XML 1.0 allows valid UTF-8 characters, except for the ASCII control
characters other than tab, carriage return, and line feed.
(It does not allow form feed and vertical tab, so the allowed group is
not the same as the standard ctype.h isspace category. It also
allows but discourages DEL (\x7F).)
The characters cannot be included as character references of the
form &#xx; either; there is technically no way to include them.
Escape them as done prior to 89e96c1e77
but continue to leave bytes with the high bit set alone so that
UTF-8 printable characters are not escaped.
Fix#10445
When a dissector directly adds a string value through
proto_tree_add_string[_format_value], validate that it is
UTF-8 so that only valid UTF-8 strings are used internally,
and written to output (whether text, JSON, or XML.)
(We were treating it as a UTF-8 string anyway, but not
validating it.)
If the string passed in is not UTF-8, that's a dissector bug
Dissectors that use API functions like tvb_get_string_enc
will always produce valid UTF-8, but some do their own
processing.
Fix#18317
This reverts commit 248955d614.
It speeds up the loop when type_ is EveryWhere (see: enum SearchType)
but a hang or crash for other combinations of type_ and protocolType_.
packet-bgp.c:6886:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6903:13: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6907:13: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6917:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-bgp.c:6925:9: warning: Value stored to 'reader_offset' is never read [deadcode.DeadStores]
packet-mbim.c:5651:5: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-mbim.c:5703:5: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
Dynamically create the indices for the SRT table so that
all the message types sent from the tap get put in the SRT
table, instead of hardcoding in a list of four that is a
smaller subset of what is matched in gtp_match_response.
In Only enabled/disabled protocols lists, the rowCount decreases
as item state is changed in the parent. An equlibrium point is
reached at halfway when rows processed == remaining size of list.
Grab a static rowcount before entering the loop.
If this dissector is going to be registered to a port that isn't
IANA assigned to it, it should at least reject packets that don't
look like the protocol. If it's going to handle TCP desegmentation,
it also should deal with not necessarily starting at the beginning
of a stream too.
For GTP session tracking (off by default), there's a mapping
from <TEID, ADDRESS> to frame numbers. The current implementation
is a tree (converting the address to a string for keys) of linked
lists of the TEIDs. That gets very slow when there's a large number
of TEIDs. Convert it to a map that uses the teid and address,
with the TEID used for the hash.
There's still a reverse lookup (foreach_remove) when TEIDs are reused
or sessions fail, but this still yields over a 10x speedup on a
few moderate sized test files (~50000 GTP-C packets).
The session table maps frames (which are 32 bit uints that
start at 1) to sessions (which are also 32 bit uints that
start at 1), so use GUINT_TO_POINTER and the direct hash
functions instead of creating extra file scope pointers.
Like wmem_map_remove(), this frees the key/value pair item
in the map but not the key or the value itself (which may
in fact be the same object.) Not generally a problem, as
they'll get freed by the pool. (If someone wants to manage
memory themselves, they should probably be using a GHashTable.)
Handle PHY Update procedure where both PHY fields are set to no change.
This procedure is terminated immediately without instant.
The instant field is reserved for future use.
This fixes the Control Procedure validation not marking this procedure
as terminated, and marking all following control procedures as invalid
since the instant has not yet been reached.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The correct place to delete the dissector_info_t pointers added
to the editor is when destroyEditor is called. Override the
virtual function and delete the pointers for the colProtocol
index before calling the inherited function.
Fix#17127
Don't update the end of the msp on a second pass. (This
can only happen if we had some reassembly that didn't finish
in the first pass and got left dangling needing one more
segment. But that information is only used in the first pass.)
Use the same check as done in the TCP dissector.
Related to #18342.
Instead of having the UI have to know about each type of follow
stream, and how to retrieve its total number of streams, have
each follow type register a function that returns the total
number of stream. (The function can be NULL, for protocols like
SIP that do not use this.)
This gets us closer to making follow stream registration generic.
If we get a SYN packet with the same sequence number as the current
conversation, but after a RST (or FIN) segment, create a new
conversation.
In such a case, this is probably a peer using the same sequence
number to retry a handshake that failed with a RST due to a half-open
connection. The RST (or ACK that caused a RST) would have an
out-of-window sequence number (or inapplicable ACK for the rest of
the conversation), which can disrupt the follow info, sequence analysis,
desegmentation, etc. unless we create a new conversation.
It could also, less likely, be a new connection after a connection close
that happened to reuse the same sequence number, in which case we also
want to clear out our conversation state.
If we haven't received a RST (or FIN), then consider it a retransmission.
Fix#18333 (also handles the cases of #16944 and #17616 more smoothly).
Have a "CoAP for TMF" dissector that the user can use Decode As to
assign to a UDP port.
Have a "coap_tmf_media_type" dissector table in which the TMF code can
register itself for the media type "application/octet-stream".
Have the "CoAP for TMF" dissector pass a "this is for TMF" flag to the
common dissection code. In the common dissection code, if that flag is
set, first try the media type with the "coap_tmf_media_type" dissector
table before trying it in the regular "media_type" table.
This allows a user to specify UDP ports that 1) should be decoded as
CoAP and 2) should have an application/octet-stream payload dissected as
a TMF message, which should address concerns raised for Thread in issue
Rename dissector_handle_get_long_name() and
dissector_handle_get_short_name() to
dissector_handle_get_protocol_long_name() and
dissector_handle_get_protocol_short_name(), to clarify that they fetch
names for the protocol that the dissector dissects, not for the
dissector *itself*. Leave a deprecated
dissector_handle_get_short_name() wrapper, and export
dissector_handle_get_protocol_long_name(), as it's now used in some
dissectors.
Change some calls to dissector_handle_get_description() back to
dissector_handle_get_protocol_short_name(), as they appear to be made in
order to display a *protocol* name.
Rename some methods, variables, enums, and table column names to reflect
cases where the dissector description is being used.
Similar to work done in !8070 and !8072 to move off a function
that was deprecated in Qt5 and obsoleted in Qt6. Also migrate to
syntax laid out in !4560 and !4565.
It defaults to the short name of the protocol dissected by the
descriptor, but it's now possible to register a dissector with an
explicit description.
This is mainly for use in the Decode As UI. It handles the case where
the same protocol might have different "Decode As..."-specifiable
dissectors for different situations.
As noted in the comment for e5951765d8,
mechanisms by which a dissector can attempt to infer the protocol over
which its protocol was transported aren't reliable.
To add to that, another failure case for inferring it from the previous
entry in the pinfo->layers list is a packet transported over TCP using
MPTCP, as the previous entry would be MPTCP, not TCP.
So we provide multiple CoAP dissectors:
- CoAP over WebSockets;
- CoAP over TCP, TLS, or other byte-stream protocols;
- CoAP over other transports;
and have them pass the transport type to a common dissection routine.
We then register the appropriate dissectors in various dissector tables,
and register the CoAP-over-other-transports dissector as the "coap"
dissector.
John Thacker
Pau Espin