Rework Application Layer fragment reassembly to handle
out of order fragments (seen over UDP).
Change-Id: Ifd2bffba30f0a419a5f82ea6b9d2d221f7d6d276
Reviewed-on: https://code.wireshark.org/review/19947
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Change-Id: I85535dfdb7b064ba81f44ed08c3b1e84e7204e9e
Reviewed-on: https://code.wireshark.org/review/19954
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Decodes the options and meta length fields added with LWW for
{set,del}_with_meta request commands.
Decodes get_meta responses extra field.
Please see https://issues.couchbase.com/browse/MB-22003
Change-Id: Ie5205e8188a32d59145c4f9c499b16c7a7997274
Reviewed-on: https://code.wireshark.org/review/19928
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
* It must be multiple of 4 Octets otherwise NULL padding should be there
Change-Id: I7563b0407bd70d1f0b7aac8597ce3a757a08925e
Reviewed-on: https://code.wireshark.org/review/19893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for the NFSV4.2 mode_umask attribute which will be initially
supported by Linux v4.10.
Change-Id: Id98e20cd0ed93bf7ad9b2246e9e05299f3d7a9fc
Reviewed-on: https://code.wireshark.org/review/19921
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Being able to override (set) the application data dissector without
hacks (RSA keys dialog) would be nice. Modelled after
v2.3.0rc0-481-gafa2605e43 ("Support Decode As for {SSL,TLS}-over-TCP.")
Change-Id: Ic4c5ca55e8f20ad599c41c1df58b24f3bced2281
Reviewed-on: https://code.wireshark.org/review/19869
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I0de1c332a6052c20f6afbe1e51dfb14e18485891
Reviewed-on: https://code.wireshark.org/review/19899
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Many of the register_init_routine/register_cleanup_routine functions
are for initializing and cleaning up a GHashtable.
wmem_map_new_autoreset can do that automatically, so convert many
of the simple cases.
Change-Id: I93e1f435845fd5a5e5286487e9f0092fae052f3e
Reviewed-on: https://code.wireshark.org/review/19912
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I87d842e3efe9f82eaaab81347dfb79d6c0932792
Reviewed-on: https://code.wireshark.org/review/19491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"decoder->flow" could result in a NULL pointer dereference if a null
cipher was in use (caught by Clang static analyzer).
Answering the questions:
- DTLS records fragments do not need to be reassembled, thus there is no
flow. The Handshake messages have their own fragment_offset field and
thus there is no need to maintain an extra flow.
- Actually one datagram can contain multiple records (RFC 6347, 4.1.1),
but this is not implemented yet. The key can however not be "0"
though, it must match the offsets from ssl_get_record_info.
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Change-Id: Iac367a68a2936559cd5d557f877c5598114cadca
Reviewed-on: https://code.wireshark.org/review/19892
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Current code is not able to detect missing mandatory information elements
because the macro will return once the end of the payload is reached.
Remove this check from all mandatory IE macros, and put it at the beginning
of optional IE ones. It should allow to detect any missing mandatory IE
while still stopping message dissection in case optional IEs are not
present.
Change-Id: Ie820740e25c1d03ee3462fa4a913c3a7870fcc2d
Reviewed-on: https://code.wireshark.org/review/19816
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissection of all new HCI command/events related with
Bluetooh 5.0 feature 'PHY update - LE 2M and LE Coded'
Change-Id: I212cb368d3295ba36eb0ca34329df566cae1611b
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19849
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
"default" frame information sets no retransmission or more fragments.
Bug: 13015
Change-Id: I1c8a29fe06d0b38abc789c8e454dc484490186f9
Reviewed-on: https://code.wireshark.org/review/19891
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iec574db8c28d2e02136e6c4119e5688b21112299
Reviewed-on: https://code.wireshark.org/review/19889
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Per the Nasdaq TotalView-ITCH v2/3 protocol specifications the
NASDAQ-ITCH dissector needs be able to dissect a MoldUDP payload.
Change-Id: Id5194930025a9abdfb1663234233fd51e525a34b
Reviewed-on: https://code.wireshark.org/review/19847
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Shutdown communication is now also allowed on Admin Reset NOTIFICATION messages:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-idr-shutdown-04.txt
Change-Id: I6450d3d5de5aef4bd709ba2b211ca717784b00a7
Reviewed-on: https://code.wireshark.org/review/19886
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I1b7dd1835fe60852b8c90f0ce5e240813cad89d1
Reviewed-on: https://code.wireshark.org/review/15574
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic6de84a37b501e9c62a7d37071b2b081a1a1dd50
Reviewed-on: https://code.wireshark.org/review/19885
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Document structure, did not put much effort in there as the format is
subject to change (untested, no pcap available).
Change-Id: I2da8c4e005d65314158d038bc0af7411773d8fba
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19865
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.3.1
Change-Id: I35e049d991be4c242ef2b84db3a322c6a13d2f96
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19860
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Extract the content type and handle padding per
https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5.2
When TLS 1.3 is detected, rename the "Content Type" field to "Opaque
[Content] Type" and add a new generated field for the content type that
was extracted from the decrypted contents.
Change-Id: I149a5d7e2493dded6e2c0190e170fa350f76466e
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19859
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Note that RPK (RFC 7250) is not well-defined and is left untouched.
https://github.com/tlswg/tls13-spec/issues/722
Certificate extensions dissections remains a task for later.
Change-Id: I62276e59db94429e4c09058aca3c08f390ec3af7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19864
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
digitally-signed is gone in TLS 1.3. ClientKeyExchange/ServerKeyExchange
are gone, so effectively modifying this function is good enough to cover
CertificateVerify dissection (ssl_dissect_hnd_cli_cert_verify).
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#page-58
Change-Id: I07f621bc088d810a3f35343bec7a0a3303b1426b
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19866
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's only use is in dissectors or other tree creation APIs (where
packet scope is valid), so have it use format_text_wmem with
wmem_packet_scope().
Change-Id: I1f34e284a870c9844c6b27f4ae08a1e7efe54098
Reviewed-on: https://code.wireshark.org/review/19883
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte