Pull the value-formatting code in proto_custom_set into
proto_item_fill_display_label. Use that in FieldInformation::toString
instead of fvalue_to_string_repr. Fixes#16911.
Add support internally to using iconv (always present with glib) to convert
strings from various encodings to UTF-8 (using REPLACEMENT CHARACTER as
recommended), and use that to support GB 18030 and EUC-KR. Replace call
directly to iconv in ANSI 637 for EUC-KR to new API. Update comments
and documentation around character encodings. It is possible to replace
the calls to iconv with an internal decoder later. Tested on Linux and
on Windows (including with illegal characters). Closes#16630.
Implement the Unicode Standard "best practices" for replacing ill-formed
sequences with the Unicode REPLACEMENT CHARACTER. Add wmem_strbuf_append_len
for appending strings with embedded null characters. Clarify why
wmem_strbuf_grow() doesn't always ensure that there's enough room for
a new string, and short-circuit some tests there. Related to #14948
Add an encoding for "unpacked" 3GPP TS 23.038 7-bit strings, in which
each code position is in a byte of its own, rather than with the code
positions packed into 7 bits. Rename the packed encoding to explicitly
indicate that it's packed.
Add an encoding for ETSI TS 102 221 Annex A strings.
Use the new encodings.
Change-Id: I2fad824ca417dcd089fabfdf06f28529c7ee9e87
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37949
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There cases where we may want to pre-allocate some memory before
appending all the fields.
Change-Id: Ic46e83733d4338dbda45b2ca3ff2d533c5b44026
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/38122
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
format_text(alloc, string, strlen(string)) is a common idiom; provide
format_text_string(), which does the strlen(string) for you. (Any
string used in a %s to set the text of a protocol tree item, if it was
directly extracted from the packet, should be run through a format_text
routine, to ensure that it's valid UTF-8 and that control characters are
handled correctly.)
Update comments while we're at it.
Change-Id: Ia8549efa1c96510ffce97178ed4ff7be4b02eb6e
Reviewed-on: https://code.wireshark.org/review/38202
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
'check_tfs.py --common' can look for tfs values that appear multiple times.
Current output prior to these dssector changes was:
('No Extension', 'Extension') appears 3 times in: ['epan/dissectors/packet-bssap.c', 'epan/dissectors/packet-camel.c', 'epan/dissectors/packet-gsm_map.c']
('Optimised for signalling traffic', 'Not optimised for signalling traffic') appears 3 times in: ['epan/dissectors/packet-gsm_a_gm.c', 'epan/dissectors/packet-gsm_map.c', 'epan/dissectors/packet-gtp.c']
('Data PDU', 'Control PDU') appears 3 times in: ['epan/dissectors/packet-pdcp-lte.c', 'epan/dissectors/packet-pdcp-nr.c', 'epan/dissectors/packet-rlc-nr.c']
('Message sent to originating side', 'Message sent from originating side') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
('User', 'Provider') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
The first and last ones were made common, the others seem a little too specialised.
Checking some of the existing items in tfs.c (using QtCreator's 'Find Usages'),
some of the common items are used a lot, but many of them are not referenced.
Change-Id: Ia4006d2c4fa7cafbc3b004dc7a367a986dbeb0c4
Reviewed-on: https://code.wireshark.org/review/38177
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Export proto_item_set_bits_offset_len and fix
In file included from ../epan/dfilter/dfilter.h:18:
../epan/proto.h:1113:11: warning: parameter 'bits_offset' is already documented [-Wdocumentation]
* @param bits_offset The new length in bits.
^~~~~~~~~~~
../epan/proto.h:1112:5: note: previous documentation
* @param bits_offset The number of bits from the beginning of the field.
^ ~~~~~~~~~~~
Change-Id: Ib171ce38607b9656baea5eb7a3e6aee3b99ddbac
Reviewed-on: https://code.wireshark.org/review/38115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The decode_as_list is built at startup and contains all protocols
registered for "decode as". Do not clear this list on profile change,
only on exit.
Bug: 16635
Change-Id: I832a042327603ae0f01b10ab620fccc03d4fd3a3
Reviewed-on: https://code.wireshark.org/review/37579
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The LUA API provides the "set_color_filter_slot" function, but without
a corresponding "get_" function, it's very hard for two LUA dissectors
to co-exist without one overwriting any color filters set by the other.
It also looks like the documentation comment for
"set_color_filter_slot" had an off-by-one error, which I've corrected
as I was adding almost identical documentation for the new API.
Change-Id: Ic54d23be555ec12e1830bbe6f84a1b04d04fd4f0
Reviewed-on: https://code.wireshark.org/review/37511
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove some unused defines, function parameters and functions.
Change-Id: I1bbc3ff7e0a9d11e8521ddf24b35113d8e332f08
Reviewed-on: https://code.wireshark.org/review/37305
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.
Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).
Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add convenience routines for getting and setting a per-protocol,
per-packet depth value, which can be used to limit recursion, nesting,
cycling, etc. Use them in the BACapp, DAAP, Mongo, VLAN, and WBXML
dissectors.
