The mmdb_val needs to be allocated with the same wmem allocator as the
one used for mmdb_ipv4_map and mmdb_ipv6_map hash maps.
Build with ENABLE_ASAN and run `ctest -R suite_fileformats -V`
24: Direct leak of 144 byte(s) in 2 object(s) allocated from:
24: #0 0x55e6deb6eebf in malloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x1f1ebf)
24: #1 0x7f708f717bb8 in g_malloc (/lib64/libglib-2.0.so.0+0x5bbb8)
24: #2 0x7f709c0a7b3c in maxmind_db_pop_response /home/vasko/sources/wireshark/epan/maxmind_db.c:622:49
24: #3 0x7f709c0a895f in maxmind_db_await_response /home/vasko/sources/wireshark/epan/maxmind_db.c:661:9
24: #4 0x7f709c0a895f in maxmind_db_lookup_ipv4 /home/vasko/sources/wireshark/epan/maxmind_db.c:696:17
24: #5 0x7f709d1a97c5 in add_geoip_info_entry /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:570:33
24: #6 0x7f709d1a2907 in add_geoip_info /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:662:3
24: #7 0x7f709d1a2907 in dissect_ip_v4 /home/vasko/sources/wireshark/epan/dissectors/packet-ip.c:2205:7
Fixes: v2.9.0rc0-2687-g1bab83de53 ("maxmind: Move response processing to a thread.")
Spurious Retransmissions are now ignored during the reassembly
because their respective payloads are already computed with
previous packets. Closes#10289.
It is rather weak and thus can easily trigger false positives.
While in the area, ensure that the minimu number of bytes were
captured for heuristic checks.
The RANAP ASN.1 defines a RAI as being composed of an LAI and a RAC.
(Cf. the RNSAP ASN.1, which defines a RAI as being composed of a
PLMN-Identity, a LAC, and an RAC.) Handle it so that the RAI fields
are used when dissecting a RAI, only using the LAI fields if the LAI
dissection was not called from the RAI.
Use the specific MCC/MNC fields in NGAP for the ECGI, NRCGI, LAI,
TAI, and 5GSTAI, using E212_NONE elsewhre. (Note that NGAP refers to
the 5GSTAI as just TAI, and the original TAI as EPS-TAI.)
Some packets with the error field do not include any remaining fields if
the error is not SUCCESS (0).
Previously this was not handled.
Wiki reference:
https://wowdev.wiki/Packets/Login/Vanilla#Opcodes_and_Errors
The ENC_LITTLE_ENDIAN values have been changed because the pre-commit
script complained.
Use the specific MCC/MNC fields for the LAI, CGI, ECGI, NR-CGI, TAI,
and 5GS-TAI IEs, continuing to use E212_NONE for PLMNidentity in all
other cases. Add fields and an enum value for 5GS-TAI to packet-e212.
(The 5GSTAC has an additional octet compared to the original TAC.)
- IEC 60870-5-103 is a derivative protocol of the main 101/104 variants.
- It is used primarily for RTU to IED communication and facilitates
collection of basic status, metering and fault data with several same or
similar field types and data formatting.
- This protocol is primarily serial-only but it can be present on
Ethernet-tunneled-serial communication circuits if port servers are used.
- This initial version supports the following ASDU Types:
Prim-to-Sec (RTU-to-IED): Types 6, 7, 20, 45/46 (private)
Sec-to-Prim (IED-to-RTU): Types 1, 5, 6, 8, 9, 205 (private)
When the PLMNidentity information element is part of the CGI, LAI, RAI,
SAI, or TAI, use the specific MNC/MCC field types as appropriate.
Otherwise, use E212_NONE as before.
Implemented dissector for FS_Charset_Cap attribute of fattr4.bitmap4;
it is needed for NFS4 GETATTR or READDIR Reply packets
when FS_Charset_Cap attr was used in request. Closes#17377
This patch adds support for a WTLV encoding. While this feature is
not part of the original SOME/IP standard, it got later added as
experimental/draft feature to the AUTOSAR specification.
