When we set VG_ERR_CNT=1 print the reason.
Change-Id: Icb8f2a1e7074044521873b116fc891cc4be4b204
Reviewed-on: https://code.wireshark.org/review/17287
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This can happen for example is the heuristics changed between the Wireshark
version used to export PDUs, and the one used to open the file.
Instead, call data dissector.
Change-Id: I29f7754f883fd710c3557a610583ef988ca13e43
Reviewed-on: https://code.wireshark.org/review/17280
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Sharon Samuel Enoch
Bug:12780
Change-Id: I94ad5355cdfa4d8cd3915c9e261931ff56dc765b
Reviewed-on: https://code.wireshark.org/review/17272
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Read 4 bytes from the packet instead of 1 because that is the
correct size of the DOI field.
Reference: RFC 2408
Change-Id: I5745363811bb46af307a925d688ec36cfb29984b
Reviewed-on: https://code.wireshark.org/review/17271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Problem is that not all fields of UAT are updated on change (only those
defined in UAT definition with ikev2_uat_flds, specifically pointers to
encr_spec and auth_spec in ike2_decr_data_t were set to NULL.
Fixed by re-setting pointers after update table callback was called.
Also fixed memory leaks after UAT modification.
Bug was partially resolved with change
Ibdab979b5959eb561635cbcb446e17138baca87b
https://code.wireshark.org/review/17078
which eliminated crash, but decryption still didn't work after UAT
modification (DISSECTOR BUG was displayed).
Bug: 12748
Change-Id: I8209edd8e214d62e34b641fdd2e046b9ff4c95eb
Reviewed-on: https://code.wireshark.org/review/17249
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
They follow the same dissection as normal 'Analog Change Report' Responses (FC0)
Change-Id: I854084f43fd0cc52ba02b6f1e760a63033ab48dd
Reviewed-on: https://code.wireshark.org/review/17270
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
We now check much earlier for an invalid message length; remove the
check done afterwards.
Also, note that dissect_netlink_error() should also check the message
length, to make sure it doesn't run past the end of the message, and
indicate why we are assuming an "integer" is 4 bytes (it's because the
RFC is vague here).
Change-Id: Ie0b5074acc852cdeaa008fee1125130a6c8771a1
Reviewed-on: https://code.wireshark.org/review/17279
Reviewed-by: Guy Harris <guy@alum.mit.edu>
0 would cause an infinite loop. and any value < 16 is clearly wrong, so
if we see such a packet, just show the header's length field and stop
dissecting.
Bug: 12776
Change-Id: Iefc56b26b83ff5424968d065bdb9fa84a7a65481
Reviewed-on: https://code.wireshark.org/review/17277
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Msg3 PUSCH narrowband index parameter depends on the UL bandwidth
Change-Id: Ib57c85ffbd4c108e9c8f3d14fa53a48f0df1b0e6
Reviewed-on: https://code.wireshark.org/review/17274
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
doc/idl2deb.pod is licensed explicitly under GPL-2+ it is just
not recognized by the check.
Change-Id: Iabc7ee6bd6fe9080d6cdd28a29bb4c5f97b0ece9
Reviewed-on: https://code.wireshark.org/review/17268
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch shows the Information Elements (IE) defined by the
IEEE802.15.4. It dissects the information of those IE which are used
by the IETF WG 6tisch and announces the others. Here the list of the
fully dissected ones:
- For the header IEs:
- Time Correction.
- Header Termination 1.
- Header Termination 2.
- For the payload IEs:
- MLME:
- Nested Shorts:
- TSCH Synchronization IE.
- TSCH Timeslot IE.
- TSCH Slotframe and Link IE.
- Nested Longs:
- Channel Hopping IE.
- Payload Termination IE.
For the rest of the IEs defined in the standart, this patch shows them
but does not analyze their inner fields.
References:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal/
IEEE Standard for Low-Rate Wireless Personal Area Networks (WPANs).
Change-Id: I45292315fa532f08be6a218eb5756284a22eeee4
Reviewed-on: https://code.wireshark.org/review/16671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN with WIRESHARK_DEBUG_WMEM_OVERRIDE=simple set.
