From Johannes Berg with changes by Richard Sharpe to make it easier for
people to add support for RADIOTAP Header TLVs in the future.
Change-Id: I66d69cbe16740abce1e75ca1e789a2034283306b
Reviewed-on: https://code.wireshark.org/review/36057
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
File names can be longer than 256 bytes and still be sane. Fixes
filenames being reported as "[unknown]".
Change-Id: I3425d3106cf6ef63e298c2e73a063a207a4d4aea
Reviewed-on: https://code.wireshark.org/review/36045
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
MPSSE response data and chip specific command parameters are not
dissected yet.
Ping-Bug: 11743
Change-Id: If783ef4580d0f8862419a249191f24521e316271
Reviewed-on: https://code.wireshark.org/review/35961
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In captures of LDAP Privacy (encrypted) data, the dissector
threw Malformed errors because had it attempted to decode
encrypted payloads. See attached example capture
"PRIVACY-payload-(encrypted-data).pcap" at
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16358
Bug: 16358
Change-Id: Ic6d74d464157b145896090316ba73af025af7312
Reviewed-on: https://code.wireshark.org/review/36038
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previous code did not properly decode protocol (Object dictionnary is not always sent). All changes comply with CANopen DS301 freely available on the web.
Change-Id: Ibaae09af0f1a5300a323a9c94077d1fb7dadd560
Reviewed-on: https://code.wireshark.org/review/35558
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Significantly increased readability of the code, speed of work
and reduced size of the consumed memory.
- The number of memory allocations has been reduced from N to a few
- Removed double (redundant) data copying
Change-Id: I05aed194932ed3305eefb6e2e0f847e57851c41c
Reviewed-on: https://code.wireshark.org/review/36026
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The code was not properly corrected and a confirm result would show
a malformed packet because two bytes were not accounted for.
Change-Id: Ibc2f14ec46b0d63401d8d3b3768b032ed9b12e56
Reviewed-on: https://code.wireshark.org/review/36028
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After feedback from the WFA and checking tables 9-3 and 9-6 in
IEEE802.11-2016 and testing this is more correct.
Change-Id: I26e65046610d887b2bcdac6caa8b4665eb2f6e20
Reviewed-on: https://code.wireshark.org/review/36018
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
With SAE there is a need to handle the anti-clogging token.
Tested with test cases from WFA.
Change-Id: I5bad92677481bc45b7bd10b526aa6a44c200ce17
Reviewed-on: https://code.wireshark.org/review/36019
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This allows higher-layer file or protocol dissectors to dissect the file
contents. Note that there are currently no dissectors that do this in-tree,
but an example of how to do this is at:
https://github.com/Roman-Koshelev/Arinc-615a-Wireshark-Dissector.
Bug: 16069
Change-Id: I88236175128efd0f6d474218dd117f5b0ca1fae9
Reviewed-on: https://code.wireshark.org/review/35553
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
IKEv2 added the critical flag to all payloads except payloads and
transforms. The dissection code just checked that it was looking at
IKEv1 but missed a check for proposals and transforms.
Bug: 16364
Change-Id: Ia9297af039fddf2da81f9712fdf7ac165fb2d86d
Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Reviewed-on: https://code.wireshark.org/review/36009
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The formatting, tab/space indents, brace location, alignments,
binpacking etc... were wildly inconsistant in this file. It
made it hard to update without introducing unintentded changes
and difficult to read.
I've cleaned up most of the whitespace inconsistancy. I can't say this
is absolutelty complete, but should be the majority. Some deviation
may occur in the intrest of readability, and I expect future changes to
favor readabilty as well.
As I'm starting a process to clean-up this dissector and improve on
remnants left over from its coversion to a built-in from a plug-in, I'm
starting with a whitespace-only commit that funcional changes can base
from.
Change-Id: I2eb0aca8860c2e91daf103b760461b928873a92b
Reviewed-on: https://code.wireshark.org/review/36003
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that the NR RRC dissector has all its logical channel dissectors
available, its time to call them.