Change-Id: I172514828169253ae7fcf9162c9d7eeb3041ff9c
Reviewed-on: https://code.wireshark.org/review/36846
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Switch list of manually resolved names from a list to a map
(IP Address --> Custom Hostname)
2. If an address was already in the list, just update the old entry.
Previously this added a new entry anytime somebody would edit a
hostname.
3. Display the previous hostname in the GUI
4. Remove unused manually_resolve_cleanup()
Bug: 11221
Change-Id: I42d5b6267eb6613bdf7783865bc2d30d6bda1147
Reviewed-on: https://code.wireshark.org/review/36059
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Two enhancements and one fixed bug:
1. Add dissecting protobuf fields as wireshark (header) fields preferences. User
can input the full names of protobuf fields or messages in Filter toolbar for
searching.
2. Add 'protobuf_field' dissector table. Dissector based on protobuf can register
itself to 'protobuf_field' keyed with the full names of fields of BYETS or STRING
types.
3. A bug about search MESSAGE or ENUM type in context is fixed.
4. Another small enhancement is adding prefs_set_preference_effect_fields() which
can mark a preference that affects fields change (triggering FieldsChanged event).
See the linked bug for sample capture file and .proto files.
Ping-Bug: 16209
Change-Id: Ibc3c45a6d596a8bb983b0d847dd6a22801af7e04
Reviewed-on: https://code.wireshark.org/review/35111
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's a "wmem version" of format_size (from wsutil/str_util.h).
Also improved the flexibility in formatting of format_size() to handle future
needs of format_size_wmem
Ping-Bug: 15360
Change-Id: Id9977bbd7ec29375bbac955f685d46e75b0cef2c
Reviewed-on: https://code.wireshark.org/review/31233
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a ProtoField object was created, but not linked to a Proto, then the
strings field and all elements (depending on type) would leak.
This is a follow-up to g79fef2ae and fixes the real issue in g44870fb1.
Change-Id: I01880a92bb20fae45f68c754b07daeb07630deec
Reviewed-on: https://code.wireshark.org/review/34872
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
1. Add show_details preferences. Disable it will hidden names of
message/field/enum, field number, and other details.
2. Have only one popup message with all the errors listed,
that are found during parsing .proto files. (Buffer errors and print once)
Loading .proto files and checking message types of UDP port will
be done only when protobuf dissector has been called.
3. Support parsing .proto files in legacy MAC file format
(that newline is '\r') or mixed newline (\r + \n) file format.
Change-Id: I97bcde000957e4cd1cce98a7f61120d03027423e
Reviewed-on: https://code.wireshark.org/review/34736
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The QUIC transport protocol provides a stream, similar to HTTP/2. Make
it possible to look at the stream contents. This can be helpful while
HTTP/3 support is not yet complete.
Known issues that will be addressed in the future:
- If a single packet contains multiple streams, then Follow QUIC Stream
will wrongly include data from streams other than the selected one.
This is tracked by bug 16093 and affects HTTP/2 as well.
- The Substream index menu does not properly filter for available
stream numbers. If a non-existing stream is selected, then changing
to another (potentially valid) index results in the "Capture file
invalid." error. As workaround, clear the display filter first.
- Follow Stream always selects Stream ID 0 instead of the first or
currently selected stream field in a packet. Users should manually
update the stream index as needed.
Change-Id: I5866be380d58c96f0a71a29abdbd1be20ae3534a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/34694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add "native" support for the "zig-zag" version of a varint in proto.[ch] and
tvbuff.[ch]. Convert the use of varint in the KAFKA dissector to use the (new)
"native" API.
Ping-Bug: 15988
Change-Id: Ia83569203877df8c780f4f182916ed6327d0ec6c
Reviewed-on: https://code.wireshark.org/review/34386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A few dissectors need the functionality of adding a time field to a proto_tree
while also needing the "time to string" value (typically to show on a tree above).
The functionality to do "get value from tvb and convert to string" was being done
in packet-ntp.c.
Instead proto_tree_add_item_ret_time_string can be used with various encoding to
get the necessary functionality with less code duplication.
ENC_TIME_MIP6 was added as a result of the refactoring.
ABSOLUTE_TIME_NTP_UTC was added as another potential "base" type for time fields.
Change-Id: Ie460c33370b0af59ef60bdab893ce9d6eb23b94f
Reviewed-on: https://code.wireshark.org/review/34390
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For use by EAP-TTLS which embeds TLS.
Change-Id: I4770d03f912dd75f92878dd74ad830ebb7eb1431
Reviewed-on: https://code.wireshark.org/review/34311
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those functions are defined as inline in proto.h and are not exported
functions. The change g76e227bcef had an impact on this check and now
they are flagged as missing. Let's remove them.
Bug: 15944
Change-Id: I58a0bd41283ce20aa7441ca08173e3d8d469a0ec
Reviewed-on: https://code.wireshark.org/review/34088
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
That's what the remaining calls to tvb_get_nstringz() and
tvb_get_nstringz0() are being used to do, even though those routines
were not intended for that purpose - the calls are extracting from a
text protcool, meaning that the strings are *not* null-terminate in the
packet.
