The padding was not part of the size calculation of the last subpayload in a
multiple read/write by index.
Change-Id: Ibbd3ded345352ea1ceaea7b871fc2d1a0e1a6832
Reviewed-on: https://code.wireshark.org/review/22781
Reviewed-by: Christoph Schlosser <christoph@schlosser.xyz>
Reviewed-by: Roland Knall <rknall@gmail.com>
The tree may be NULL, so tree->parent may cause access invalid memory address error
which will report 'Dissector bug ... STATUS_ACCESS_VIOLATION' in info column.
Change-Id: I37d4aca2287e77a046e553221a6a824de60aae9c
Reviewed-on: https://code.wireshark.org/review/22776
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add detection for the modular device flag in POWERLINK.
Change-Id: I3e21eec383f1bdf2fa491d415631cda146a0fdef
Reviewed-on: https://code.wireshark.org/review/22774
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: Id87920c5099553e51cfaa9ab0cb0c41cec6a127b
Reviewed-on: https://code.wireshark.org/review/22767
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Having two distinct logical concepts (OUI and Well Known Address)
concatenated to a single "manuf" file is needlessly obfuscating
the WKA feature.
Have a distinct "wka" file instead and just skip the cat.
Change-Id: I46f53b0015a37331d65f8cfac7cbbd499dd0c5b8
Reviewed-on: https://code.wireshark.org/review/22742
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
media_type_dissector_table is only defined with HAVE_NGHTTP2
Change-Id: I489e04f3d3066f2edf5c656b158c38c3dae84fb6
Reviewed-on: https://code.wireshark.org/review/22760
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change is to limit the number of entries from the NAK message included in the
summary line (and add ellipsis if there are more than will fit).
In addition, add checks to make sure we dont read beyond the end of the
captured packet when parsing NAKs.
Change-Id: I60db4b62d86c05329eb7c79ae1927eeb1b7e11ba
Reviewed-on: https://code.wireshark.org/review/22733
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change Details:
1. Just like HTTP1.1, dissect reassembled http2.data.data according to content-type header value (searching media_type dissector table).
With this feature, we can add new dissector that based HTTP2 (for example application/grpc), or old text/html, image/png, image/jpeg dissectors.
2. Append stream id after frame type on info column, like: HEADERS[1], DATA[1], HEADERS[3], DATA[3]
3. Append request :method and :path inforamtion to info column, like: HEADERS[1]: GET /demo/1.jpg. (and also append :method and :path info to Stream Node in tree)
4. Append response status and reason-phrase to info column, like: HEADERS[1]: 200 OK
One HTTP2 package file's info column will look like:
10.10.10.123 23.13.190.101 Magic
10.10.10.123 23.13.190.101 SETTINGS[0]
10.10.10.123 23.13.190.101 WINDOW_UPDATE[0]
10.10.10.123 23.13.190.101 HEADERS[1]: GET /demo
23.13.190.101 10.10.10.123 SETTINGS[0]
23.13.190.101 10.10.10.123 SETTINGS[0]
10.10.10.123 23.13.190.101 SETTINGS[0]
23.13.190.101 10.10.10.123 HEADERS[1]: 200 OK
23.13.190.101 10.10.10.123 DATA[1], DATA[1], DATA[1], DATA[1] (text/html)
10.10.10.123 23.13.190.101 HEADERS[3]: GET /demo/tile-0.png
10.10.10.123 23.13.190.101 HEADERS[5]: GET /demo/tile-1.png
10.10.10.123 23.13.190.101 HEADERS[7]: GET /demo/tile-2.png
10.10.10.123 23.13.190.101 HEADERS[9]: GET /demo/tile-3.png
10.10.10.123 23.13.190.101 HEADERS[11]: GET /demo/tile-4.png
23.13.190.101 10.10.10.123 SETTINGS[0]
23.13.190.101 10.10.10.123 SETTINGS[0]
10.10.10.123 23.13.190.101 SETTINGS[0]
23.13.190.101 10.10.10.123 HEADERS[5]: 200 OK
23.13.190.101 10.10.10.123 DATA[5]
23.13.190.101 10.10.10.123 HEADERS[7]: 200 OK
23.13.190.101 10.10.10.123 DATA[5], DATA[5] (PNG), DATA[5]
23.13.190.101 10.10.10.123 HEADERS[11]: 200 OK
23.13.190.101 10.10.10.123 DATA[7], DATA[7] (PNG), DATA[11], DATA[11] (PNG)
23.13.190.101 10.10.10.123 HEADERS[3]: 200 OK
23.13.190.101 10.10.10.123 DATA[3], DATA[3] (PNG)
23.13.190.101 10.10.10.123 HEADERS[7]: 200 OK
23.13.190.101 10.10.10.123 DATA[9], DATA[9] (PNG)
Change-Id: I4452dadeeefc49806e3036a44d44b5f5186096b9
Reviewed-on: https://code.wireshark.org/review/22715
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rationale: The IEs are a generic mechanism that allows higher level protocols to
transport additional data in the header and some IDs have already been assigned
to external organisations. Using dissector tables enable looser coupling.
Refactor existing internal IE dissectors to be called via the table as well
based on a suggestion by Michael Mann.
More consistent display and code for Header IEs and Payload IEs.
Change-Id: Ib9c225245fc8dd989200d6ff6aeae8ca5c0f792c
Reviewed-on: https://code.wireshark.org/review/22600
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I74f4d33ad1805bd233190e7cb9ee1610ae628af5
Reviewed-on: https://code.wireshark.org/review/22755
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Version 1.5 was released on 21-nov-2007. RHEL, Suse, etc supported versions
are all above c-ares v1.5.
