This corrects a couple issues with the DNP3 Dissector:
- Refactored Read Object String lookups to use value_string
- Corrected issue with multiple object types in a single read not being processed
- Added processing for Direct Operate No ACK Messages
Fixes issues noted in Bug 9839
Change-Id: I9895e509a8d3931c805ce53b718a4951f8f8039e
Reviewed-on: https://code.wireshark.org/review/538
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When there is more then one interface or adapter then AVDTP dissector
incorrectly mixing it data together. Patch extends keys to support
multiple interfaces/adapters. Also do little simplification on trees.
There are two device, both use SEPs to configuration and
it is possible to use the same SEID. SetConfiguration use
remote "ACP" SEID and local "INT" SEID, so there is need to
distinguish them and please remember then INT SEID types can be
unknown in most case.
Change-Id: I150f3625f532386a1078deb8d0ac70a1c05c3f04
Reviewed-on: https://code.wireshark.org/review/473
Reviewed-by: Evan Huus <eapache@gmail.com>
When a single media line is rejected in an SDP answer, for example a second
'm=video' line, wireshark disables ALL media sessions, instead of just that
one. But per the RFCs, all it should do is disable just the one RTP media
session the m= line represents. This commit fixes that, so that a disabled
media session (one with a m= port of 0) in the SDP answer only disables its
associated/paired media stream in the offer.
Change-Id: I9bd0d3fc88b8eaa55207c9bf3f3e37da7746fd14
Reviewed-on: https://code.wireshark.org/review/526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
LE Advertising Report with length 0 is valid, so check
it before dissecting adverising data.
Change-Id: I4937ec2de5d703b05c6e5f5bac7f81d153e49b40
Reviewed-on: https://code.wireshark.org/review/475
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib8779b0db790a78fff8bd1970a7240bbd8f49f75
Reviewed-on: https://code.wireshark.org/review/537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Opening Capture Options dialog on low resolution displays (e.g. 1366x768) in GNOME-shell makes user unable to see the bottom of the dialog
Change-Id: Icc39d5ca89f98edb3ff246cd23ab9663a3dfbd1e
Reviewed-on: https://code.wireshark.org/review/453
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I397eeed3008d91aeb6c025c9146b9ed6d98881a6
Reviewed-on: https://code.wireshark.org/review/535
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
QObject::connect: No such signal WiresharkApplication::openCaptureFile(QString&,QString&,unsigned int) in main.cpp:502
QObject::connect: (receiver name: 'MainWindow')
Change-Id: I0d6283c1b55619fa6878161d0a74db1ec9107bf2
Reviewed-on: https://code.wireshark.org/review/529
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Source/Destination BD_ADDRs and name are filterable.
Also simplify code around wmem trees, and enable commented "data"
field in unreassembled case and fix btl2cap offsets
(discovered by enabling "data" field).
Change-Id: Ic28c9bf19bcd6281b652be538b221da74df4bb76
Reviewed-on: https://code.wireshark.org/review/471
Reviewed-by: Evan Huus <eapache@gmail.com>
Interface ID should correspond to the Wireshark Interface Id
to avoid mixing data from various interfaces in dissectors.
Change-Id: Ibaa3ddab7f0ebd0985efea74439b94a5881145a7
Reviewed-on: https://code.wireshark.org/review/472
Reviewed-by: Evan Huus <eapache@gmail.com>
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All it checks is that they don't crash, but this is enough to catch malformed
extended value strings and other oddities.
Change-Id: If853e8e2b19517a784daa4bbb8e41eddc7c7ddd9
Reviewed-on: https://code.wireshark.org/review/520
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Added DCP decoding of reset to factory
removed unused value_strings
corrected decoding of PDSubFrameBlock
most of the length display added a dec_hex display
Signed-off-by: Widok <kellingwido@aol.com>
Change-Id: I17b59b45eff37b65047a7a3e5e275f01a37ee616
Reviewed-on: https://code.wireshark.org/review/517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Now that we have the ability to choose input file format type
in the GUI, we might as well have it in the command-line too.
Plus it would help me in test-stuies if we had a commandline.