Manually inspection of all type casts to decrypt_data_t and
ikev2_decrypt_data_t showed no other users that do not check
isakmp_version first.
Change-Id: If889afff85a20e31222d33cbea8db3a91a77f389
Reviewed-on: https://code.wireshark.org/review/17246
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michał Skalski <mskalski13@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Return a value length of 0 if there's no parameter value.
(And don't return anything if the pointers through which we return them
are null.)
If no value is present, return NULL from ws_find_media_type_parameter().
Change-Id: I32b57623d7651bcf065af5b81f2390a600988b21
Reviewed-on: https://code.wireshark.org/review/17255
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Backslash, in a quoted-string, escapes quotes (and any other characters,
although the only ones that *need* escaping are a double-quote and a
backslash).
This means that the value of a parameter isn't just the raw characters
from the parameters string; for a quoted string, it needs to be
un-escaped, and for a *non*-quoted string, it has to stop at the first
non-token character (you can put comments in). So
ws_find_media_type_parameter() must return an allocated string with the
actual value.
Get rid of index_of_char(); it doesn't do anything that strchr() does.
Change-Id: I36328ea71c28fe6ac4918a8e73c281a25f6be844
Reviewed-on: https://code.wireshark.org/review/17251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update to reflect current reality. Still needs a lot of work.
Change-Id: Id6bb12f5e8ca42bbadc237f148bb388b54a321e2
Reviewed-on: https://code.wireshark.org/review/17247
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Some symbols are marked as appearing in 2.2 intentionally,
because they are cherry-picked to master-2.2.
Change-Id: Ia7807b3bddab0a069812f56c1be2eca8bf7d1cd4
Reviewed-on: https://code.wireshark.org/review/17232
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The symbols exported from libs should use less generic. preferably
prefixed names to avoid name collisions with other shared library
symbols.
Change-Id: I8323b3e194a7ee4d61baec0c007342fab6cbde84
Reviewed-on: https://code.wireshark.org/review/17229
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Variable "channels_per_frame" could have caused a division by 0.
This is now changed, by stopping dissection in this case. A warning is
shown for this case.
Change-Id: I6d4dcb91b833a7d7f0759e28f56950b94ab1ed7e
Reviewed-on: https://code.wireshark.org/review/17228
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iea7c8d24f52cf8bd11e13a53853e11ec1ecdcd36
Reviewed-on: https://code.wireshark.org/review/17058
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The array is an array of guint8 *'s that point to strings;
wmem_array_index() doesn't return a pointer to the string, it returns a
pointer to a pointer to the string, and you have to dereference the
result of the wmem_array_index() call to get a pointer to the string.
Change-Id: I8c7b3320f0979b01383ad255419c21cdeb7df4c7
Reviewed-on: https://code.wireshark.org/review/17221
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Looking up "text/xml" in the "media_type" dissector is somewhat of a
long-way-around way of finding the XML dissector; just look for it by
name.
Change-Id: Ifafeabc563bf7bfa529bc44ba31bf6ae376a09c8
Reviewed-on: https://code.wireshark.org/review/17219
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This gets complicated, because those subdissectors might be called by
other dissectors as well. We need a better way of passing that sort of
out-of-bound information.
Pull some routines used for processing Content-Type parameters into
common code; we can't guarantee that the media parameters passed in
would be writable (passing it as *the* data hid that; passing a
structure with that *and* the HTTP message type revealed it), so don't
convert it to lower-case in place.
Use that information, if available, to determine whether an IPP message
is a requet or a response.
Change-Id: I4bccc9f05cd0b14ad445be7ab37b3d884d841325
Reviewed-on: https://code.wireshark.org/review/17216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ping-Bug:12674
Change-Id: If67920246a9122dc693a71a4afcea212fb7f84ab
Reviewed-on: https://code.wireshark.org/review/17108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the following lines at the top of "Ethernet.txt" are anything to go
by
----
$Revision: 2.83 $
$Date: 1999/03/09 11:36:19 $
$Author: map $
$Id: Ethernet.txt,v 2.83 1999/03/09 11:36:19 map Exp $
----
we've been fetching the same list over and over for quite some time. Go
ahead and merge the CaveBear list with manuf.tmpl and stop fetching it
remotely.