We don't bother testing for it at build time for now, because it's non-trivial
(times two build systems).
Change-Id: I9253256d8d905da0c75d80b2b0fa4527df2b1420
Reviewed-on: https://code.wireshark.org/review/22741
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add tfs_open_closed to general tfs collection (tfs.[ch])
Change-Id: I79b22b591128c33084489880842e19e9a0d80560
Reviewed-on: https://code.wireshark.org/review/22730
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed get_ipxnet_addr(), get_ether_addr(). If this feature is desired at
a minimum it should use an efficent data structure (and no disk-based
lookups mid-dissection).
Change-Id: Ie72449c631f21f4a3d82ec435bb5e1d7892f122c
Reviewed-on: https://code.wireshark.org/review/22729
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
See ftp://dicom.nema.org/MEDICAL/dicom/2016a/output/chtml/part07/sect_D.3.3.7.html
Bug: 13875
Change-Id: If5b55ef45b1dd7115a2eaf4a3d1a02bc2b1a5b93
Reviewed-on: https://code.wireshark.org/review/22714
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
proto_tree_add_bitmask_with_flags().
Change-Id: If8e9f9956543f253f4f59d8204c9536f444dbcd5
Reviewed-on: https://code.wireshark.org/review/22728
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Note that this is only done if sufficient bytes are captured from the
handshake packet to include the initial sequence number field.
Change-Id: Ie92ec2ccaa5021c07c8666d6fdc46613d24d0da1
Reviewed-on: https://code.wireshark.org/review/22573
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using just client or server as a direction is a source of confusion so made a more
discriptive item
Change-Id: I8675aba555b04f6ae8848cf9e1c720eb4b44b553
Reviewed-on: https://code.wireshark.org/review/22628
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 7710 (https://tools.ietf.org/html/rfc7710#section-2.3) defines
option 37 Captive Portal URI for Router Advertisments.
Change-Id: I257412ef1cf22d47018974cd0ef9000b748d01ac
Reviewed-on: https://code.wireshark.org/review/22703
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
From the AVRCP 1.6.1 spec, page 76, the "Player ID" is two octets.
Also, the Play Status field comes before the Feature Bit Mask.
Change-Id: Ifd0ad82650d395395b16f9441f02b8835befa360
Reviewed-on: https://code.wireshark.org/review/22709
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8972a9a9efef31ab77571f333fb040569fb7de9a
Reviewed-on: https://code.wireshark.org/review/22622
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The length value includes the Type and Length fields. Therefore the
length of the Data field is two bytes smaller.
Change-Id: I93878a016ace083f4e766bee6e16e301d6903967
Reviewed-on: https://code.wireshark.org/review/22702
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We can do so easily because the format is so simple. This makes it
more convenient for a user to hand-edit a dictionary in the personal
config folder. We still use tabs in the system file for a small space
gain.
Also add a brief description of the format as a comment.
Change-Id: If3f741bff16f1f42c8ef07d643dc6463caaad1a5
Reviewed-on: https://code.wireshark.org/review/22678
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alarm Code now correctly displayed as a byte
Missing ZCL status codes from ZCL 6 and ZCL 7 have been added
Input and Output Cluster Lists now displayed in hex as they are everywhere else
The term Device is no longer used, instead Nwk Addr and Address are used as applicable
Change-Id: I552f4b64974bf44088a1c8f90d44e5459a0f81a6
Reviewed-on: https://code.wireshark.org/review/22683
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I518335dc317ac5fb3c1339686579ff44b73c2546
Reviewed-on: https://code.wireshark.org/review/22675
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I61feeae7d20ad67ecb86fc53708f04e051fd88c7
Reviewed-on: https://code.wireshark.org/review/22655
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ia912925f689d2912c62d01fcc8230065204b6f15
Reviewed-on: https://code.wireshark.org/review/22633
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The IP address has been unused since 2.0. The port/protocol fields have
become unnecessary since 2.4 with the introduction of Decode As. Do not
require the user to specify these fields if they just want to set the
RSA key file.
In a future version, these three fields will be completely removed.
Change-Id: Iefc5a8778aa1122b76b707018c00b6ec429dc107
Reviewed-on: https://code.wireshark.org/review/22640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The vsockmon packet header is defined in <linux/vsockmon.h> as follows:
struct af_vsockmon_hdr {
__le64 src_cid;
__le64 dst_cid;
__le32 src_port;
__le32 dst_port;
__le16 op; /* enum af_vsockmon_op */
__le16 transport; /* enum af_vsockmon_transport */
__le16 len; /* Transport header length */
__u8 reserved[2];
};
The vsock dissector forgot to include the 2-byte reserved field. This
caused the transport header and payload that follow the vsockmon header
to contain junk data.
Change-Id: I0e7e6f1d9ad96ab339bd070c1becf43bc7e6a6b1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22612
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A linktype was recently assigned to Linux vsock in libpcap commit
cfdded36ddcf5d01e1ed9f5d4db596b744a6cda5 ("added DLT_VSOCK for
http://qemu-project.org/Features/VirtioVsock").
The Wireshark vsock dissector can now be automatically applied when
wtap_encap matches the new WTAP_ENCAP_VSOCK constant.
This patch makes Wireshark dissect vsock packet captures without
manually specifying the dissector.
Change-Id: If252071499a61554f624c9ce0ce45a0ccfa88d7a
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-on: https://code.wireshark.org/review/22611
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add table in SMB2 protocol options to store Session ID => Session Key
mappings. If we find a matching session id while dissecting, use session
key from the table to derive crypto keys used for decryption.
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:3d00009400480000,28f2847263c83dc00621f742dd3f2e7b -r smb3-aes-128-ccm.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option was merged recently and should appear in the
not-yet-released 4.13 kernel.
