Applies to the resolve Physical Addresses to names preference.
Change-Id: Ib1f484afc940eb6a022e03a1766c18449b2dfed3
Reviewed-on: https://code.wireshark.org/review/13400
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Don't just check whether we *have* the MCS index, check whether it's a
valid MCS index, before we use it in calculations. Otherwise, we'll
make out-of-bounds array accesses.
(May or may not fix bug 12085, so just Ping-Bug for now. It's necessary
in any case.)
Change-Id: I7119366397b260089aea35ae9fcd5ad9ec6b06f2
Ping-Bug: 12085
Reviewed-on: https://code.wireshark.org/review/13790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gluster added support for a SEEK operation, supporting SEEK_DATA and
SEEK_HOLE. The actual protocol modifications can be found in commit
9b71092f3 (http://review.gluster.org/11482).
Bug:12088
Change-Id: I298b4a5023fa748e9c443ae5a24a1b58d76a5453
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/13780
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
the new interface.
Change-Id: I4f818d55416d3b1d09b46015d83f3acc5a9e71cc
Reviewed-on: https://code.wireshark.org/review/13744
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I99c556950007957c09809dc477a94d410cca4cc8
Reviewed-on: https://code.wireshark.org/review/13728
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
in the switch-case statements, we already show an expert info
it should be sufficient to exit and report to the caller
how many bytes we dissected
as for the string, we can just calculate the length and let
proto_tree_add_item() throw an exception if that length is invalid
Change-Id: I310a4011cb112f3ed70e804c5b44d58f275fab6b
Reviewed-on: https://code.wireshark.org/review/13745
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This includes request/response tracking
Change-Id: I12ac4c198929aa6a75f3f839f9ee52ebf00b8059
Reviewed-on: https://code.wireshark.org/review/13743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
These objects are defined in Volume 8, but it doesn't make sense to create a new dissector file for them, so just distribute them where it makes the most sense in the existing CIP dissectors.
Also do some conversions to proto_tree_add_bitmask while in the neighborhood.
Add support for EtherNet/IP over DTLS/TLS.
Change-Id: I4e658e8871eebb222816229de7594ff766264308
Reviewed-on: https://code.wireshark.org/review/13710
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I767a334c82c27b06be7e72461b7f3e3d961784b4
Reviewed-on: https://code.wireshark.org/review/13725
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
it will be also make happy OS X x64 buildbot
Change-Id: Ib718d717719739314170632f04b3ec68c2917ed6
Reviewed-on: https://code.wireshark.org/review/13730
Reviewed-by: Anders Broman <a.broman58@gmail.com>
the messages contain "length codes" instead of the actual lengths
use a simple conversion table to covert length codes into lengths
add generated items for the actual lengths
Change-Id: Ic10aed0d20cfca30524cf767798df4eec2330592
Reviewed-on: https://code.wireshark.org/review/13734
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
it's used by two messages, the relative position
inside the current byte is different
don't use a static bitmask for the hf
Change-Id: I6a145cad46bab1afd22f66f144e7e4e9909f0b15
Reviewed-on: https://code.wireshark.org/review/13732
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The proto tree is needed in several cases when using Lua field extractors,
because they fetch values from the tree. Without a valid field extractor
a Lua plugin may misbehave and display wrong column info.
This fixes column issues when:
- Calling resetColumns() in Qt. This involves adding a display filter,
change time display format, change name resolution and other changes
in UI which requires column updates.
- Print summary lines.
- Export as CSV and PSML.
Change-Id: Ieed6f8578cdf2759f1f836cd8413a4529b7bbd80
Reviewed-on: https://code.wireshark.org/review/13708
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id8156680d67d65d87c156df05e8a66e2531728d2
Reviewed-on: https://code.wireshark.org/review/13709
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In RTPS, regular samples are serialized with the format
<encapsulation, serialized data> and thus, the dissection of the
encapsulation was suggested to be done in the custom dissector.
