Currently we have two FTDI protocols: ftdi-ft and ftdi-mpsse. In the
future we can have more. The dash in "ftdi-" makes the name easier
to read.
Ping-Bug: 11743
Change-Id: Ia8861b8c72c0ec82faa194f25e68beaf3c5033c4
Reviewed-on: https://code.wireshark.org/review/37965
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Show the Bad Command code and from which packet it originates from when
skipping data while searching for Bad Command response.
Ping-Bug: 11743
Change-Id: I3b500a5e9f780775dfad9ce03cff911a6c1e2c41
Reviewed-on: https://code.wireshark.org/review/37954
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When bidirectional (both read and write) data shifting command is
executing, the host can start reading data even before it finishes
writing the data to be sent. Record preliminary command data structure
so the response data that starts before the packet in which the command
is reassembled can be matched with the command.
Ping-Bug: 11743
Change-Id: Id93924b25e37b0e3829efdb44cbe1db7139aa310
Reviewed-on: https://code.wireshark.org/review/37952
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the ISDN dissector take the ISDN pseudo-header through its data
argument, rather than assuming it's in pinfo->pseudo_header, so it can
be used if the link-layer type of the capture isn't ISDN.
Have it add the direction to its protocol tree, so it's there for all
ISDN packets.
Have more versions of the LAPD dissector:
one where the ISDN direction information is available through
an ISDN pseudo-header passed as its data argument;
one for use when the link-layer type *is* LAPD, where the ISDN
direction information may be available through the direction
part of the packet flags.
Pass more flags to the routine that does LAPD dissection to indicate the
direction (user->network or network->user) and whether the user or
network side is on another machine; set those appropriately in the
dissector routines that call it. To set those flags:
in the routine that handles WTAP_ENCAP_LAPD, check the direction
flags in pinfo->rec->rec_header.packet_header.pack_flags;
in the routine that handles WTAP_ENCAP_LINUX_LAPD, check the SLL
header;
in the routine that's called from the ISDN dissector and other
dissectors that can supply an ISDN pseudo-header, check the
struct isdn_phdr passed to it via the data argument;
for the routine that's to be called from L2TP pseudowire type
and SCTP dissector tables, pass nothing, as there's currently
no direction indication supplied - if that information is
available from the encapsulating protocol in some fashion, we
should make changes to supply that information.
Have the AudioCodes Trunk trace protocol dissector call the
LAPD-with-pseudoheader dissector, handing it an ISDN pseudo-header with
a direction indication from the direction field (and a channel of 0 to
indicate the D channel).
Have the Ascend text dump reader in libwiretap use WTAP_ENCAP_ASCEND for
all packets, even Ethernet and ISDN packets, and have the Ascend text
dump dissector handle that, calling the "no FCS" version of the Ethernet
dissector and calling the LAPD-with-pseudoheader dissector with a
pseudo-header filled in with the direction (and a channel of 0).
Have the Catapult DCT 2000 text dump dissector call the
LAPD-with-pseudoheader dissector with the pseudo-header supplied by
libwireshark.
Have the V5 envelope function frame get its ISDN pseudo-header from its
data argument, and call the LAPD-with-pseudoheader dissector with that
pseudo-header.
Have the ISDN dissector treat its data argument as pointing to the ISDN
pseudo-header, rather than assuming it's the one in
pinfo->pseudo_header->isdn - the latter is the one supplied by
libwiretap, but there's no guarantee that an ISDN pseudo-header was
supplied by libwiretap, as the lowest-level protocol layer might not
have been ISDN.
Change-Id: I9f702b879bbc3fb42bcb43c28f797bfc327562c6
Reviewed-on: https://code.wireshark.org/review/37953
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The uninstaller should run with elevated privileges to allow deletion
of files from protected directories.
Modifying the uninstall script to require elevation then causes the
uninstaller_installer that creates the uninstaller to also require
elevation which happens at build time so defeat that
by setting the env var __COMPAT_LAYER to "RunAsInvoker" before calling
the uninstaller_installer.
Achieving this from CMake requires a script to call to set the env var
and then calling the executable.
Change-Id: I056931bc4f9b41877b8f31d765d49fee11b54e39
Reviewed-on: https://code.wireshark.org/review/37955
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
packet-rtps.c:4486:10: warning: no previous prototype for ‘union_compare’ [-Wmissing-prototypes]
packet-rtps.c:4492:7: warning: no previous prototype for ‘union_hash’ [-Wmissing-prototypes]
Change-Id: If5b95248fe69e5cef41693be863beef9e2fc428d
Reviewed-on: https://code.wireshark.org/review/37946
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TCG Spec 1.59 defines two new tpm commands:
TPM2_CC_CertifyX509, and TPM2_CC_ACT_SetTimeout
This commit add support for these new commands.
Change-Id: Ibbeb85dac88a874bb57fe097b979adbfd9d92e9f
Reviewed-on: https://code.wireshark.org/review/37943
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change is massive, mostly due to KIP-482. The flexible version coding affects every
string, bytes or array field. In order to keep the compatibility the old and new style field
codings must stay next to each other.
Plus:
* correlation-id request/response matching
* new fields (other than KIP-482)
* some fixes to the messages that were not tested sufficiently before
Bug: 16540
Bug: 16706
Bug: 16708
Change-Id: I39b1b6a230e393d3bee3e3d8625541add9c83e5d
Reviewed-on: https://code.wireshark.org/review/37886
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some integer fields in CSN.1 structures can be encoded with an offset.
A good example is GPRS Mobile Allocation IE defined in 3GPP TS 44.060,
section 12.10a, table 12.10a.1:
< GPRS Mobile Allocation IE > ::=
< HSN : bit (6) >
{ 0 | 1 < RFL number list : < RFL number list struct > > }
{ 0 < MA_LENGTH : bit (6) >
< MA_BITMAP : bit (val(MA_LENGTH) + 1) >
| 1 { 0 | 1 < ARFCN index list : < ARFCN index list struct > > }
} ;
so in this case the variable-length MA_BITMAP is defined as follows:
< MA_BITMAP : bit (val(MA_LENGTH) + 1) >
what basically means that its bit length shall be encoded with
a negative offset 1, therefore the following statements apply:
MA_LENGTH=0 defines MA_BITMAP of bit length 1
MA_LENGTH=1 defines MA_BITMAP of bit length 2
...
MA_LENGTH=63 defines MA_BITMAP of bit length 64
== What's wrong? ==
For some reason, Wireshark shows the raw values without applying
the offset. Here is an example of GPRS Mobile Allocation IE:
GPRS_Mobile_Allocation
.... .101 010. .... = HSN: 42
...0 .... = RFL_NUMBER Exist: 0
.... 0... = Mobile Allocation: (Union)
u.MA
.... .001 111. .... = Bit length: 15
...0 .... = Bitmap: 0 // 1st
.... 1... = Bitmap: 1
.... .0.. = Bitmap: 0
.... ..1. = Bitmap: 1
.... ...0 = Bitmap: 0
1... .... = Bitmap: 1
.0.. .... = Bitmap: 0
..1. .... = Bitmap: 1 // 8th
...0 .... = Bitmap: 0
.... 1... = Bitmap: 1
.... .0.. = Bitmap: 0
.... ..1. = Bitmap: 1
.... ...0 = Bitmap: 0
1... .... = Bitmap: 1
.0.. .... = Bitmap: 0
..1. .... = Bitmap: 1 // 16th
== Solution ==
Let's use proto_tree_add_uint_bits_format_value(), so we can print
the final value with the offset applied, as well as the original
one and the offset itself:
GPRS_Mobile_Allocation
.... .101 010. .... = HSN: 42
...0 .... = RFL_NUMBER Exist: 0
.... 0... = Mobile Allocation: (Union)
u.MA
.... .001 111. .... = Bit length: 16 (Raw 15 + Offset 1)
Change-Id: Ic4eaf2d8a3c2fedca855726e4175ddf47d16c5af
Reviewed-on: https://code.wireshark.org/review/37931
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When set to TPDU Heuristic the eth.type of the payload is compared
against IPv6, IP and ARP Ether type values and if found the frame
is handed of to the Ethernet dissector.
