-4 of the SubSwitch field.
Change-Id: I7841d64749e8a561e4ee928a23a3c46cb5be34cb
Signed-off-by: Erwin Rol <erwin@erwinrol.com>
Reviewed-on: https://code.wireshark.org/review/35910
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This will be used in order to decrypt DCERPC messages with
header signing.
Change-Id: Ib72fe0fcae5eaaa5bbc755e9af5a36b23b370bde
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35710
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will be reused in the next commits in order to
use use krb5_c_decrypt_iov() instead of krb5_c_decrypt()
in some situations.
Change-Id: I026cce14cb48813907e52793f3075cb4b9ce16c1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35709
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I1d14ffe928e1b303eee7e95a45a9617ffcfb151b
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35707
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit will finally allow the decryption of DCERPC
traffic with AES-keys and header signing.
Change-Id: I3a76541493976c9f4d3d228757e8fe0e08a0f02c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/35711
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use G_GUINT64_FORMAT and remove the format character when printing
unsigned value. Use G_GINT64_MODIFIER when also giving the format
character ('x').
Change-Id: I7c02ec3ebd058c392f8fb21a0e20e242a06e8888
Reviewed-on: https://code.wireshark.org/review/35896
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some deltas between the UN*X epoch and other epochs that are
used in a number of places; put them into a header.
Change-Id: Ia2d9d69b9d91352d730d97d9e4897518635b4861
Reviewed-on: https://code.wireshark.org/review/35895
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Certificates used in TLS typically have a serial number larger than 64
bits which do not fit in FT_UINT64 and results in use of the synthetic
ber.64bit_uint_as_bytes field name. To enable use of ocsp.serialNumber
and x509af.serialNumber field names, define these as bytes instead.
Update the BER dissector to allow INTEGER types to use FT_BYTES.
Bug: 16339
Change-Id: Id58075b450d86aff6b616c359900ae83a3ec2f51
Reviewed-on: https://code.wireshark.org/review/35868
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not assume that having a TCP port means that CoAP is running directly
over TCP: this is not the case with MQTT for example (see bug 14591 for
a capture). Instead explicitly check that the parent dissector is TCP or
TLS.
Bug: 15910
Change-Id: Ib4880623b8525fe6be52a685397005eac86da135
Reviewed-on: https://code.wireshark.org/review/35879
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The S/370-and-later TOD clock counts in microseconds, not seconds.
Change-Id: I0b11586df073ed589d69ffc014e6f8661dff3d31
Reviewed-on: https://code.wireshark.org/review/35891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those times are in seconds since January 1, 1904, 00:00:00 (proleptic?)
UTC.
MPEG-4 Part 14 (MP4) is based on QuickTime, so it uses classic Mac OS
time stamps, in seconds.
Change-Id: Ibcd7faf1b119d8acbb294c95b66ca0d1fb70cbb3
Reviewed-on: https://code.wireshark.org/review/35886
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- The AVP should be an OctetString
- Orientation of major axis should not be multiplied by 2 according to
the latest standard.
Change-Id: I68532108cc36f4699c10b35ffdbcfaef0c29d9fe
Reviewed-on: https://code.wireshark.org/review/35890
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>