However, batches are serializing the encapsulation only once as
<encapsulation, sample 1, sample 2>. This makes us need to dissect
the encapsulation in the RTPS dissector and providing as (void*) data
to the custom dissector. This way we support the regular samples
dissection as well as the batches dissection.
I have defined rtps_dissector_data in packet-rtps.h and I suggest
we include that header file when we want to write a custom dissector.
Bug: 12029
Change-Id: I74ed4c31484f9a99ad6c44c6c34cc52be2adb7c8
Reviewed-on: https://code.wireshark.org/review/13413
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-path mutation responses can have a variable number of values
encoded in them:
- Successful requests have 0..N values, one for each mutation which
wishes to return a value (e.g. SUBDOC_COUNTER)
- Unsuccessful requests have 1 value, specifying the index and status
of the first failing mutation
Add support for decoding a variable number of response values.
Change-Id: Ia1f682f7f701829bd808a44ee142ffe912095e15
Reviewed-on: https://code.wireshark.org/review/13688
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. ENIP: When there is more than one ENIP command in a given TCP packet, display both in the Info column. Previously, only 1 would be displayed.
2. CIP: Services need a context to be able to interpret properly. Display the Class or Symbol name in the Info column in an object oriented manner for Request Paths, or Connection Paths.
3. CIP: Display the request path/service in a CIP response, instead of just "Success". These changes make it visually easier to identify traffic.
4. CIP: For the Info column, make Multiple Service Packet formatting a little more consistent regarding the divider between embedded packets. Previously, it would display 2 different separator types "," and "|".
5. CIP: Add preference to enable/disable "Display enhanced Info column data"
Change-Id: I7e95bc144588c0925137e01abbc814babb494d19
Reviewed-on: https://code.wireshark.org/review/13632
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Userlog is user flow logs of H3C device.
Flow logging records users' access to the extranet. The device classifies and
calculates flows through the 5-tuple information, which includes source IP address,
destination IP address, source port, destination port, and protocol number,
and generates user flow logs. Flow logging records the 5-tuple information of
the packets and number of the bytes received and sent. With flow logs, administrators
can track and record accesses to the network, facilitating the availability and
security of the network.
examplecapture: https://wiki.wireshark.org/SampleCaptures#UserLog
Bug: 11878
Change-Id: If3b5ca75bdd6cd8dc12af4a35401c5a6aa193a73
Reviewed-on: https://code.wireshark.org/review/8148
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'openflow.ofp_match.pad' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
Change-Id: I514bdf6a77ddbf9f8d7e614ea6f4ecf04a664453
Reviewed-on: https://code.wireshark.org/review/13677
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'ospf.mpls.bc' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT8
'ospf.v3.lsa.link_local_interface_address.ipv6' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
Change-Id: I6a014c072c05bdb30ae30d56a6718062fccc75c7
Reviewed-on: https://code.wireshark.org/review/13681
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I58192af77c8e9af94183e5d82d282e22dc91b49e
Reviewed-on: https://code.wireshark.org/review/13659
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 11933
Change-Id: I7ac03166c4c69a2366da26c44a89aee60116ac7f
Reviewed-on: https://code.wireshark.org/review/13674
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
parsing
Change-Id: I55d0b435ae1b12e14a20dd9ea18ba05188b0e378
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13666
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't just display every field that's not a STRING as a lump of hex
bytes; display them (and make them filterable) according to their data
type.
Change-Id: I5717c45bc970616ba9438277e1bcaae46c3cbdf8
Reviewed-on: https://code.wireshark.org/review/13669
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the code in question deals with the scenario where the length field's
value is larger than the number of remaining bytes
we can simply stop the dissection if truncation of the data is expected
if not, we continue disecting and we'll get an exception when we reached
the end of the data...
Change-Id: I3f29df694d9ea7d41f19511d267ef6b785527e3c
Reviewed-on: https://code.wireshark.org/review/13624
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>