Change-Id: I909713062c535112bc77a71ee107822e4544772e
Reviewed-on: https://code.wireshark.org/review/37934
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some switches seems to inject VLAN-tagged duplicate frames. Make sure
we use the VLAN-ID when reassembling IEEE1905 frames.
Change-Id: If37c0a4d1e6df51b13ffc0230ccd50eee8d6061e
Reviewed-on: https://code.wireshark.org/review/37942
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid crashes when NULL passed into hashing functions.
Change-Id: I941eec49ff8f906715ae257b61334a9533af3265
Reviewed-on: https://code.wireshark.org/review/37863
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not set default version to v3.1.1, let the user set this when needed.
Add an expert info when version is not detected.
Ping-Bug: 16722
Change-Id: Iceff83314f06510350bbe9d29cda8a239005f620
Reviewed-on: https://code.wireshark.org/review/37928
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Also note that the record header might have additional stuff at the end,
although not all record headers do (the header length will indicate
what's there).
Change-Id: I5a9ff1f9cd592448bcc45d18808f4b651cdb2f0d
Reviewed-on: https://code.wireshark.org/review/37921
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 11866
Change-Id: Ic9d924cb9008af63c89f4142175a1fa104af7f25
Reviewed-on: https://code.wireshark.org/review/37890
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Field 15 was defined as a 6-byte fixed-length field but the spec shows
it as a 4-byte fixed-length field.
Bug: 16721
Change-Id: I25a61a5758e735a6da52417a584c770ef63d41b0
Reviewed-on: https://code.wireshark.org/review/37916
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In CSN.1, the message may be safely cropped at specific parts
of its definition called Null breakpoints or rather "message
escape" labels (see 3GPP TS 44.060, section 11.1.3.3).
These labels usually preceed the optional protocol extensions,
added in newer releases of 3GPP specifications. The following
IA Rest Octets (see 3GPP TS 44.018, section 10.5.2.16) sample
illustrates that:
IA Rest Octets
H... .... = First Discriminator Bit: High
.H.. .... = Second Discriminator Bit: High
..0. .... = Discriminator Bit: Packet Assignment
...1 .... = Discriminator Bit: Packet Downlink Assignment
Packet Downlink Assignment
.... 0000 0000 0000 0000 0000 0000 0000 0001 .... = TLLI: 0x00000001
.... 1... = TFI Assignment (etc): Present
.... .000 00.. .... = TFI_Assignment: 0
..0. .... = RLC_Mode: RLC acknowledged mode
...0 .... = Alpha: Not Present
.... 0000 0... .... = Gamma: 0 dB (0)
.0.. .... = Polling: no action is required from MS
..0. .... = TA_Valid: the timing advance value is not valid
...0 .... = Timing Advance Index: Not Present
.... 0... = TBF Starting Time: Not Present
.... .0.. = P0: Not Present
.... ..L. = Additions in R99: Not Present
.... ...L = Additions in Rel-6: Not Present
[Malformed Packet: GSM CCCH]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
In GSM, the maximum length of a MAC block (on xCCH channels) is
limited to 23 bytes, so the message was cut in the middle, and
the Rel-7, Rel-10, and Rel-13 additions did not fit. Although,
the message is still correct according to the specifications,
so we should not consider it as "Malformed".
Change-Id: I6920c87d3a3247f4342fea69a8bb40c28316f422
Reviewed-on: https://code.wireshark.org/review/37912
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pau Espin Pedrol <pespin@sysmocom.de>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch from WinPcap's WpdPack SDK to a libpcap package built with vcpkg.
We explictly load wpcap.dll on Windows, so make sure we don't link with
pcap.lib.
Move timestamp code from capture-pcap-util-unix.c to
capture-pcap-util.c. Add timestap routines to capture-wpcap.c and make a
couple of other updates.