Alternatively you can read the keys from live memory on a x86_64
system by running a gdb script as root (see email [1] for usage and
source [2]).
[1]: https://lists.samba.org/archive/samba-technical/2017-May/120755.html
[2]: http://lists.samba.org/pipermail/samba-technical/attachments/20170524/2950140e/cifs_dump_keys.py
Change-Id: I2709bb5fb316a4a3614901efe967196c2925609a
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/21711
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC 8197 defines the new status code 607 Unwanted
Change-Id: I61299788b25f5ada460c88949bed3cabddc3908f
Reviewed-on: https://code.wireshark.org/review/22618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Still open: Reassembly and support for KMP payload dissection besides EAPOL
Bug: 13883
Change-Id: I48a1e6af5c6fb5594fb4e6a5258db0d8ebaf4a70
Reviewed-on: https://code.wireshark.org/review/22597
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix to dissect packets from certain implementations of this protocol which have
null padding at the end of otherwise valid packets.
Change-Id: Ic7790d9bbcf9467a9de0aa738e65a597802ce494
Reviewed-on: https://code.wireshark.org/review/22593
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'zbee_zcl_se.met.publish_snapshot.payload_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I97bc7cb467508192a3597836b721778341bc756c
Reviewed-on: https://code.wireshark.org/review/22590
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
byte 64 bit BER encoded unsigned number.
Change-Id: I43e4a7f3103fac458a528022e0fdf6f0947804dc
Reviewed-on: https://code.wireshark.org/review/22585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added as option with the default value set to TRUE. Dissection is based on
file generated from Tektronix Monitoring Solution for Mobile Networks.
Change-Id: Iedb2e742d1d406bc68e41334cac4a15da443cf3f
Reviewed-on: https://code.wireshark.org/review/22507
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This code is borrowed from a patch proposed by altaf329@gmail.com in june 2015
(Ice136a9cb950bb97a11bee4486071b6883a0cad7) and adapted to fit current wireshark code (and minus the LTE MAC frame dissector).
Change-Id: Iaa1ea8b2d7a3e618f8aa14203449f2c77b4727f5
Reviewed-on: https://code.wireshark.org/review/22515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
found by Robert Sauter
Change-Id: I8099797ae52bdee512c7dff0423717a5acb2d36f
Reviewed-on: https://code.wireshark.org/review/22582
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I6a29e89eb18c737c257953f3dbe98727ad9815e9
Reviewed-on: https://code.wireshark.org/review/22556
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Isolate dissection of individual IEs to capture out-of-bound errors
and to continue with next IE on error.
More consistent display. Use dedicated HFs and ETTs.
More consistent code with fewer casts.
Add warning if IE dissection consumes less content than the
indicated length.
Change-Id: I1481145b9248eaa9f3d3ddf6c0e32d39b4a63861
Reviewed-on: https://code.wireshark.org/review/22577
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Many dissectors don't have an identifier to pass to a dissector table.
When using Decode As they all have a "value" function that returns 0
just so something is returned.
A first step to a cleaner refactor of the functionality is to allow
dissectors to provide a "prompt" function when registering Decode As
with register_decode_as_next_proto() so that the text exposed in
the GUI can vary, but the function that returns 0 (nothing) can be
consolidated under decode as registration functionality. This casts
a wider net for register_decode_as_next_proto() use.
Change-Id: I2995b3c251dae70f5f529b672473d25c6288ed5c
Reviewed-on: https://code.wireshark.org/review/22562
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The dissector was accessing NULL if the first frame in the PCH stream was a control FP.
Change-Id: Icdf2fae57436fe59e16ebe0a5233675e7599f5f4
Reviewed-on: https://code.wireshark.org/review/22578
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hopefully if they are in one place replacing them with a non-static alternative will be easier
Change-Id: I91dd47ea51a1435cea4e68d88d6afe240153fe69
Reviewed-on: https://code.wireshark.org/review/22539
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I02b6ff7f57f81f0ac6b54806a9325ebb16b40476
Reviewed-on: https://code.wireshark.org/review/22553
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Enabling" a filter expression means putting it in the toolbar, so state
that.
Change-Id: Ifa4ef053cf741a5aa269031e6983c7989ca1e64c
Reviewed-on: https://code.wireshark.org/review/22569
Reviewed-by: Michael Mann <mmann78@netscape.net>
It will end up eventually crashing column buffers because memory
behind the address is trounced.
Change-Id: Id6b5a42effc503e4b8bf5e1deb2135241e2893f3
Reviewed-on: https://code.wireshark.org/review/22563
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Includes adding per-conversation data to store whether we are over
DTLS or UDP and registering as a heuristic sub-dissector for DTLS.
Future changes will add more use of the conversation structure.
Also included is a capture of UDT over DTLS in test/captures/udt-dtls.pcapng.gz,
the associated private key for the session in test/keys/udt-dtls.key and a
new test in the decryption suite to check this works.
Change-Id: I76826d3b35768d0b58f5335063884616968e5784
Reviewed-on: https://code.wireshark.org/review/22533
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If configure reporting succeeds for all attributes, then the response
contains only a success status byte but if any attribute fails, then
every record contains a direction byte and attribute identifier.
By handling the "all successful" case specially, add an expert info
message to indicate a problem if the message length indicates that we
have hit this special case but the status is not "success".
