into consideration.
This makes it possible to differentiate between packets on different
vlans and can be expanded to handle tunnels.
Change-Id: Id36e71028702d1ba4b6b3047e822e5a62056a1e2
Reviewed-on: https://code.wireshark.org/review/13637
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It adds string-type fields to the protocol tree and returns the value of
the string.
Add the new bitmask-adding routines to the Debian symbol list while
we're at it.
Change-Id: Idaeec44c9cd373588cadce85010f3eaf1f3febb5
Reviewed-on: https://code.wireshark.org/review/13657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(The routing token/cookie needs to be dissected better.)
Change-Id: I33464a846cda711aa430ba8f71dfe1959de3b7f9
Reviewed-on: https://code.wireshark.org/review/13651
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-ositp.c is more complete and is what's used, so we don't need
packet-x224.c.
Change-Id: Id3409d7b2af0e4ecbc64c74bb6d1ed9ea8f31738
Reviewed-on: https://code.wireshark.org/review/13650
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add tables for heuristic dissectors, and add dissectors for the stuff
Microsoft puts there for RDP; they're violating the COTP spec, but I
guess they're stuck because they're using TP0, which doesn't support
user data.
While we're at it, add variants of proto_tree_add_bitmask() and
proto_tree_add_bitmask_flags() that return the bitmask, for use by
callers.
A side-effect of the change is that the proto_tree_add_bitmask routines
no longer treat the encoding as a Boolean, so we have to pass
ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN, not just some non-zero or zero
value. Do so.
Rename ositp_decode_CC() to ositp_decode_CR_CC(), to note that it
decodes both CR and CC PDUs.
Bug: 2626
Change-Id: If5fa2a6dfecd9eb99c1cb8104f2ebceccf1e57c2
Reviewed-on: https://code.wireshark.org/review/13648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I3c55af73ba989080cf6dfe206d25a6d4923ac7f1
Reviewed-on: https://code.wireshark.org/review/13622
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch creates the functionality of saving all parameters
for extcap devices in the general preference section.
For now, multiselect and fileselect do not save their values
but patches for this will be provided in the future
Also, all preferences are stored as strings to make handling
easier. This might change in the future, but for the first version
it will stick.
Restore to Defaults is not implemented as of yet, and will be
in a future version, once the preference storing is finalized
Bug: 11666
Change-Id: I178346405146d2e43f4f3481c05c92c0b3595af5
Reviewed-on: https://code.wireshark.org/review/13451
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Very weak form of heuristics has been added based on the FLAP id byte,
but disabled by default. Make it possible to use this protocol in the
RSA keys list dialog.
Bug: 11990
Change-Id: I61f24ae9679c738194393bed0d012d2a752171b2
Reviewed-on: https://code.wireshark.org/review/13195
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There is no padding in that case
Change-Id: Ib0ce37c4fea76435b4cedfbd7d3d72420e4860eb
Reviewed-on: https://code.wireshark.org/review/13618
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I2aa1a2d0e20cca6c979d51135e7fe9ea7a084847
Reviewed-on: https://code.wireshark.org/review/13609
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic23b26f87f38db0a40213ce7c954c8618dc966eb
Reviewed-on: https://code.wireshark.org/review/13610
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix decoding of sendRoutingInfoForSM (SRISM)
application contexts version 1 and version 2.
Use a (slightly modified) version of the ASN.1 from
ETS 300 599: December 2000 (GSM 09.02 version 4.19.1), clause 14.7.6
which has LocationInfoWithLMSI that is incompatible with
application context version 3 in
3GPP TS 29.002 version 3.20.0 Release 1999, clause 17.7.6.
Bug: 9622
Ping-Bug: 9704
Change-Id: Icc9a0a1743a6eb4c907f4cab3fb2137db139ad74
Reviewed-on: https://code.wireshark.org/review/13572
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
return the error to the caller, exit the loop and the dissection...
Change-Id: Iba64a5d5e4f79bc33c2b1c91b937c9726e15a802
Reviewed-on: https://code.wireshark.org/review/13587
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
The decoding of application context version 1
SendRoutingInfoForSM (SRISM) invokes (added in bug 9704)
had issues:
- The ASN.1 for RoutingInfoForSM-ArgV1 in GSMMAP.asn
lacked teleserviceCode and the extension marker.