Fix multiple problems with UE IP address Pool Identity
* the length of the length field needs to be added to offset
* the length field is two bytes long
* the bitmask on the lenght field is wrong
* add "Length" to the description of the length field
* decode UE IP address Pool Identity as string
Decoding the field as string makes sense because it originates from
a DIAMETER attrbiute that would usually also be decoded as string.
Fixes a very small part of #11398.
The fields were incorrectly identified as error fields because Mangos,
the most popular open source emulator in 2009 incorrectly identified it
as such.
Reverse engineering of the client revealed that the fields were protocol
versions.
As well as misidentifying the field, the WOW_SERVER_TO_CLIENT version
also read the wrong field. The actual error field is the one that comes
after the protocol version field.
Correct packets are in Ember
WOW_CLIENT_TO_SERVER
03c130d3d6/src/login/grunt/client/LoginChallenge.h (L39)
WOW_SERVER_TO_CLIENT
03c130d3d6/src/login/grunt/server/LoginChallenge.h (L33)
As well as the Wiki
https://wowdev.wiki/Packets/Login/Vanilla#Challenge_packets
Not initialized GUID in function dissect_rtps_submessages leads to
malformed packets due the nested submessage dissection functions
insert/reads it from a map.
Introduces a new bit "Cloud Discovery Service Announcer"
into the PID_VENDOR_BUILTIN_ENDPOINT_SET parameter
send with DATA(P) messages to indicate that the DATA(P) message is
coming from Cloud Discovery Service.
N.B. Didn't find the spec for this, but the pipeline warning is as follows
Field 'RDMA Provider Type (RDMA_PRTYPE)' (nvme.cmd.get_logpage.identify.rcrd.tsas.rdma_prtype) has a conflicting entry in its value_string: 3 is at indices 2 (RoCE (v1)) and 4 (iWARP)
RTO was calculated on the last packet increasing the nextseq,
which ended on not identifying the original right packet later
retransmitted. We now consider the eldest unacked packet as
being likely to be the one to be retransmitted, and it gives a
much more accurate RTO value. Closes#12259.
In the MP_REACH_NLRI attribute, break out the Next Hop field into
constituent subfields for different address types. Add a field name
for the NLRI to make it filterable and consistent with the standard
NLRI attribute. Also add a field name for the withdrawn routes for
the MP_UNREACH_NLRI attribute.
Correct a comment about RFC 2545 and the handling of what it allows,
viz. IPv6 next hop addresses being optionally followed by link-local
next hop addresses.
The above has nothing to do with RFC 2283 allowing multiple <afi, safi,
..., NLRI> tuples (which was impossible to implement, and RFC 2858
later explicitly disallowed), so correct the comment about that.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Fixed crash when dissecting Type Object larger than 100 elements. Added
protocol option for setting up the maxumun number of Type Object elements to show.
To save space, the value of Partial TSF is stored shifted to the right
by 10. When displaying to the user, shift it back to the left by 10 and
display as microseconds.
The secs field is a time_t, which is not necessarily 32 bits. If it's
not, casting away the upper bits, by casting to guint32, introduces a
Y2.038K bug.
Either cast to time_t or, if you're assigning a time_t to it, don't
bother with the cast.
Fields such as '_ws.expert' have no underlying tvb; they are added
with offset 0 and length 0 and the field's underlying tvb is NULL. FieldInfo__call
passes tvb to tvb_memdup() without checking if the tvb is null and
assumes that a NULL tvb means that the tvb is expired and therefore raises an error:
"epan/tvbuff.c:477: failed assertion "tvb && tvb->initialized"
Fields such as '_ws.expert.group' have no underlying tvb; they are added
with offset 0 and length 0 and the field's underlying tvb is NULL. FieldInfo_get_range
calls push_TvbRange, which assumes that a NULL tvb means that the tvb is expired
and therefore raises a lua error of "expired tvb".