Change-Id: I3facae8ac07f1a249cc6ae1b2454f8381151355b
Reviewed-on: https://code.wireshark.org/review/22557
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0e5d3967a26b79c899b0d219317e2963969cba6b
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17809
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Release July 03, 2017
Bug: 12779
Change-Id: I527e83ccff6901688030dbcaf639878513a2ace2
Reviewed-on: https://code.wireshark.org/review/22564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add Ticket nonce added on Draft 21
Bug: 12779
Change-Id: I2891e1ffe700d85f703b29feacccdc6dd7ff376d
Reviewed-on: https://code.wireshark.org/review/22565
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifb7354bbbc639b4191f611c7840094f16e1f6819
Reviewed-on: https://code.wireshark.org/review/22566
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I70786cc561d248529167445e12190159d818ebcb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17811
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As the wireless timeline is not fully finished and undocumented, disable
this GUI feature for now. This should avoid some user confusion when
opening an 802.11 trace.
For experimental and development purposes, the feature can be enabled
via the preferences (right-click on the "802.11 radio information"
layer, Protocol Preferences, Enable Wireless Timeline (experimental)").
Change-Id: Ieb529ccc0f23a051bcaba21ad18ac3c1d63b850e
Ping-Bug: 13769
Reviewed-on: https://code.wireshark.org/review/22558
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Issue reported by Kura
Bug: 13872
Change-Id: I054839a9e141fa4a882114b150842366c090d012
Reviewed-on: https://code.wireshark.org/review/22537
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Only support Q02x and Q03x version
and need to have the CHLO (Client Hello) to detect
Ping-Bug: 13529
Change-Id: I1ca7faa503aea2be4d39cb345070d901be0ebbaa
Reviewed-on: https://code.wireshark.org/review/22461
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HS-DSCH T2 dissection method did not set the
'subnum' field in the packet info which broke
dissection in higher layers.
Change-Id: Ib50e9d783b4abfed477479b7fbaa46d005431322
Reviewed-on: https://code.wireshark.org/review/22540
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I9c51032060b821f79ba2fbbc496d6ce1e20ce304
Reviewed-on: https://code.wireshark.org/review/22535
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's not a requirement, but some dissectors didn't provide a static
summary because expert "format" was used.
While at it, fix a misleading expert info description, rename expert
info variables to ei_... and remove an unused hf entry.
Change-Id: Ib81a0d0a3950b3c90954d0053b8dae49dbb0cd51
Reviewed-on: https://code.wireshark.org/review/20567
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While we are at it, let's cache the dissector handles
Change-Id: Ied301f0e9dc42da38976ba606df008b1e7e45102
Reviewed-on: https://code.wireshark.org/review/22518
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Keeps the address of the newly opened channels in the CTCH-SetupRqst message
to match them with the addresses sent in the Respone message to get exatch
match of the conversation.
Change-Id: I445e08480ddd178f65979b9fbc91c6031e206a61
Reviewed-on: https://code.wireshark.org/review/22271
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Includes
. Better/consistent formatting of summary in COL_INFO and details
. Fixes to properly identify protocol messages
. Decoding NAK message in summary
Change-Id: I082b83c6e0e970b2b27c84c7990abae67c658cdf
Reviewed-on: https://code.wireshark.org/review/22495
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently the code sets 'writable' to false for the '-1' column (all columns?) after the first successfuly decoded RRC payload.
So only the first of all RRC payloads in a single RLC will be shown. This change allows all of them to show using fences.
Change-Id: I203f0c520d331dbb142eb5bdd8339f89c5124394
Reviewed-on: https://code.wireshark.org/review/22493
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I27517bdfc4d00ee758d3795bd74e54968e70efad
Reviewed-on: https://code.wireshark.org/review/22497
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- support draft-ietf-6tisch-6top-protocol-07
- replace proto_tree_add_subtree_format() to make manageable JSON output
- use constant values defined for the 1st F-Interop 6TiSCH Interop Event
Bug: 13868
Change-Id: Ifa1a20aa2e8d2c75bb0660f595de71768a20d082
Reviewed-on: https://code.wireshark.org/review/22500
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The Great Britain Companion Specification specifies how energy meters
will communicate in the UK. This patch adds names for attributes and
commands from the Smart Energy Price cluster that are used within
that specification.
Change-Id: Ibbbf2ac52f61887004f03bbb1aa7f4d57b63268e
Reviewed-on: https://code.wireshark.org/review/22473
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The linked pcap seems to contain a TLV (type=255 (Unknown)) followed by
four bytes (00 00 00 14, interpreted as TLV (type=0, length=20)). That
is bogus, so stop dissecting if no more data is available.
While at it, implement alignment at four octets.
Bug: 13823
Change-Id: Iacf863c0c6605db40e87f63a950d61c1db6debaa
Reviewed-on: https://code.wireshark.org/review/22488
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing entries from IANA registry, remove dummy OSPF_LSA_UNKNOWN
which does not exist and has become unused in the code.
Change-Id: I55e28e67da744e358e0629906ef5ebd3c4c82b5d
Reviewed-on: https://code.wireshark.org/review/22487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If0dc66fa24f154561d45c373325218d71610e41c
Reviewed-on: https://code.wireshark.org/review/22475
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2e543a39a21d3fc71c0da80ce1cd9ca9e50a3bfc
Reviewed-on: https://code.wireshark.org/review/22472
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4dab9878f290564700e58ac191924f6574d67bce
Reviewed-on: https://code.wireshark.org/review/22474
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create a unique reassembly id to improve reassembly when having
missing btle packets.
Change-Id: I0d8e4c6b4fea9ba5eb98a88b0573b541cfee59af
Reviewed-on: https://code.wireshark.org/review/22477
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Create one connection_info_tree for each direction to support
reassembly in both directions simultaneously.