ETSI ETS 300 599 (GSM 09.02 version 4.19.1) clause 14.7.6
has teleserviceCode and the extension marker, but not cug-Interlock.
Clause C.6.4 mentions that cug-Interlock has been deleted,
but it's retained here for decoding backwards compat.
- The test for which application_context_version to decode as
didn't work when that value was 0 (i.e. missing).
Ping-Bug: 9704
Change-Id: I8a8170d959347a47413cfd9876022e9182256452
Reviewed-on: https://code.wireshark.org/review/13571
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the user enters a capture filter in the Capture Interfaces dialog and
presses "Start", make sure we copy the filter to the main welcome
screen.
Back out capture filter code from g0ce9ac4. Leave out the code that set
the global capture filter. Move the code that set individual capture
filters to the welcome screen.
Fix multiple interface selection in the welcome screen.
Rename allFilterComboBox in the capture interfaces dialog to
captureFilterComboBox to match the main welcome screen.
If the user starts typing in captureFilterComboBox, make sure the
"Capture Filter" column is visible. Update the "Capture Filter" column
as the user types. Conversely, if the user edits the "Capture Filter"
column, update captureFilterComboBox accordingly.
If we're editing a per-interface filter make sure we commit its contents
before starting capture.
Map our device index directly to each tree item instead of using a
separate map which will no longer be valid any time our sort order
changes (which we do right away in our constructor).
Don't set prefs.capture_devices_filter in the Qt UI. The GTK+ UI doesn't
and doing so can lead to surprising behavior. Note that it's mostly
unused.
Note that we don't multiple selected filters very well.
Ping-Bug: 11886
Change-Id: I3c052f4f464411e2fb8fb7d96b218e1ce2bac3fd
Reviewed-on: https://code.wireshark.org/review/13410
Reviewed-by: Gerald Combs <gerald@wireshark.org>
RFC3015 indicates that megaco packet may have AuthenticationHeader, 'AU', as
+ appendix A.2 ASN.1 syntax specification, and
+ appendix B.2 ABNF specification.
Currently wireshark does not decode MEGACO packet with AU because
wireshark just gives up to decode at AU field, although the data
following AU field is possible to decode.
This fix inspects the MEGACO packet for AuthenticationHeader and skip it
if it exists. In further enhancement, it will be shown as appropreate format.
Bug: 12051
Change-Id: Ibcea8554a4079a687584b84164b2a4d177dca7f4
Reviewed-on: https://code.wireshark.org/review/13559
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
NULL ciphers have their content in plaintext which can be dissected.
When the keys are available, decryption and MAC validation works as
usual. When the master secret cannot be found, continue anyway in case
of NULL ciphers.
Change-Id: I1ba6de6333fad58cabc757544490cddca7d82e26
Ping-Bug: 4652
Reviewed-on: https://code.wireshark.org/review/13536
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 11559
Change-Id: I51836dc9a4fa399835c7bdabcba577ebd40327ad
Reviewed-on: https://code.wireshark.org/review/13538
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Vuze used Vivaldi. It is decentralized network coordinate system.
Vivaldi contains 3 coordinates of an Euclidean space + 1 coordinate
of predicted error.
Change-Id: I8c4b4d64534675d1dfb9d35a03a61d2336fc0e6d
Reviewed-on: https://code.wireshark.org/review/13547
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for the following segment types:
1. Port: Extended
2. Logical: Service ID
3. Logical: Extended
4. Symbolic: ASCII, Extended String, including: Double-byte, Triple-byte, Numeric (USINT, UINT, UDINT)
5. Network: Extended
6. Network: Production Inhibit Time in Microseconds
Bug: 12049
Change-Id: I31b269c28c0101205cbc02f858de47106b9e7373
Reviewed-on: https://code.wireshark.org/review/13552
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Delay allocation of a GByteArray to avoid a memleak on errors.
Change-Id: I2b2ae6d33407500e81a4f45b86ef82720d3443a4
Reviewed-on: https://code.wireshark.org/review/13553
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Part 2 (oups forget to save before commit)
Change-Id: I186596d6c6e3838fc86794638f50f115b270d230
Reviewed-on: https://code.wireshark.org/review/13548
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The following parameters of dissect_umts_cell_broadcast_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) are not documented:
parameter 'data'
Change-Id: I4cd2a41f62ca99fc7aaa5d95049abd5662e50940
Reviewed-on: https://code.wireshark.org/review/13544
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissectors registered with SSL must be registered for Export PDU to
work properly. Otherwise the dissector name could be NULL, resulting
in a capture file that cannot properly be dissected.