Fixup the way we split the lines we get from the IEEE while we're here,
otherwise we log carriage returns in the middle of lines.
The following CaveBear lines were skipped during the merge:
Change-Id: I2110a7480a01a1bc5cbb6adf858acd9b5f75204c
00:00:10 - Skipping CaveBear "Hughes LAN Systems (formerly Sytek)" in favor of "Hughes"
00:00:11 - Skipping CaveBear "Tektronix" in favor of "Tektrnix"
00:00:1A - Skipping CaveBear "AMD (?)" in favor of "AMD"
00:00:20 - Skipping CaveBear "DIAB (Data Intdustrier AB)" in favor of "DIAB"
00:00:21 - Skipping CaveBear "SC&C (PAM Soft&Hardware also reported)" in favor of "SC&C"
00:00:24 - Skipping CaveBear "Olicom" in favor of "Olicom"
00:00:3D - Skipping CaveBear "AT&T" in favor of "AT&T"
00:00:46 - Skipping CaveBear "ISC-Bunker Ramo, An Olivetti Company" in favor of "ISC-BR"
00:00:4B - Skipping CaveBear "APT -ICL also reported" in favor of "APT"
00:00:55 - Skipping CaveBear "AT&T" in favor of "AT&T"
00:00:5A - Skipping CaveBear "Xerox 806 (unregistered)" in favor of "SkSchnei # SK (Schneider & Koch in Europe and Syskonnect outside of Europe)"
00:00:62 - Skipping CaveBear "Honeywell" in favor of "Hneywell # Honeywell"
00:00:63 - Skipping CaveBear "Hewlett-Packard LanProbe" in favor of "HP"
00:00:69 - Skipping CaveBear "Concord Communications, Inc (although someone said Silicon Graphics)" in favor of "SGI"
00:00:6B - Skipping CaveBear "MIPS" in favor of "MIPS"
00:00:7A - Skipping CaveBear "Ardent" in favor of "Ardent"
00:00:7D - Skipping CaveBear "Cray Research Superservers,Inc [Also Harris (3M) (old)]" in favor of "Cray"
00:00:A3 - Skipping CaveBear "Network Application Technology (NAT)" in favor of "NAT"
00:00:A5 - Skipping CaveBear "Compatible Systems Corporation" in favor of "CSC"
00:00:A7 - Skipping CaveBear "Network Computing Devices (NCD) X-terminals" in favor of "NCD"
00:00:A9 - Skipping CaveBear "Network Systems" in favor of "NetSys # Network Systems"
00:00:DD - Skipping CaveBear "Gould" in favor of "Gould"
00:00:DE - Skipping CaveBear "Unigraph" in favor of "Unigraph"
00:00:E1 - Skipping CaveBear "Hitachi (laptop built-in)" in favor of "Hitachi"
00:00:F6 - Skipping CaveBear "A.M.C. (Applied Microsystems Corp.)" in favor of "Madge"
00:01:FA - Skipping CaveBear "Compaq (PageMarq printers)" in favor of "Compaq"
00:02:04 - Skipping CaveBear "Novell NE3200" in favor of "Novell"
00:07:01 - Skipping CaveBear "Racal-Datacom" in favor of "Cisco # RACAL-DATACOM"
00:20:85 - Skipping CaveBear "3COM SuperStack II UPS management module" in favor of "3Com"
00:40:0B - Skipping CaveBear "Crescendo (now owned by Cisco)" in favor of "Cresc"
00:40:96 - Skipping CaveBear "Telesystems SLW Inc" in favor of "Aironet # Cisco Systems, Inc."
