Add items for major type, additional information and lengths.
Create an entry for each element which contains the header details.
Change error handling from returning a proto_item to return a boolean.
Change naming to Indefinite length instead of Undefined length.
Dissect "break" using dissect_cbor_float_simple_data().
Add supports for exporting objects transferred
over FTP. The max size for files to be
exported can be configured via preferences,
and is unlimited (0) by default.
The server may push the following messages to the client:
ClustermapChangeNotification - If the client asked for it via
a hello flag the server will push out notifications to the
client when the topology changed
There are also a few "internal" messages which are used
between various components on the server:
Authenticate - Try to authenticate the externally defined user
ActiveExternalUsers - Push the list of active externally
defined users.
GetAuthorization - Request the authorization profile for the
given user.
* link multiple transfers to commands
* link multiple transfers to transfer requests
* link multiple transfers to each other (prev and next)
* track offset of each transfer
* display offset of each transfer.
Dissection of payload is enabled by default. If it is disabled the user gets a
hint.
Corrected some typos.
Intention: It is very confusing for non expert users of wireshark when some
major protocol features are disabled by default.
When desegmenting TCP, we only want to call subdissectors when processing
the last segment. With encapsulation, TCP might appear at more than one
layer in the frame, so check that the layer number of the last segment
matches the current layer number too, just like in
process_reassembled_data()
When there is more than one TSP in a frame, the fragment at the
end of one TSP and the first fragment in the next have the same
layer number as well as frame number. So use other information
about whether we have the last fragment to avoid calling subdissectors
extra times (which can interfere with retrieving the packet analysis
proto data on the subsequent passes.)
Just have a single switch for all packetlogger packet types, with a
routine doing the common code for all packets treated as Bluetooth H1
interface packets.
This means that unknown types are never handed off to the Bluetooth H1
interface dissector; it is probably best not to hand it to that
dissector, as the packet might not be a Bluetooth H1 interface packet.
This also fixes the setting of bthci.sent, which is a gboolean that
should be TRUE for sent packets and FALSE for received packets, which
means it should *NOT* be set to P2P_DIR_SENT for sent packets and
P2P_DIR_RECV for received packets - P2P_DIR_SENT is 0, meaning it looks
like FALSE, not TRUE. and P2P_DIR_RECV is 1, meaning it looks like TRUE,
not FALSE. (In practice, this doesn't appear to matter, as the only
places that look at bthci.sent look it it *before* the packetlogger
dissector is called, but it's better to do it correctly, in case
anything else *does* end up looking at that field after the packetlogger
dissector is called.)
Use a dissector table instead of manually managing an array of dissector
handles with a hardcoded size. This also prevents a buffer over-read
from unexpected payload format values (either in a later version of
the protocol or just malformed data.)
Add value strings and units as appropriate from ETSI TS 103 221-2
V1.1.1. (The dissector still needs to be updated to V1.4.1)
Also change the XID field to a FT_GUID, as it is a version 4
UUID per RFC 4122.
IEEE 802.11 SSID fields are officially unspecified encoding but
probably UTF-8 (and likely ASCII, with which UTF-8 is backwards
compatible), unless the Extended Capabilities bit indicating that
it's *definitely* UTF-8 is set.
Get the SSID bytes as a raw byte string without any encoding
validation for sending to Dot11Decrypt, and add it to the tree
as a FT_BYTES with BASE_SHOW_UTF_8_PRINTABLE, which does the
right thing most of the time, and more often than now. In practice
this does most of #16208.
To really finish the job, the Extended Capabilities bit needs to
be checked, but not only does that bit come in a later tagged element
than the SSID, it's not necessarily sent, and for Responses we'd have
to track if the bit was set in a corresponding Request in the same
conversation. However, it's not clear that any drivers actually do
set the bit. (In all the captures I've seen with UTF-8 or even non
ASCII/non UTF-8 SSIDs, the bit was unset.)
Add a separate menu for Strip Headers (similar to Export PDU, but exporting
to an encapsulation other than WIRESHARK_UPPER_PDU everything for
that encapsulation). Add to the usage output of tshark for the "-U"
option which encapsulation a export tap will produce.
Allow export PDU taps to be registered with a wiretap encapsulation
instead of always using WTAP_ENCAP_WIRESHARK_UPPER_PDU. This allows
creating normal capture files that aren't tied to wireshark without
having to do a "editcap -C -L -T", as well as creating files in
formats other than pcapng and pcap with tshark.
Provide a couple sample implementations in Ethernet (WTAP_ENCAP_ETHERNET)
and IP (v4 and v6, WTAP_ENCAP_RAW_IP) that are the most common use cases.
(I can imagine a few others; WTAP_ENCAP_MPEG_2_TS could probably be
useful, for example.) Fixes#15141
Correct spelling of from Queueing to Queueing.
This fixes issue #17943.
Note that other instances of "Queueing" are
kept because it's technically a correct spelling,
but here it's the name of the protocol.
Let's do what's done for u8, which looks far more sane.
Fixes following gcc 11.2.0 warning:
"""
epan/dissectors/packet-csn1.c:913:17: warning: ‘ui16’ may be used uninitialized in this function [-Wmaybe-uninitialized]
913 | memcpy(pui16, &ui16, 2);
| ^~~~~~~~~~~~~~~~~~~~~~~
"""
1. The fixed size of a Couchbase header is 24 bytes (not 12)
2. The "overflow detection" won't work as the test would wrap.
In addition to that the (current) version of the server will
drop a connection if it encounters a frame bigger than 30MB
and the biggest "legal" packets are currently less than 21MB.
Return NULL when an item with length zero or lower -1 is added to
the tree.
With this the calling dissector doesn't have to check the length and
there is no Dissector bug reported.
Related to #17890
A packet in the Couchbase protocol looks like:
Byte/ 0 | 1 | 2 | 3 |
/ | | | |
|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|
+---------------+---------------+---------------+---------------+
0| HEADER |
| |
| |
| |
+---------------+---------------+---------------+---------------+
24| Frame specific extras (only set if magic and length in the |
| header say so) |
+---------------+---------------+---------------+---------------+
x| Ccommand specific extras |
| (note length in the extras length header field) |
+---------------+---------------+---------------+---------------+
y| Key (as needed) |
| (note length in key length header field) |
+---------------+---------------+---------------+---------------+
z| Value (as needed) |
| (note length is total body length header field, minus |
| sum of the other sections above) |
+---------------+---------------+---------------+---------------+
This patch change the dissector to call a separate function to
print each section (instead of a single function).
The motivation for the patch is to make the code more readable
as each of these fields may have multiple formats (depending on
the value in the magic field). Currently only the client initiated
packets are implemented in the dissector, but in certain cases
the server may push messages to the client with a different magic
which use another namespace for the opcodes and would be a lot
easier to implement with this refactor)