Add an assertion to ssl-utils to catch this situation. Note that this
results in an "wmem_alloc: assertion failed: (allocator->in_scope)"
report because these functions are possibly called in the protocol
handoff routines... Can be fixed later.
The DNS dissector is fixed by merging the UDP/TCP dissectors into a
single dns handle which recognizes TCP and then assumes the length
prefix if TCP.
Change-Id: If73b9b09a4682d66fb8fa026c42a3475648f9bf1
Reviewed-on: https://code.wireshark.org/review/13194
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid a RSA private key lookup for client certificates, the RSA private
key is only valid for the server certificate. The lookup based on the
client cert resulted in overwriting the server match.
Bug: 12042
Change-Id: I60aa79f8f2b941bfde032e20ab11446ae4e6c81b
Reviewed-on: https://code.wireshark.org/review/13530
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The gui.layout_type preference is part of the Layout submodule (which is
part of the gui module. The Layout submodule has a special apply
callback that validates its prefs. These validations were never called
though because the prefix is "gui" and as a result that module would be
marked as changed.
Fix this crash by calling the validation function on the submodules
instead holding the pref, not its parent.
Change-Id: I2a49dce93fdc7fab4ab3dc52dad90288c2d17434
Reviewed-on: https://code.wireshark.org/review/13154
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's not tied to the frame_data structure any more, so it belongs by
itself.
Clean up some #includes while we're at it; in particular, frame_data.h
doesn't use anything related to tvbuffs, so don't have it gratuitiously
include tvbuff.h.
Change-Id: Ic32922d4a3840bac47007c5d4c546b8842245e0c
Reviewed-on: https://code.wireshark.org/review/13518
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I896b945067c4325a29c41c23ad39486e356d9434
Reviewed-on: https://code.wireshark.org/review/13474
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Output from BASE_HEX et al has always been zero-padded to according to
the field type - 8 digits for FT_UINT32, etc.
When the field has a bitmask, this is definitely not appropriate - the
field type is used to indicate the size of the bitfield container, and
tells us nothing about the size of this field.
Instead, determine the actual size of the field by inspecting the
bitmask, and output the corresponding number of hex digits.
Change-Id: I10ec4e93e1e40e8b1354d5368cc8945cf671a617
Reviewed-on: https://code.wireshark.org/review/13225
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That takes into account any time-shifting that's been done.
Change-Id: Ib4c01e7b055f5ac2f1111bcbe946c6094dcb70ae
Reviewed-on: https://code.wireshark.org/review/13502
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add fields for the absolute time stamp (and another field for a presence
flag for the absolute time stamp) and the packet encapsulation for the
packet.
This lets us remove the field for the packet encapsulation in the
frame_data structure; do so.
Change-Id: Ifb910a9a192414e2a53086f3f7b97f39ed36aa39
Reviewed-on: https://code.wireshark.org/review/13499
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just treat it as an array of bytes. When checking for whether it's a
pcapng file, also determine whether it's big-endian or little-endian.
Note that reading it in *host* byte order will tell you whether it's in
your byte order or byte-swapped; you have to know your byte order to
know whether that means little-endian or big-endian.
Have a #define for the byte-order magic number size, as all byte order
magic number values must be that size, and use that as the size of the
magic-number arrays.
Also use a #define for the SHB block type magic number.
Get rid of a now-unused expert info. (If the magic number isn't
something we recognize, we don't treat the file as a pcap file, so it
can never be "unknown".)
Change-Id: Ic74cceac17d1490eb70a28f67cb4dbb512e031ac
Reviewed-on: https://code.wireshark.org/review/13494
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(If the magic number isn't something we recognize, we don't treat the
file as a pcap file, so it can never be "unknown".)
Change-Id: I7e8bac1ebd2cbfd6d603035428274a1098ff7544
Reviewed-on: https://code.wireshark.org/review/13491
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just treat it as an array of bytes. When checking for whether it's a
pcap file, also determine whether it's big-endian or little-endian.