00:60:B0 - Skipping CaveBear "Hewlett-Packard" in favor of "HP"
00:80:0F - Skipping CaveBear "SMC (Standard Microsystem Corp.)" in favor of "SMC"
00:80:1C - Skipping CaveBear "Cisco" in favor of "Cisco # NEWPORT SYSTEMS SOLUTIONS"
00:80:96 - Skipping CaveBear "HDS (Human Designed Systems) X terminals" in favor of "HDS"
00:80:AD - Skipping CaveBear "CNet Technology Used by Telebit (among others)" in favor of "Telebit"
00:90:B1 - Skipping CaveBear "Cisco" in favor of "Cisco"
00:E0:98 - Skipping CaveBear "Linksys PCMCIA card" in favor of "Trend"
02:07:01 - Skipping CaveBear "Racal-Datacom" in favor of "Interlan # Interlan [now Racal-InterLAN] DEC (UNIBUS or QBUS), Apollo, Cisco"
02:CF:1F - Skipping CaveBear "CMC Masscomp; Silicon Graphics; Prime EXL" in favor of "CMC"
08:00:02 - Skipping CaveBear "3Com (formerly Bridge)" in favor of "3Com"
08:00:03 - Skipping CaveBear "ACC (Advanced Computer Communications)" in favor of "ACC"
08:00:08 - Skipping CaveBear "BBN (Bolt Beranek and Newman, Inc.)" in favor of "BBN"
08:00:09 - Skipping CaveBear "Hewlett-Packard" in favor of "HP"
08:00:1A - Skipping CaveBear "Tiara? (used to have Data General)" in favor of "DataGenl # Data General"
08:00:38 - Skipping CaveBear "Bull" in favor of "Bull"
08:00:3E - Skipping CaveBear "Motorola VME bus processor modules" in favor of "Motorola"
08:00:69 - Skipping CaveBear "Silicon Graphics" in favor of "SGI"
08:00:79 - Skipping CaveBear "Silicon Graphics" in favor of "SGI"
08:00:90 - Skipping CaveBear "Retix, Inc. Bridges" in favor of "Retix"
09:00:6A - Skipping CaveBear "AT&T" in favor of "AT&T"
10:00:90 - Skipping CaveBear "Hewlett-Packard Advisor products" in favor of "HP"
10:00:D4 - Skipping CaveBear "DEC" in favor of "DEC"
3C:00:00 - Skipping CaveBear "3Com dual function (V.34 modem + Ethernet) card" in favor of "3Com"
44:45:53 - Skipping CaveBear "Microsoft (Windows95 internal "adapters")" in favor of "Microsoft"
Reviewed-on: https://code.wireshark.org/review/17212
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There already is "ModbusRTU over UDP", this is the Modbus/TCP format over UDP.
Bug: 12768
Change-Id: I883aa8e88f8a1640459115434be84354e22bb361
Reviewed-on: https://code.wireshark.org/review/17215
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 12770
Change-Id: I5f71072231a752ce6cdedf6f22ce8931a61c39c7
Reviewed-on: https://code.wireshark.org/review/17214
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allows me to see the interface indices in a column.
Change-Id: I0dd31d7ec06eb860e7c80a4273779ec9034ee42d
Reviewed-on: https://code.wireshark.org/review/17193
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I84e3157a9303572dcd3d9ff5df6802c42553e62f
Reviewed-on: https://code.wireshark.org/review/17197
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add OP_COMMAND (2010) and OP_COMMANDREPLY (2011)
Bug:12723
Change-Id: Ib66e7136c7a6589286bbea11db2cff76d689db35
Reviewed-on: https://code.wireshark.org/review/17166
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
See net/netfilter/nfnetlink_log.c, that is the only place that sets
NFULA_PACKET_HDR to struct nfulnl_msg_packet_hdr.
Tested with nflog-ebtables.pcapng from SampleCaptures wiki.
Change-Id: I7e21f8f584f3911b3aa7d0d027ff9624886bef73
Reviewed-on: https://code.wireshark.org/review/17191
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Check if tvb remaining length is greater than expected length.
Bug: 12767
Change-Id: Ia04b559432af417db519cfcfbec06e6010b496bf
Reviewed-on: https://code.wireshark.org/review/17208
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Iac0ef122062f8dc3160e112d76c35a256f8d8c2a
Reviewed-on: https://code.wireshark.org/review/17201
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>