Change-Id: If83e8705412062b07f3fa47a73f42db8c7895e78
Reviewed-on: https://code.wireshark.org/review/22476
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove a double lookup in RLSD message dissection, too
Ping-Bug:13861
Change-Id: Ie971c0779baad76fb22f8a59d045e38c072e8f06
Reviewed-on: https://code.wireshark.org/review/22448
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Useful when you have long sessions, without the start (i.e. CC/CR) and the end
(i.e. RLSD/RLC).
Similar to 10d2e65228
Change-Id: Ifb97bd9fe88ee59f3816fce1111132b247bf46c8
Reviewed-on: https://code.wireshark.org/review/22446
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for registering custom dissectors for AECP vendor unique command and response message
dissection.
Fixed a minor typo
Change-Id: I7ae363f126d4db513be0529fc6dd7fd189d4f3d8
Reviewed-on: https://code.wireshark.org/review/22438
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This shows the elements in a little-endian fashion and aligns with
other element trees using bitmask.
Change-Id: I8e16eaee9944c2b56bc9fe18f31a983047aca121
Reviewed-on: https://code.wireshark.org/review/22453
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix indent and spacing in if-statements to improve readability.
Change-Id: I3bd295d5d397e6e4b211c2d6fed25ab93e14142c
Reviewed-on: https://code.wireshark.org/review/22452
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Combining all seperate heuristic dissector into one 'fp over udp' dissector.
Also refactored the 'unknown format' dissector (formarly heur_dissect_fp) so it could work 'chained' to the others.
Change-Id: I396c362a400f51171ee091317b6735dfd8bd19df
Reviewed-on: https://code.wireshark.org/review/22368
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Allow the ordering of the filter buttons via drag/drop in
the toolbar
Change-Id: Id8793d6514bae36066a7a23d6890985665e753bd
Reviewed-on: https://code.wireshark.org/review/22422
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
No code changes.
Change-Id: I282334594be476596f30e8396fe66a995e3e0292
Reviewed-on: https://code.wireshark.org/review/22439
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of using one big linked list, we use a stack of list once all the pointers of one level have been handled the list is removed from the stack and we go to the level before.
Because of this the lists are much smaller and far less CPU is spent iterating on the objects or inserting objects in the list
Bug: 10544
Change-Id: I432aaf5b4b781411c92da92abe9c5503034b65dc
Reviewed-on: https://code.wireshark.org/review/4598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Isolate dissection of individual IEs to capture out-of-bound errors
and to continue with next IE on error.
Create subtree for each IE containing the TLV header. Reduce
information in overall Header IEs item.
Differentiate unknown and unsupported IE. Show more information.
Add warning if IE dissection consumes less content than the
indicated length.
Simplify Time Correction IE dissection and make more consistent.
Naming changes for consistency with standard.
Change-Id: I80f15edb646a15c0ed43d6571200a5d89cdeb7b5
Reviewed-on: https://code.wireshark.org/review/22381
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Packet statistics were not showing the packets above 5120 due to
the last entry being reformatted and not parsed correctly.
Since the last entry is "reformatted" for better user string,
also "reformat" the last entry as it goes through "range processing".
Bug: 13844
Change-Id: Id49b41c08111dcad1590e034159b81ead8636c4e
Reviewed-on: https://code.wireshark.org/review/22382
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a field to the display filter button UAT to allow comments
to be displayed as part of the tooltip to the diplay filter
button
Bug: 13814
Change-Id: I74459e4102856258d31d6429e2fd924a9f798cd5
Reviewed-on: https://code.wireshark.org/review/22390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ITU Y.1711 at https://www.itu.int/rec/T-REC-Y.1711-200402-I/en states
that OAM payloads are big endian (section 5.3) as reported on bug.
Bug: 8292
Change-Id: Id30e340eee5f5a5c96020cdd1770fa48adb5d169
Reviewed-on: https://code.wireshark.org/review/22383
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ib583470ba612ef24da4d9360f7bbc0e33fb19bd9
Reviewed-on: https://code.wireshark.org/review/22377
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't use DISSECTOR_ASSERT() unless we're in wmem packet scope, see
commit 341b06ce0795ae957627c9174b57e75c7827f028
Change-Id: I509f9197155fe6ea6f46c23c93eb188220b9dd8d
Reviewed-on: https://code.wireshark.org/review/22379
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's a number of protocols whose payload contains yet another
protocol but no criterion to figure out what this next protocol is.
Define a new global function register_decode_as_next_proto() to register
a Decode As entry for this scenario so the user can manually select the
next protocol.
A lot of the housekeeping that is normally required for Decode As is not
applicable to such a scenario. Provide simple data structures and
functions to cover this, make them internal to epan/decode_as.c and
allow them to be shared by multiple of the new simplified Decode As
entries.
(For now, the mechanism is based on an FT_UINT32 dissectore table where
all entries are linked to number 0. We should eventually come up with a
better mechanism.)
Change-Id: I3f81e331d7d04cfdfe9a58732d881652d77fabe2
Reviewed-on: https://code.wireshark.org/review/22376
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
DISSECTOR_ASSERT() can be used only when we're in wmem packet scope. It
cannot be used during startup when address types are registered. In
those cases, we must use g_assert().
If we still use DISSECTOR_ASSERT() and an assert is hit, we'll see a
wmem assertion
**
ERROR:../epan/wmem/wmem_core.c:52:wmem_alloc: assertion failed:
(allocator->in_scope)
Aborted
instead of the actual assert output.
Change-Id: Ife12ca3455d56ba4faa2dd6034df8a091d8641ed
Reviewed-on: https://code.wireshark.org/review/22378
Reviewed-by: Michael Mann <mmann78@netscape.net>
In 082e3e346f, we dropped the prtype
preference in favour of Descode As.