Note that reading it in *host* byte order will tell you whether it's in
your byte order or byte-swapped; you have to know your byte order to
know whether that means little-endian or big-endian.
Have a #define for the magic number size, as all magic number values
must be that size, and use that as the size of the magic-number arrays.
Handle nanosecond timestamp resolution while we're at it.
Change-Id: I4d83579d919ae9f15888afca14317631d413ca51
Reviewed-on: https://code.wireshark.org/review/13490
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The compiler being used for the 64-bit OS X build is buggy; throw in an
otherwise-unnecessary cast to squelch its bogus warning.
Change-Id: Ie2104ba861493870191530ca391a089ca3951929
Reviewed-on: https://code.wireshark.org/review/13489
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Parenthesize differently and, while we're at it, don't use the useless
gsize data type - C has had size_t since C89, use it. gsize's only
purpose is to use in APIs defined to take gsize arguments.
Change-Id: I7d68273e7e0f0e71947d3505cb283bfa216fce03
Reviewed-on: https://code.wireshark.org/review/13488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DIAG_O{FF,N} take a warning flag name *without* the "W".
Change-Id: I00558e42804b9f2ec4e80fae7c739541880381ca
Reviewed-on: https://code.wireshark.org/review/13487
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Get Attributes All is a predefined list of existing attribute IDs for a given class. Add a new index for each attribute for their place in GetAttributesAll response. Then a hash table of classes for existing attributes are created to handle the GetAttributesAll service.
Added more TCP/IP object attributes since more have been added to the spec.
Moved TCP/IP object attributes all to ENIP dissector.
Bug: 11996
Change-Id: I7f50c9aadf04efdb17ef31f39e6a991c0a84bef2
Reviewed-on: https://code.wireshark.org/review/13186
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
nfs: Fix up the SEQUENCE status flags
The SEQUENCE status flags are being displayed incorrectly (after the NFSv4
operations) due to being attached to the COMPOUND tree instead of the
SEQUENCE op's tree.
nfs/flexfiles: Ensure that we account for the layout_flags in the offset
nfs/flexfiles: Add a dissector for the optional layoutget "stats collect hint"
field
Change-Id: I8744254aa9f65a0b33510f2352875b01804149c2
Fixes: d892c32cc2 ("Eliminate proto_tree_add_text from packet-nfs.c")
Fixes: 79b88aacb6 ("nfs: Cleanup of FlexFiles Layout Type")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/13477
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add some variables to be used in custom window title.
%P = profile name
%V = version info
Change-Id: I049717432a4d3523b541bb4f6f882c75abc38ddb
Reviewed-on: https://code.wireshark.org/review/13419
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Added ZBOSS wpan traffic dump dissector.
ZBOSS stack has a debug feature: dump of traffic between stack logic and transceiver radio.
Traffic dump now has TI 25xx FCS format plus ZBOSS additions:
trace id, ZigBee channel, i/o direction.
This is new dissector implementation.
Change-Id: Ic442e73f86e0900eb729e85e31c698131c0028d5
Reviewed-on: https://code.wireshark.org/review/13435
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
with different VLAN Ids in the trace in some cases.
Add VLAN Id to the ID used to identify fragments.
As discussed in https://code.wireshark.org/review/#/c/13452/ this may not
be a complete solution but fixes the emediate problem.
Change-Id: Id418304268d2bf4d0af863de11c4db02dc0854db
Reviewed-on: https://code.wireshark.org/review/13470
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I have traces where IP reassembly gets confused by multiple frames from
different VLANS and ends up adding fragments from differet messages
togeter after IP Identification is reused.
I think VLAN ID could be useful in other places too to aviliate duplicate
packet detection. Making this a separate patch while testing the usage.
Change-Id: Id7c23dc52f6de2e1f2e980ec8fe61d0598500d0d
Reviewed-on: https://code.wireshark.org/review/13452
Reviewed-by: Anders Broman <a.broman58@gmail.com>
in this case, we can just continue dissecting
proto_tree_add_item() will throw the exception for us if we
don't have enough data
Change-Id: I8c0bfa8eaff9119ae00e69601bf5f37501574044
Reviewed-on: https://code.wireshark.org/review/13462
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>