Prior to this change the extcap option dialog destructor was called only
when the main Wireshark window closed.
Besides that, fix the NULL pointer dereference that would happen if
device name was not a valid extcap device.
Change-Id: I84334e3a83c66557d961771f74c39447d30a6875
Reviewed-on: https://code.wireshark.org/review/33197
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bits named according to IEEE 802.11-2016, p.836, Figure 9-192
Change-Id: I4e0a6c90796d80ebbdc31c32a3ea2d9da4db8885
Reviewed-on: https://code.wireshark.org/review/33193
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The default chk callbacks for individual fields only catches basic
errors such as invalid, too large numbers. Many dissectors perform
additional validation in the update_cb which is invoked for a record as
a whole. If this check fails, then the UAT must not be marked as valid
or else invalid records (like NULL pointers) could be exposed.
Thanks to Uli Heilmeier for noticing this.
Bug: 15709
Change-Id: I1cc4c6925322011a561ad6df840fbac67796e5b2
Fixes: v2.3.0rc0-1002-g1cd22559a8 ("Qt: convert UatDialog to model/view pattern, improve UX")
Reviewed-on: https://code.wireshark.org/review/33157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check the return value of fscanf() instead of relying on feof(). This
should help ensure that we exit correctly.
Bug: 15777
Change-Id: I8b5985f6015cb6a85378db5135b29bb2c3de1e90
Reviewed-on: https://code.wireshark.org/review/33196
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For type B cards, the PCD assigns a card identifier (CID)
in the attrib message it sends to the card. The card sends
the assigned CID back in its response.
We already dissect the CID in the response. Dissect it in the
attrib message as well.
Change-Id: Ic0bd200f0e40496d8fe3121aa9ad601a269de36c
Reviewed-on: https://code.wireshark.org/review/33183
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Ber choice called with a non FT_UINT hf variable. Work around by
duplicating ASN1 code.
Change-Id: I71b38e25288f222058793110eb43c122c012dcca
Reviewed-on: https://code.wireshark.org/review/33191
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No, not every machine on which Wireshark is built, run, and tested is
little-endian. See bugs 15772 and 15754.
Change-Id: Ice1d012e1a788f6a7bb031bdf0e2f01f523a91ec
Reviewed-on: https://code.wireshark.org/review/33192
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert the host-endian session ID passed to seskey_find_sid_key()
before comparing it with the little-endian session IDs in the UAT.
While we're at it, tag session ID fields in various structures with the
byte order.
Bug: 15772
Change-Id: Ib1e7323bad1dfdb1ac24a08998205650f2744097
Reviewed-on: https://code.wireshark.org/review/33188
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Controlled by a preference (off by default).
Change-Id: If2fafb1d0b94faf4e42c3e9bb4bef010f1a9be0b
Reviewed-on: https://code.wireshark.org/review/33056
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Dissect version 1 and 2 of Audio Streaming General Endpoint descriptor.
Ping-Bug: 15503
Change-Id: I2b9dfdc22db0c75a0e736738c2d6ca72e7f8d9af
Reviewed-on: https://code.wireshark.org/review/33172
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is the new standard in recent Elastic versions.
Fix point (3) of the linked bug.
Bug: 15763
Change-Id: I64ef085c2a8ad9d25ced30a337287c8cb77903e4
Reviewed-on: https://code.wireshark.org/review/33112
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Elastic integer fields are:
integer: signed 32 bit
long: signed 64 bit
Fix values in mapping. uint64 is not handled by elastic, but still
mapped on 'long'.
Fix point (2) of the linked bug.
Bug: 15763
Change-Id: I14afa1cb7fcb6ad98d44707a8b506420e29ceb83
Reviewed-on: https://code.wireshark.org/review/33109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Each MIDI Event creates its own protocol tree and thus the generic USB
Audio tree is not needed.
Ping-Bug: 15503
Change-Id: I83ab01e340fce72e8ab824a2ee77ae37c033daae
Reviewed-on: https://code.wireshark.org/review/33160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is especially useful when there are multiple USB Midi Events in frame.
Ping-Bug: 15503
Change-Id: I92ab73d5ff33f5a227f4433ba22792ca791e38e7
Reviewed-on: https://code.wireshark.org/review/33159
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extend audio conversation info to include the major version of USB MIDI.
The major version in Audio Control header can be different than the
major version in MIDI Streaming header.
Ping-Bug: 15503
Change-Id: I7ef7c15b4fcab21cfaf380f46085a1a3a13021b5
Reviewed-on: https://code.wireshark.org/review/33168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prior to this change the MIDI Streaming descriptors were labeled as
UNKNOWN DESCRIPTOR.
Actual contents of MIDI Streaming descriptors are not dissected yet.
Ping-Bug: 15503
Change-Id: Ie55431bd89a09770ed832d7d0838eb8c2268d531
Reviewed-on: https://code.wireshark.org/review/33161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Internal support of libspeexdsp has been removed in favour of system
one in g186f985793. Add it to the list of optional debian packages.
Change-Id: Ie15c367c2a113349614351da8bbcc26ef6353028
Reviewed-on: https://code.wireshark.org/review/33180
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Have separate expert info items for the PDU length field being too
short, the PDU length field being too long, a CLV being too short, and a
CLV being too long.
Do the PDU length checks when we add the PDU length field, and add the
expert infos to the length item; remember the results of the checks for
future use.
Use DISSECTOR_ASSERT for the tests in osi_check_and_get_checksum() that
make sure the checksum field is contained within the data to be
checksummed, so that's reported as a dissector bug to the user.
That means that osi_check_and_get_checksum() only returns FALSE if we
don't have all the data available to checksum; that already gets
reported as an indication that the checksum is unverified, so we don't
need to put confusing and misleading expert infos about the PDU
length - whatever PDU length errors need to be reported have already
been reported, as per the above.
Make expert info names more consistent, and fix one expert info variable
name.
Make the length argument to isis_dissect_clvs() unsigned.
Clean up white space.
Change-Id: I0ce799c766dc427602d155c5b48099df8bf51c67
Reviewed-on: https://code.wireshark.org/review/33179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The length variable is the length of the value, not the length of the
entire CLV, so there's no need to subtract the length of the C and the
L from the length - it covers just the V.
Change-Id: I711657e4e0b76e2aac9d58efd88f45201b9c2c5b
Reviewed-on: https://code.wireshark.org/review/33174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When composing the error string to return to the UAT handling,
the proto name string is already free'd. Reverse the two calls
so that the string is free'd _after_ the error string composition.
Change-Id: I11615c07f6b00e59007e0c85c84283d486cc478c
Reviewed-on: https://code.wireshark.org/review/33167
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pytest-3 is the executable name on the docker image (ubuntu derivated).
Remove pip and pytest installation while here, since they're
provided by the docker image.
Change-Id: Iad2e9cafc42cd1e83b2868126abb91d5ee7bbd92
Reviewed-on: https://code.wireshark.org/review/33145
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Rename a variable to reflect the final name given to the option to get
rid of decryption secrets stored in the file.
Fix whitespace.
Change-Id: I19ea14fa205369500790adaa00244a15412548eb
Reviewed-on: https://code.wireshark.org/review/33154
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If the purported first tuple has a net of 0, it's a 3-octet version
indicator, not a tuple containing route information; the third octet is
a version number. Display the version number and skip it before
displaying the tuples.
If the first tuple is an extended network tuple, the sixth octet is a
version number; display it as such.
Change-Id: I7ffb8b9df025dd75eb43eba24a37ce6bd26e8019
Reviewed-on: https://code.wireshark.org/review/33152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The BSSMAP LCLS GCR field is specified in 3GPP TS 29.205, which
in turn was originally created to augment the ITU-T Q.190x BICC
with Mobile specific information elements. Let's add the latter
decoding function as a new packet-bicc_mst.c, so it can be used
also from other dissectors. For example, GSM MAP also includes
GCRs and hence should be modified to use this new decoder.
Change-Id: I247d2ccd2d16e996f4fe5d5952ba8a4091a4ffd0
Reviewed-on: https://code.wireshark.org/review/33117
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is achieved by calling the respective dissector functions
from other dissectors, which requires them to be exported.
Change-Id: Ifd01da8e5ff4ac3f3f3179b842e3a7223629b234
Reviewed-on: https://code.wireshark.org/review/33121
Reviewed-by: fixeria <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The Osmocom GSUP protocol was recently extended with additional
message types and information elements to support the use case
at the GSM "E Interface", which is the signaling interface between two
MSCs during Inter-MSC-Handover procedures.
This patch adds the bulk of the E interface decoding, leaving only
the dissection of RR/BSSAP/SM cause values for follow-up patches,
as this requires modifications to those respective dissectors.
Change-Id: I0ef2fe4eac108de6804ede152cddac8551d4918e
Reviewed-on: https://code.wireshark.org/review/33120
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>