Register prtype as an obsolete preference to make sure that it's not
removed from the preferences file. The way, the preferences file is
still usable with older wireshark versions.
Change-Id: I8feed6080b58dd5443898e2c5b12732b0b3a0a4f
Reviewed-on: https://code.wireshark.org/review/22373
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Make the tcp segment data available on all tcp packets, regardless of
reassembly of higher layer protocols.
Change-Id: I1a5024e427e07b85bfc3a4aad5d0a401beb1049d
Reviewed-on: https://code.wireshark.org/review/22374
Reviewed-by: Sake Blok <sake@euronet.nl>
Petri-Dish: Sake Blok <sake@euronet.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Cope with a space between colon and start of options value.
When there are no constraining modifiers, let match for
next content or pcre field start from beginning of payload
again.
Change-Id: Ie1267a0a38143cbe9f0444945f78708bbefaa270
Reviewed-on: https://code.wireshark.org/review/22365
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Remove the special case for vid 0x072F, pid 0x2200. We should be able to
set Decode As for this (vid, pid) to USB CCID and then use the new
Decode As mechanism to select the next protocol.
Register GSM SIM, ISO7816, PN532 and ACR122 as possible payloads
for USB CCID.
Change-Id: I8237cc9123655d3b289b0564ffb83a32434bebfc
Reviewed-on: https://code.wireshark.org/review/22290
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The commit contains a general framework for parsing NVMe Fabrics data
responses, which contain only "pure" data. These packets are received
as a response for Data requests inside the SGLs in NVMe commands.
Change-Id: I05f8130df6eef37795d258be680f673930ab6e34
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Tested-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/22207
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert the TCP port preference to a range and add Gerrit's default
port.
Change-Id: I13460315e9b312673648a37d5f90955134b3ddbc
Reviewed-on: https://code.wireshark.org/review/22362
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of the following IEs:
- Serial-Number
- Warning-Type
- Data-Coding-Scheme
- Warning-Message-Contents
- Message-Identifier
Reuse the code from S1AP wherever possible
Change-Id: Icaf78b21532cf91fc2cd225d687a6a11813a20d8
Reviewed-on: https://code.wireshark.org/review/22352
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The broadcast message page content is always converted to UTF-8 in the
dissect_cbs_data function using tvb_get_string_enc(...)
Change-Id: I5fe3d421917b38ccb07438f01f3c4d4ea8cbd787
Reviewed-on: https://code.wireshark.org/review/22315
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With RFC7770 the Opaque ID for Router Information is not longer be zero
Change-Id: I22f9917ac5b5b0261e36b1097765dab6ce216a46
Ping-Bug: 13823
Reviewed-on: https://code.wireshark.org/review/22329
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
During the esPcape challenge at SharkFest 2017 US, we had a SSL
decryption challenge. Normally you have to use Decode As to recognize
the custom port number, but the latest development branch has a feature
that automatically recognizes TLS (heuristics dissector).
SSL 2.0 Client Hello messages were however not recognized by this
heuristics which totally broke TLS decryption. Add some very strong
heuristics to detect these. "Mosterd na de maaltijd" :p
Change-Id: I0ac6aa666393335bb191e395faa1d32d3588ded7
Reviewed-on: https://code.wireshark.org/review/22337
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added displaying of raw data for unknown ASDU type
Change-Id: I17e2ae048dbec61718610dd86d6878cdc0563ef0
Reviewed-on: https://code.wireshark.org/review/22341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Filter expressions needs support for a checkbox (bool) and
string field that verifies display filters.
Change-Id: Idfbffd6cdb5abaee8914126a05d890e834c17306
Reviewed-on: https://code.wireshark.org/review/22340
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
While you can add both the sequence number and next sequence number as
columns, the latter would remain empty if it was the same. This disrupts
the user reading flow who would have to look left and right, so just
display the field unconditionally.
Change-Id: I80efb972eaa9a16813a87ac0fdf6a045a3eb9d2f
Suggested-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22307
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Format tcp.hdr_len in the tree similar to ip.hdr_len. Add comments
noting that they should be consistent.
Change-Id: Ic64282d8386c8ed339811bc9c22b5962c707d292
Reviewed-on: https://code.wireshark.org/review/22314
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reused TCP connections with multiple HTTP requests/responses (in
particular: HTTP request/response and HTTP proxy request/response)
exhibit the following problem: the first response sets "startframe" such
that the proxy response accidentally assumes that the proxy response
starts in that first response.
Fix this by only setting startframe if there is actually a transport
upgrade. Tested with original capture and the Websocket dissection still
works while Christian's capture has no longer the reported problem.
Change-Id: I8a7878b9a2a98878a9e5be4f680d4f109fd8ab55
Fixes: 94ae27661e ("WebSocket dissector improvements")
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Bo-Han Liao
Bug: 13821
Change-Id: I74641bef723e747bfe5fa87e946b7f4f74b94bf6
Reviewed-on: https://code.wireshark.org/review/22299
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Define a dissector that can handle both requests and responses.
Look at pino->p2p_dir to detect if we have a request or repsonse.
(At the moment, there's a dissector for request+response in one packet
and two other dissectors for request and response messages.)
Use the new mechanism for USB CCID.
Change-Id: I7eb9861802b4244f92770602179f39642eb28641
Reviewed-on: https://code.wireshark.org/review/22289
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
More than one packet could be meant by that
Change-Id: Ie751a282c927608414673c2cd48b11dc5e6d5ea6
Reviewed-on: https://code.wireshark.org/review/22283
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make two minor adjustments to allow building on Windows when the source
directory is specified in UNC notation (\\server\volume\directory)
instead of mapping such a directory to a drive letter.
