Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
The MEGACO dissector issues an error when a command "AuditValue" is captured
[Packet size limited during capture: MEGACO truncated], but the packet seems to
be OK. See the example attached.
svn path=/trunk/; revision=25868
Fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2453
The patch fixes the problem by extending the original "outstanding stuff"
approach.
Now the pointer itself won't be NULLified, instead we track the pointers with
their expiry state in structs in the outstanding_stuff list.
The Lua objects refers to those structs instead of the actual pointers and
checks the expiry state of the pointers before accessing them.
The pointers are marked expired when the dissection of the frame is finished
and the allocated struct is freed by Lua's garbage collector.
If the garbage collector hits the struct when it holds a not expired pointer,
it marks it as expired (that means we don't have any object in Lua referring to
the pointer) and the struct will be freed at the end of the dissection of the
frame.
this is for the 1.0 branch
svn path=/trunk/; revision=25845
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
Still seeing these errors...
packet-dcm.c: In function `dcm_uid_or_desc':
packet-dcm.c:960: warning: pointer type mismatch in conditional expression
packet-dcm.c: At top level:
packet-dcm.c:229: warning: 'dcm_desegment_headers' defined but not used
svn path=/trunk/; revision=25828
multiple PDV per PDU support
- Support multiple PDVs per PDU
- Better summary, in PDV, PDU header and in INFO Column,
e.g. show commands like C-STORE
- Fixed Association Reject (was working before my changes)
- Fixed PDV Continuation with very small packets. Reduced minimum packet
length from 10 to 2 Bytes for PDU Type 4
- Fixed PDV Continuation. Last packet was not found correctly.
- Fixed complilation warning (build 56 on solaris)
- Fixed tree expansion (hf_dcm_xxx)
- Added expert_add_info() for Assoctiation Reject
- Added expert_add_info() for Assoctiation Abort
- Added expert_add_info() for short PDVs (i.e. last fragment,
but PDV is not completed yet)
- Clarified and grouped data structures and its related code
(dcmItem, dcmState) to have consistent _new() & _get() functions
and to be be according to coding conventions
- Added more function declaration to be more consistent
- All dissect_dcm_xx now have (almost) the same parameter order
- Removed DISSECTOR_ASSERT() for packet data errors.
Not designed to handle this.
- Handle multiple DICOM Associations in a capture correctly,
i.e. if presentation contexts are different.
svn path=/trunk/; revision=25824
(Done for consistency although not strictly required in these cases);
(Also: so no kickouts on this file when doing automated checking
for missing NULL termination elements in value-string arrays).
svn path=/trunk/; revision=25794
The SMPP dissector currently supports only version 3.4. The latest version of
the protocol is version 5.0 and it has been around for a while. However, the
usage of this version of the protocol is only now picking up.
This patch adds basic support for SMPP 5.0. By basic I mean:
- New Operations and Responses.
- New TLVs.
- New Error codes.
- Any changes to earlier values.
svn path=/trunk/; revision=25787
packet-gsm_a.c:4914: warning: comparison between signed and unsigned
packet-gsm_a.c:4944: warning: comparison between signed and unsigned
svn path=/trunk/; revision=25772
Tigran Mkrtchyan: decode and display fattr4_fs_layout_types.
Thijs Stuurman: Synchronize names used by wireshark with those used in
latest pnfs draft.
J. Bruce Fields: Use large default max_rpc_tcp_pdu_size setting
The linux server will do up to 1M these days, so the current default is
very likely to discard all reads and writes from such a server.
Thanks to Jim Rees for catching this.
Jeff Morriss: limit the max_rpc_tcp_pdu_size increase to 4M instead of the 16M
proposed. Memory is cheap but still not unlimited.
svn path=/trunk/; revision=25769
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2693 :
The rfc4938bis draft extends the Point-to-Point over Ethernet (PPPoE) protocol
with an optional credit-based flow control mechanism and an optional Link
Quality Metric report. These optional extensions improve the performance of
PPPoE over media with variable bandwidth and limited buffering, such as mobile
point-to-point radio links.
Support for rfc4938 already exists in wireshark, but rfc4938bis specifies a new
credit scale factor TLV and the use of the reserved field of the PADQ to
specify max and current data-rate scaling.
svn path=/trunk/; revision=25768
The #defines for PADG, PADC, and PADQ are incorrect and these packets are
showing up as unknown.
I would be happy to fix this bug as I would like to enhance the current support
for rfc4938 and rfc4938bis to include filtering and inband credit grant decoding.
svn path=/trunk/; revision=25766
the GLIB version instead.
Reindent some (does someone have their tabstops set to 4?).
Create and use some #defines instead of hard-coded values. For example,
replace 0x00 with ANSI_X34 in both the value_string and the case statement.
(This file could use a lot more of such changes.)
packet-bacapp.c appears to compile cleanly now so move it to
CLEAN_DISSECTOR_SOURCE.
svn path=/trunk/; revision=25758
When saving preferences, wireshark saves the description of each preference in
a one line comment. Unfortunately if the description consists of several lines,
wireshark comments out only the fist one.
The attached patch solves the problem by commenting out every lines in the
description.
svn path=/trunk/; revision=25756
pointer to that pointer - unlike g_array_append_vals, which takes a
pointer to an array of values and a count of the number of values in the
array.
svn path=/trunk/; revision=25753
the fact that 'data' is a pointer to a char). GLIB fixed this in their
accessor macro here:
http://svn.gnome.org/viewvc/glib?view=revision&revision=6092
The bug report confirms that the data is properly aligned:
http://bugzilla.gnome.org/show_bug.cgi?id=502927
So, add some intermediate (void *) casts to avoid "cast increases required
alignment of target type" on SPARC. (No, we can't use the accessor macro
because we want to access the whole array not just the ith element.)
Since build_dict->ett is actually an array of pointers, change it to a
GPtrArray.
Reindent some.
svn path=/trunk/; revision=25749
FIP is the FCoE Initialization Protocol. FCoE is Fibre-Channel over Ethernet.
FIP is being finalized in t11.org, and further changes are not expected.
svn path=/trunk/; revision=25748
connection-oriented transport protocol and ISO 8602/ITU-T X.234
connectionless transport protocol) out of packet-clnp.c into
packet-isotp.c.
svn path=/trunk/; revision=25746