Change-Id: I5f00552af49ef84d187da0c8a4f5850c7e7831fb
Reviewed-on: https://code.wireshark.org/review/36004
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The unencrypted padding after the client Initial Packet was interpreted
as a short header packet. At that point, the TLS dissector has not
encountered the Server Hello yet and was not able to provide decryption
secrets. The QUIC dissector wrongly assumed that decryption would never
be possible from that point on.
Add a comment to clarify why decryption was skipped, and avoid treating
the zero padding as Short Header (SH) packets to fix decryption.
Alternatively, the short header dissector could try to validate the DCID
in SH packets, but that might result in failure to dissect legitimate SH
packets when the handshake packets are missing.
Ping-Bug: 13881
Change-Id: Id20eb23c976226cb3ef78ac91f25a291f94dc805
Reviewed-on: https://code.wireshark.org/review/36000
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Now that the NR RRC dissector has all its logical channel dissectors
available, its time to call them.
Change-Id: Id59da5af1bca3654f3c5fca5c81ce664454d4f1e
Reviewed-on: https://code.wireshark.org/review/35999
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Since draft 22 the CID length ranges from 1 - 20 instead of 4 * 18.
Firefox 74.0a1 happened to send a SCID of 3 bytes which resulted in
failure to find the connection for short header packets.
Ping-Bug: 13881
Change-Id: Iacff6ea215fd27861d196bc831991be7e4450419
Reviewed-on: https://code.wireshark.org/review/35993
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
We don't yet know what they mean, but we can dissect their TLV
structure from protocol traces.
Change-Id: Ib532e52b686cfd56502de807a60873a9570e5372
Reviewed-on: https://code.wireshark.org/review/35981
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
So far, DEI 0xa8 .. 0xab has not been named nor interpreted. Now we
understand this part better (thanks to Sylvain Munaut), let's add
our knowledge to the wireshark dissector wit this patch.
Change-Id: If6d0927edc9dc9d038355466e2659b1206b81f1b
Reviewed-on: https://code.wireshark.org/review/35980
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The go test suite for crypto/tls produces a status_request extension
with "dummy ocsp" as extension data. That triggers a Malformed Packet
exception and breaks dissection of the following data.
Fix this by skipping OCSP dissection when disabled.
Change-Id: I9deb4385862503656e6ff316b36c2b55e6903279
Reviewed-on: https://code.wireshark.org/review/35989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In the old version, 1 conversation was used for all TFTP exchanges.
(provided that they had the same ip addresses and ports)
Change-Id: Ie19f8a36d1605fdfc66db3cc94a3206a31cd6515
Reviewed-on: https://code.wireshark.org/review/35476
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Dissection of all new HCI commands and events added in
the newly released Bluetooth specification version 5.2.
Bluetooth Device Dialog updated to also show ISO buffer
size and amount.
Change-Id: I3a459760cbe5f6c4f985621cee40dbbe5e473d39
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/35957
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for explicit curve parameters according to RFC 3279. This
allows an exploitation attempt of CVE-2020-0601 to be detected through
the pkcs1.specifiedCurve_element filter name. Be aware though that the
certificate is encrypted in TLS 1.3, so a negative match does not imply
that no exploitation has happened.
While these definitions are technically not part of PKCS #1, the
PKIXAlgs module is part of the pkcs1 dissector for historical reasons.
It probably makes sense splitting it into a separate pkixalgs dissector,
but that would result in field name changes. Defer that for now.
Bug: 16340
Change-Id: Ia9d47a8337d6246f52983460580310b12e5709cf
Reviewed-on: https://code.wireshark.org/review/35986
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The old URL was gone and the JSON scheme has changed, so update the
generator accordingly.