Cmake's add_custom_command() calls "cd <work_dir>" if a working
directory is define as part of the rule. However,
cd \\server\volume\directory
is not allowed.
Modify the two occassions where the working directory is derived from
CMAKE_SOURCE_DIR.
For copying some install files, we can get away with using the absolute
path for each source file to be copied.
The perl script that creates the tap listing for lua does not depend on
a working directory at all. We can simply remove the WORKING_DIRECTORY
parameter.
Change-Id: Iac8e0addc44650692c1263fdca11f68315f50c63
Reviewed-on: https://code.wireshark.org/review/22236
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Prepare the USB CCID code for replacing the "next protocol" preference
with Decode As.
USB CCID has a length field for the payload data. Use this field to
create the next_tvb. There's no need for different payload lengths
depending on the next protocol.
Use call_data_dissector() instead of referencing data_handle.
Set pinfo->p2p_dir regardless of the next protocol.
Change-Id: I042ecc9bd75245ee1d4d8a94532c9fd1de83e859
Reviewed-on: https://code.wireshark.org/review/22288
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed 'len' from IPv4, not needed
Added more test coverage for IPv6 in dftestlib
Change-Id: I1ca80e2525f32f6095ad73352baba733f4694ced
Reviewed-on: https://code.wireshark.org/review/22260
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allows duration to be calculated to 0
Handles generators where PHY type is not reported, but it can be
determined from the rate.
Change-Id: Ic0b9e1b0e3e51f4d5b670d25fea064daf250a55f
Reviewed-on: https://code.wireshark.org/review/22261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13813
Change-Id: Ic1582406896b2d4d3505ae1d3bb79cdbafa481da
Reviewed-on: https://code.wireshark.org/review/22247
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are lots of if (tree) checks. Start removing some which
are obviously unnecessary.
Change-Id: I3f8e4b82cd84d8e92ae79492d705438e2df739bb
Reviewed-on: https://code.wireshark.org/review/22238
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We can simply stop the dissection and exit.
Change-Id: Ida8895513a1949fe5826ab89ffec2168642a9e89
Reviewed-on: https://code.wireshark.org/review/22237
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The 'U-RNTI' field in RLC Info struct is both used in the code and shown in the UI as a generic unique 'UE ID' (not specificly U-RNTI, although sometimes it is)
This commit renames the field to fit it's usage.
Change-Id: Ib42b8ed5192fe60c9a164d6d225634be53708c66
Reviewed-on: https://code.wireshark.org/review/22225
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previous code assumed that list decoding was successful and that some
bytes were consumed. Let's explicitly check this.
Bug: 13780
Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb
Reviewed-on: https://code.wireshark.org/review/22235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check that we do not have any overflow when converting words to bytes
Bug: 13810
Change-Id: I43604f7bab427fc542c281e386ab9b994338366d
Reviewed-on: https://code.wireshark.org/review/22227
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In 609ea4baa6
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I4769fc10d74fe7358f9794b9697591c61324e883
Reviewed-on: https://code.wireshark.org/review/22239
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Heuristic PCH dissector was trying to access the packet's header (4 bytes) without asserting these bytes exist
Change-Id: Id2747e00ed353b1962293b3cd3ea6fbe9449a81d
Reviewed-on: https://code.wireshark.org/review/22220
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
To match the recently renamed file name.
Change-Id: Id784b955ec96a52a5f380d415094dce81e1774d5
Reviewed-on: https://code.wireshark.org/review/22222
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Implemented dissector to parse zigbee commands within SE metering cluster
Change-Id: Iffb179c3e6db88b91b9ec96ed4d4b12bbeac682e
Reviewed-on: https://code.wireshark.org/review/22221
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3bdca418801305d71b33fa07396497d82ad06e33
Reviewed-on: https://code.wireshark.org/review/22212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In 609ea4baa6
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I7cf216378e1610350949910091ee187ce150ca05
Reviewed-on: https://code.wireshark.org/review/22213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Original sanity check was missed for fragmentation
Bug: 13755
Change-Id: If9e24e01a119c869b02f198456776c8e6c6f2ad0
Reviewed-on: https://code.wireshark.org/review/22193
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Currently the UMTS FP & MAC dissector's are named packet-umts_X.
This commit renames the UMTS RLC's files to show their relation.
Change-Id: I9e37be95f7c7d08278075a49b8abc2b480a13d64
Reviewed-on: https://code.wireshark.org/review/22188
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the pdu length is too short, we can simply stop dissection and return
the number of bytes we processed.
Change-Id: I11581daa3fdb80b3d5a07754039ec1b640945b2e
Reviewed-on: https://code.wireshark.org/review/22187
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Cisco uses propietary option 65004 to transmit RPF Proxy Vector
information. Add the name of the option to the option identification.
Change-Id: I5ee9e4d44d6326d8a457a8a4bbb24896e17216e8
Reviewed-on: https://code.wireshark.org/review/22186
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ITU-T Q.703 2.3.3 specifies that the length indicator MUST be set
to its correct value. Adding a expert_info warning makes it easier
to determine if a capture uses the optional extended sequence number
format found in Appendix A, for which a preference already exists.
Change-Id: I7c99c7f2801a6d44d1bc693b59f38a76e08cfe4a
Reviewed-on: https://code.wireshark.org/review/22135
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some phones (Android and iOS smartphones) encode emoji characters as
UTF-16 big endian and although the UTF-16 is not specified in the 3GPP
23.038 (GSM 03.38) it seems to be widely supported
Bug: 13808
Change-Id: Ic4a600e42fb4b471223aaef1a661bd002835b519
Reviewed-on: https://code.wireshark.org/review/22181
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change guard that prevents decryption of v2015 to only check if frame counter
suppression is not used.