Change-Id: If0e3dbeb7378c42ed9e3f91b2f15add95d22a2bb
Reviewed-on: https://code.wireshark.org/review/37905
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This ASN.1 CHOICE has three items with the same tag. Without access
to the spec, assuming these are sequentially numbered change the tags
on the subsequent elements.
This is detected by conflict check.
Change-Id: I0d7e6ace53426ba2661b133f7e825c1a305338ef
Reviewed-on: https://code.wireshark.org/review/37697
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Ed Beroset <beroset@ieee.org>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
PID_UNICAST_LOCATOR6_EX extends the unicast locator PID by adding a
sequence of encapsulations.
Change-Id: I9583e3a61b1df6e6f83d7c65f37ae36b9b4c345e
Reviewed-on: https://code.wireshark.org/review/37885
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding support for SVCB and HTTPS resource records as defined in
draft-ietf-dnsop-svcb-https-01
Bug: 16715
Change-Id: I631246e32f6cb2c89fc953cef761585adfbb056b
Reviewed-on: https://code.wireshark.org/review/37896
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 3550, "RTP SHOULD use an even destination port number and
the corresponding RTCP stream SHOULD use the next higher (odd) destination
port number".
However, nowadays, RTP and RTCP packets are often multiplexed onto a single
port, for the reasons explained in RFC 5761, so the port number might be
completely random.
WEBRTC connections are a classic example of this kind of deployment.
Therefore, remove port check in RTP/RTCP over UDP heuristics.
Note that RTP/RTCP heuristics over Stun are already correctly avoiding
checking the port number.
Change-Id: Ib63036954c5188936de8b38b0af146eb4bcde0ca
Reviewed-on: https://code.wireshark.org/review/37903
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rtps_util_add_type_element_module() does not set anything in the
dissector_info structure, so 1) don't pass it a pointer to that
structure and 2) don't add the info structure to the dissection_infos
table.
Bug: 16717
Change-Id: I963b2da0c75124174396714ef5aa68ffe3862f3e
Reviewed-on: https://code.wireshark.org/review/37910
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The sshdump command is typically not invoked directly, and I need a
place to refer people to for configuring Wireshark.
Change-Id: I10fb3d88dbb3aea0bfcaf22aac90b36a7a8dc814
Reviewed-on: https://code.wireshark.org/review/37897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
There's no need parse the time field ourselves. proto_tree_add_item()
supports the encoding that is used here.
Change-Id: Ifd8cb77f1225b84b9eaccfb0cc23c9c413c6e77b
Reviewed-on: https://code.wireshark.org/review/37901
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix the composite tvb handling for zstd decompression in the same way as
we already did for lz4 and snappy.
Allocate the composite tvb only if we are cetain that data will be added
to it. Do not free the composite tvb ourselves, leave this to epan cleanup.
Change-Id: Iac74ea6e6d220b05858a7eb267276ff983b1b2ab
Reviewed-on: https://code.wireshark.org/review/37900
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If41dadf39694c0046a36ea6eaf819156f0cf5dc3
Reviewed-on: https://code.wireshark.org/review/37902
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
sshdump can now be copied in multiple instances. Each instance will
show up a different interface and will have its own profile.
This will help users connecting to different hosts. Instead of changing
profiles, sshdump can be cloned, and each instance will be used for a
single host.
Change-Id: If4fb42cf78021c6f16213ae91cbf41ec7f61ca77
Reviewed-on: https://code.wireshark.org/review/37883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
First, remove the unnecessary M_UNION there, and handle Fixed Allocation
Parameters are per older version of spec TS 44.060 with usual presence
bit + struct. The coding of the struct is left unimplemented as an
exercise for someone needing it in the future (since it's not supposed
to be used by current specs anyway).
Once this is cleared up, the rest of the message (Release 99 Additions)
are parsed fine.
Tested with a pcap trace containing a Pkt Ul ACK/NACK with R99 additions
and TBF_EST inside it.
CSN.1 Reference: 3GPP TS 44.060 Table 11.2.28.1
Change-Id: Ie22e99abdbc2bb3988e7a1930d459ba810a348ac
Reviewed-on: https://code.wireshark.org/review/37776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>