This commit explicitly adds a check to FieldInfo__call() to see if the tvb is null when
attempting to access the underlying tvb.
It also explicitly checks if the tvb is null when attempting to access the range
and if it is, returns nil. This is consistent with how FieldInfo.source also
returns nil for such fields.
This commit should fix issue #13542.
Added dissectors for RTPS Virtual Transport and RTPS Processed Protocols
RTI Connext DDS can capture RTPS-related traffic by using the Network Capture
Utility. The generated .pcap capture files will follow these protocols,
establishing a format for how information must be saved, and then
parsed. This will improve debuggability by including additional information
obtained from within Connext DDS.
RTPS-VT parses the information related to the transport. It then, calls
the RTPS-PROC dissector, which handles the rest: calling the RTPS
dissector when needed, and parsing additional information such as the
one related to security.
New advanced settings are created:
- rtp_player_use_disk1 - controls if decoded samples are stored in
memory or on disk.
- rtp_player_use_disk2 - controls if dictionary for decoded samples
is stored in memory or on disk.
- documentation updated
Make sure we have enough bytes for Length and Type fields before we read
from tvb.
Using existing msg_len for the checks.
Closes: wireshark/wireshark#17355
Move USB state machine tracking into one function. Do not store source
and destination addresses, simply generate them based on transaction
info and state when needed.
Related to #15908
This patches makes sure that the registered IDs are not influenced
by the three flags mapped into the same uint32.
This was a oversight in the AUTOSAR NM and Signal PDU dissectors.
IEEE 1815-2012[1] section 7.8 describes the use of DNP3 over TLS using TCP
port 19999. This commit creates a global to store the return of
`register_dissector` and then calls `ssl_dissector_add` in
`proto_reg_handoff_dnp3`.
[1] https://ieeexplore.ieee.org/servlet/opac?punumber=6327576
packet-nvme.c:2396:8: error: ‘grp’ may be used uninitialized in this
function [-Werror=maybe-uninitialized]
ti = proto_tree_add_item(grp, hf_nvme_get_logpage_lba_status_nel,
cmd_tvb, poff, len, ENC_NA);
^
packet-nvme.c:2378:17:
note: ‘grp’ was declared here
proto_tree *grp;
^
do not show only the value of an attribute, but also its name
Change-Id: Ieb07e994dd984bdc98a52a947b2d3b06bc26fd30
Signed-off-by: Christian Ambach <ambi@samba.org>
do not show only the value of a header value, but also the header's name
Change-Id: I84ef3107cf3d4b0c8aa96fe137aa9be19c30c6ab
Signed-off-by: Christian Ambach <ambi@samba.org>
At times the presence of the packet-list hover_style colorization can make
it difficult to determine the state of the packet directly under the mouse
cursor. This forces the user to move the mouse cursor away from the
packet-list row to reveal the next colorization state. The packet-list row
colorization style precedence, from highest to lowest, is: hover_style,
Selected, Ignored, Marked and then coloring rules.
This patch adds a new 'Packet List settings:' checkbox option 'Enable
mouse-over colorization'. By default the supporting preference
`gui.packet_list_hover_style.enabled` will be enabled (TRUE). When this
checkbox is disabled, the packet-list hover_style (mouse-over)
colorization will not be used.
RFC 4884 requires ICMP extensions be read after the original datagram. For backwards compatibility, if there is no `icmp_original_dgram_length` field in the packet, we assume they are 128. However, if this field is there, we should prefer to use that.
Instead of loading lua plugins in the random-seeming order that is
returned by the filesystem, sort the list of plugin filenames in
ASCIIbetical order. This makes the load order of plugins predictable.
This particular order was chosen to be consistent with the precedent set
by various *nix tools.
Andreas Schultz
Vadim Yanitskiy