Change-Id: I52ae27c7fc7dc0100e8abaa7b95b1769a7413bc6
Reviewed-on: https://code.wireshark.org/review/35983
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This could help diagnosing early implementation errors using
https://github.com/marten-seemann/quic-interop-runner
Tested with capture files based on sample provided by Marten Seemann:
1. Valid Retry packet should not add the "quic.bad_retry" field.
2. Mutated, invalid tag: "Retry Integrity Tag verification failure"
3. A missing Initial: "Cannot verify Retry Packet due to unknown ODCID"
As side-effect, the connection tracking code can now distinguish between
a connection where the server sent an empty SCID and a connection where
the server did not send an Initial.
Bug: 13881
Change-Id: I972acd680b1becc9fb7b9e002b400886a06bc828
Reviewed-on: https://code.wireshark.org/review/35978
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There is a good chance that the required information is still
valid even with a wrong FCS.
Change-Id: I244b2b4a857b7cefd1f4ef22eb151d5ac3ee4133
Reviewed-on: https://code.wireshark.org/review/35953
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Microsoft 'variation' of RFC 3004 causes a '[Malformed Packet]' when the
"User Class Length" (dhcp.option.user_class.length) exceeds the total length
of the DHCP option 77 User Class Option (dhcp.option.length) because it is a
character and not a length field.
This stops the dissection of the rest of the DHCP packet, including the Vendor
class identifier when containing "MSFT 5.0" indicates the Microsoft variation.
A simple fix is to treat dhcp.option.user_class.length >= dhcp.option.length
as a non-conformant (text) option.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/fe8a2dd4-1e8c-4546-bacd-4ae10de02058
Bug: 16349
Change-Id: Ia7b90302efd0b84eb508db35a3b246142bf66510
Reviewed-on: https://code.wireshark.org/review/35962
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The resulting ambiguity between EVS Primary 2.8 kbps and EVS AMR-WB IO
SID frames is resolved through the
most significant bit (MSB) of the first byte of the payload. By
definition, the first data bit d(0) of the EVS Primary 2.8
kbps is always set to 0. Therefore, if the MSB of the first
byte of the payload is set to 0 (see Figure A.2), then the
payload is an EVS Primary 2.8 kbps frame in Compact format. Otherwise it
is an EVS AMR-WB IO SID frame in
Header-Full format with one CMR byte.
Change-Id: I16733698e49ea3651f775b774b59569cfa1c89a1
Reviewed-on: https://code.wireshark.org/review/35976
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue found by Marten Seemann (on QUIC Slack)
Change-Id: I4b50bae48373758253f21b371025d87d901c0a1d
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/35973
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Final changes for draft -25:
* Update Retry Packet dissection.
* Rename idle_timeout to max_idle_timeout and remove the
TransportParameterId enum that was removed in the spec. Originally the
spec changed it into a varint, but this was reverted to uint16 before
the draft was released. To keep the description short, the original
TLS-style formatting was maintained instead of using ASCII art.
Change-Id: Id72df59de128ab5028727abbbb01c585ec284809
Bug: 13881
Reviewed-on: https://code.wireshark.org/review/35963
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
OM2000 is not only used for the venerable RBS2000 family, but also
for the more modern RBS6000 family, specifically the DUG 20 GSM
baseband unit.
In RBS6000, there are some protocol extensions which are not yet fully
understood. However, we are understanding some bits around the MCTR
(multi carrier transceiver?), a new MO that appears to be present for
every physical RUS (Radio Unit) attached to the DUG 20.
Let's add what the Osmocom developers have learned so far.
Change-Id: I8027160611a9c33f86945aaa61d9aa1178c3e87c
Reviewed-on: https://code.wireshark.org/review/35960
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Describe what sample size == 0 means.
* Show an index next to each table entry.
* Table indices start from 1 according to the specification.
Change-Id: I106188051e6618c3b85fa4945facfe4fedd1987b
Reviewed-on: https://code.wireshark.org/review/35937
Reviewed-by: Anders Broman <a.broman58@gmail.com>