So I've added a '-X read_format:Foo' for this. Using just
'-X read_format:', or with a bad name, will make it print out
the full list (in tshark); just like the '-F' does for output
file formats.
Note: I am *not* putting in code for Win32 GUI,
because I can't compile that and I wouldn't have even
done the GTK one if I could compile Qt originally. (I don't think we need
to add any more features to GTK or Win32, just Qt from now on,
right?)
Change-Id: I2fe6481d186f63bd2303b9e591edf397a2e14b64
Reviewed-on: https://code.wireshark.org/review/493
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create a placeholder protocol tree item under which to put the options,
do the analysis of fields from the fixed-length portion of the TCP
header (such as sequence numbers), and then do a straightforward
dissection of the options, throwing an exception if we run past the end
of the options field.
This is a bit simpler, and doesn't add confusing notes about
truncation of the options.
XXX - we're currently not including selective acknowledgments in any of
the SEQ/ACK analysis; should we? That means, of course, that we have to
dissect the options before doing that analysis, and if the options were
cut short by slicing, you lose....
Change-Id: I425a6c83f26512b802267f76739cbf40121b3040
Reviewed-on: https://code.wireshark.org/review/511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The previous macro gave the correct alignment, but there was one case where it
would add a whole block of unnecessary ALIGN_SIZE bytes. The new one is also
slightly faster to compute.
Benchmark win of about 3%.
Change-Id: I5d8bad0f78dc0e383e14c2c7a951328a06400020
Reviewed-on: https://code.wireshark.org/review/492
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been extremely well-tested at this point, and is a very hot code path so
the performance gain is measurable (~1-2% on most captures I tried).
Change-Id: I2f5e03d2f348f56e740bf0dfbc83a4fd9cc8c5a9
Reviewed-on: https://code.wireshark.org/review/499
Reviewed-by: Anders Broman <a.broman58@gmail.com>
label_mark_truncated()
Change-Id: I7ede5f9776d26ebce2ccf427cf6ff5dec56814cd
Reviewed-on: https://code.wireshark.org/review/465
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The content of a YMSG message is a sequence of lines, each one of which
contains a text string (in some ASCII-based encoding) for a key, a
0xc080 separator, and a text string (in some ASCII-based encoding) for a
value. That's not a string in any ASCII-based encoding I know of - 0xc0
0x80 is not, for example, a valid UTF-8 sequence (it's a too-long
sequence for NUL).
This should fix bug 9832:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9832
by avoiding the general "GTK+ on Windows crashes when asked to copy
something that's not valid UTF-8" problem.
Fix some field descriptions while we're at it.
Change-Id: I4084dabc89b0186ecd1a7329452ca2f1cb48f1c0
Reviewed-on: https://code.wireshark.org/review/488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Multiple value string arrays were defined in packet-fcels.h (which was included
in two differnt .c files). Only one of the arrays was actually used in two
different .c files. All the value_string arrays (and most of the #defines)
moved to packet-fcels.c.
- Other:
Use -1 instead of tvb_length() for the length param of several proto_tree_add...() calls.
Add editor modelines.
Change-Id: Idc642caf1c8d62b658147a234d5560b8f2fd0630
Reviewed-on: https://code.wireshark.org/review/479
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Value string arrrays should never be defined in a .h file (especially one
included in multiple .c files).
So: a. The value_string array (and associated #defines) was moved from the .h file
to packet-rtp_events.c
b. A public extended value_string was created in packet-rtp_events.c
and declared as external in packet-rtp_events.h
- Other:
Remove a few unneeded initializers;
Add editor modelines.
Change-Id: Ib580c3e50ab5ce79484c9c6af57f62ca604b57d1
Reviewed-on: https://code.wireshark.org/review/468
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Move setting COL_PROTO & clearing COL_INFO to before a tvb fetch which
could cause an exception;
- Remove some unneeded initializers;
- Fix up some long-lines and whitespace;
- Use a consistent indentation;
- Add editor modelines.
Change-Id: I8a8015a65d5dc581ed02cbd134231481b9f96263
Reviewed-on: https://code.wireshark.org/review/467
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
cbontje