Strings - even null-terminated ones - should, in almost all cases, be
extracted by tvb_get_string_enc() or routines that call it, so that an
encoding is specified. In the few cases where we're fetching strings
only to be compared to ASCII constants, or to parse as numbers, we can
get away with this.
Change-Id: I29f0532902c4ade2207de7f06db69c32eafd4132
Reviewed-on: https://code.wireshark.org/review/34072
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a simple helper function to get the dissector handle that's
currently selected in a given payload dissector table.
We have similar functions already for string and uint dissector tables.
Change-Id: Ia1092fe2b8d038bae2b26db99fd08cd9d6979fcd
Reviewed-on: https://code.wireshark.org/review/33933
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The contents of the Symbol Proprietary TLV was assumbed to be the same
as the Vendor Specific TLV. This proved not to be the case, at least for
Zebra Extreme networks nodes. This change implements the dissection of
the format as defined in the bug.
Bug: 15909
Change-Id: I4c14dde386d33302d187680f9f09f8b5bb1ef213
Reviewed-on: https://code.wireshark.org/review/34023
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The latest iteration of Microsoft updates to SMB3 added compression to
the protocol. This commit implements decompressing and dissecting
compressed payloads.
The compression algorithms that can be used are "Plain LZ77",
"LZ77+Huffman" and "LZNT1" which you can read more about in the
[MS-XCA] documentation. This set of algorithm is sometimes referred to
as XPRESS.
This commit reuses the existing uncompression API scheme already in
place with zlib and brotli and adds 3 tvb_uncompress_*() function
implemented in:
* epan/tvbuff_lz77.c
* epan/tvbuff_lz77huff.c
* epan/tvbuff_lznt1.c
A new function wmem_array_try_index() was added to the wmem_array API
to make bound checked reads that fail gracefully. New tests for it
have been added as well.
Since both reads (tvb) and writes (wmem_array) are bound checked the
risk for buffer overruns is drastically reduced. LZ77+Huffman has
decoding tables and special care was taken to bound check these.
Simplified versions of the implementations were succesfully tested
against AFL (American Fuzzy Lop) for ~150 millions executions each.
The SMB2/3 dissector was changed to deal with the new transform header
for compressed packets (new protocol_id value) and READ request
flags (COMPRESSED). Badly compressed or encrypted packets are now
reported as such, and the decryption test suite was changed to reflect
that.
This commit also adds a test capture with 1 packet compressed with
each algorithm as returned by Windows Server 2019, along with 3
matching tests in test/suite_dissection.py
Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7
Reviewed-on: https://code.wireshark.org/review/33855
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The "Basic code table" in ISO 646 is mostly ASCII, but some code points
either 1) have more than one glyph that can be assigned to them or 2)
have no glyph assigned to them. National versions choose one of the two
glyphs for the code points in group 1) and assign specific glyphs to the
code points in group 2); the International Reference Version assigns the
same glyphs to those code points as does ASCII.
For the "Basic code table" encoding, we map the code points in groups 1)
and 2) to a REPLACEMENT CHARACTER; additional encodings can be added for
the national versions.
Add ENC_ISO_646_IRV (International Reference Version) as an alias for
ENC_ASCII.
Expand some comments, and add some comments, while we're at it.
Change-Id: I4f1b5e426ec193775e919731c5cae1224dc65115
Reviewed-on: https://code.wireshark.org/review/33941
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, even if we're not building a protocol tree, so that you don't
get protocol tree items, you can get the display string, e.g. to use in
a column.
Replace the use of the "get display string" routines with calls to those
routines.
Change-Id: I23e3e88838bdf837d8660c271f78c79b7d1c5620
Reviewed-on: https://code.wireshark.org/review/33519
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a BASE_SHOW_ASCII_PRINTABLE flag for the "display" field, to use
with FT_BYTES and FT_UINT_BYTES fields; it specifies that, if the field
consists solely of printable ASCII characters, its value be displayed as
a string, in quotes. Have a routine hfinfo_format_bytes() to do that
formatting, depending on the display field value.
Add routines to fetch the display value of string and
FT_BYTES/FT_UINT_BYTES fields; for strings, it's the result of
hfinfo_format_text(), and for byte arrays, it's the result of
hfinfo_format_bytes().
Use BASE_SHOW_ASCII_PRINTABLE for extended attribute data in SMB and
SMB2. Use the routines in question for extended attribute names
(string) and data (bytes). That keeps us from displaying non-text
extended attribute data as if it were text.
Document BASE_SHOW_ASCII_PRINTABLE.
Change-Id: I24dcf459c14f00985e4daaf9b58f5933964eabd8
Reviewed-on: https://code.wireshark.org/review/33517
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This requires some special hackery, including a new packet-ber.c
routine, as those strings are just OCTET STRINGs, not UTF8Strings.
Change-Id: I776ed47f7400eba366a630b60b94be3397f7b45f
Reviewed-on: https://code.wireshark.org/review/33403
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Anders Broman
Pau Espin