Add new aux header fields.
Cleanups.
Bug: 13805
Change-Id: Ib025e724415d7d7b85d63e2f44a37c7c691e9de6
Reviewed-on: https://code.wireshark.org/review/22165
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In abda30e9e validation of JSON UTF-8 characters was implemented but it
doesn't handle well the valid characters
Bug: 13806
Change-Id: Id8777065cfff9deae94f457dee08017d03b50f20
Reviewed-on: https://code.wireshark.org/review/22169
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The two code paths don't share any code, so they might as well be in
separate routines.
That makes it even easier to read.
Change-Id: I8ee335f4cac2aedc42216db7f9674e1a609d9347
Reviewed-on: https://code.wireshark.org/review/22179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move some commented-out code where it belonged, and #if 0 it out
instead.
Have only *one* test for OCTO.
Change-Id: I6e8803f936ebd88f1705b2185f034ec0b2bddb77
Reviewed-on: https://code.wireshark.org/review/22177
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Two separate checks for OCTO, one right after the other, is a bit
confusing.
Change-Id: I702aa1809dc7271b69b5419dc850228fac516ed6
Reviewed-on: https://code.wireshark.org/review/22175
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, note in the comment for get_utf_16_string() the
"decoding UTF-16" algorithm in RFC 2781.
Change-Id: I5d7dc5c09af0474c055796e49e0c7b94fa87d2ad
Reviewed-on: https://code.wireshark.org/review/22171
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13745
Change-Id: Ibd00ea4818eb4b47a2c46324c1bfc878fef03d1e
Reviewed-on: https://code.wireshark.org/review/22155
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the print.c json output functions to be more intuitive and
to allow easy switching to single json keys with a json array of values
instead of duplicate json keys. With this commit the json output does
not change at all.
These changes have been tested on multiple decrypted http2 traces with
the following testing method:
- Save the pcap file as json with a build of the current master branch.
- Save the pcap file as json with a build of the master branch + this
commit.
- Compare the files for changes with the "cmp" utility.
No differences were found between files for multiple different decrypted
http2 traces. Printing with the "-x" or "-j" options also does not
produce any changes either.
Bug: 12958
Change-Id: Ibd3d39119c3a08906389aa8bbf4e2a2b21dd824e
Reviewed-on: https://code.wireshark.org/review/22064
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a mandatory information element is missing, try to report an expert info,
instead of throwing a fatal malformed exception (or of reporting nothing at all).
According to TS 24.007 11.2.3, a mandatory i.e. may be part of the imperative part
of the message, so that expert info should be at PI_ERROR level
Change-Id: Id399c236f2923db36540bbda0d29d666548f7cbd
Reviewed-on: https://code.wireshark.org/review/22134
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This makes those tests more like other such tests.
Change-Id: Ide920d4083f6092ce5892adf4fc178236c49729f
Reviewed-on: https://code.wireshark.org/review/22150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 13793
Change-Id: I8863da14f889c68d161f4e53aa6a4e0d2636ba48
Reviewed-on: https://code.wireshark.org/review/22140
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RETH remote key might be needed in protocol's dissectors.
Remote access key is shared out of band usually via RDMA
send operation. This key sharing is upper layer protocol specific
and protocol dissector knows about the key.
infiniband layer do not know about which rkey is shared.
For protocol dissectors to associate data packets with past
command packets, infiniband needs to provide the rkey.
Change-Id: I927116d649ed2b01c388afbcdb924cb7e5128e12
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Tested-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/22123
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Icdcb770723e3783013f525524c3fe745d5dd862d
Reviewed-on: https://code.wireshark.org/review/22122
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Iaf705172496e26f571f77902bcc1a95f3b817c80
Reviewed-on: https://code.wireshark.org/review/22098
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_get_guintvar can generate some unrealistic values so do some
sanity checking on them.
Bug: 13796
Change-Id: I2d5f7a48c2e982a419ea6ab3ac0000be3b6bcbc7
Reviewed-on: https://code.wireshark.org/review/22121
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for the fields Position Information, Mode Information
and Alignment Information in the FILE_ALL_INFORMATION query response.
Bug: 13800
Change-Id: I838fba1df26fe0f65394f0fe31b83645a707c166
Reviewed-on: https://code.wireshark.org/review/22117
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Change-Id: Ia82fa67bbb9056204ed70b150f3d1e6db9ceed25
Reviewed-on: https://code.wireshark.org/review/22116
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Clear DUMMY_ADDRESS_ENTRY when add_ipv4_name/add_ipv6_name. This flag is checked in ipv4_hash_table_resolved_to_list().
TODO: clean up these flags as they are confusing and DUMMY appears somewhat redundant.
Change-Id: I81d40cc778cbe5c36314631d3fa0997cee409368
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22109
Reviewed-by: Michael Mann <mmann78@netscape.net>
That squelches a compiler warning.
Change-Id: Ia39a9e5fe54a03e813bc3b82088ddf5de4a19c72
Reviewed-on: https://code.wireshark.org/review/22113
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I987b4a9a86b0000b726f7e514be741e713b6ec5a
Reviewed-on: https://code.wireshark.org/review/22112
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The pcapng spec[1] suggests that the first octet marks the filter type,
but it is not clear whether this other types are implemented. Just skip
over the byte for now.
[1]: https://github.com/pcapng/pcapng/blob/c0dd7a7391/draft-tuexen-opsawg-pcapng.xml#L1083
Change-Id: I272dac55ea9ca3798e1fea45ce92023f7aa82564
Reviewed-on: https://code.wireshark.org/review/22043
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Christoph Schlosser