Note that Windows Package Manager (winget) and Scoop exist, but don't
currently provide all of the packages we require.
Change-Id: I69f6958faec3454f37eda79e5b76d3e70d399555
Reviewed-on: https://code.wireshark.org/review/37320
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already know about the top level message type.
So we only need an autodetection for the TGS-REP.
We could also avoid that, but that would need state to
match TGS-REQ with TGS-REP.
But if we client used FAST and we got a strengthen_key,
we're sure an authenticator subkey was used.
Windows don't use an authenticator subkey without FAST,
but heimdal does.
For now try 8 before 9 in order to avoid overhead and false
positives for the 'kerberos.missing_keytype' filter in pure
windows captures.
Change-Id: If974dda735cd2aa5b1920c26309e5e2081723e4f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37299
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28bdf176818401c1e4e6ef15cf808e502fcf4989
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We already know a few details in order to avoid the autodetection.
This avoids overhead and false positives for the
'kerberos.missing_keytype' filter.
Change-Id: I8a15fa41d2a56df3fb26de046a401bf43a876b79
Reviewed-on: https://code.wireshark.org/review/37298
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's useful to see which decryption keys are missing!
The "kerberos.missing_keytype" filter can be used to find all of them.
It's also useful to see which key_map was is in used
and how many decryption attempts were tried.
This should also allow future optimizations in
order to avoid decryption attempts based on the usage
and more detailed key maps.
Change-Id: Ie0302454e29a65aa00ddac79839aac8ec63fa290
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37297
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently this is only available for MIT Kerberos, but it
should be possible to implement the same using
krb5_crypto_fx_cf2() from Heimdal.
Change-Id: Ic3327dfde770f9345485bf97e2ac6045b909b64e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36472
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This gives a useful overview.
Change-Id: I39aaa8cf5de6fa3788c674355675873f2212b78f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37292
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way we can avoid zero_private on the stack.
Change-Id: Iea7ed7e1cd6d0616b0e72aeff489549efd13e4f4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37291
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That makes it easier to match them.
Change-Id: I29b9d69415d82a1ea7df275a89a413c2fd460b1f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37289
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In incomplete streams the http2 dissector fails to display the content of
a data packet following a header with unknown fields as
reassembly_info->data_initiated_in is not set.
Change-Id: I754bdc92049124bcc722a25f8cf791e36f8f523a
Reviewed-on: https://code.wireshark.org/review/37311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For now we use kerberos_all_keys, but in future we may select the
map based on passed usage.
Change-Id: I1f29e97aa60a41be3694b75bc4353b3a5dae0eae
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37288
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will be used temporary in order to replace
enc_key_list until we maintain/use separate lists.
Note that this will use wmem_file_scope(), but it
will get the longterm keys filled in when needed.
In the long run, we'll use more detailed lists
and use optimizations depending on the key usage.
Change-Id: If654dcfbc9ec8742eadbbb82b97a23fe8403022d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37287
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Distinguished Name (AFI 17) is not a widely used address family, but
there is ongoing work in the LISP IETF working group to standardize its
use within the LISP control plane protocol. The encoding is quite
simple, it's just a zero-terminated ASCII string. Details can be found
in the following IETF draft:
https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding
A previous patch (https://code.wireshark.org/review/36892) added support
for DN in simple AFI usages. This patch add support for DN within the
LISP Canonical Address Format (LCAF) usage.
Change-Id: Ic2dbbd1e36e2eabb91202c04eb86fdf151fe9928
Reviewed-on: https://code.wireshark.org/review/37275
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "recent_common" description and update it and the "recent"
description. Update the "manuf" description. Alphabetize the lists of
configuration files. Update some markup.
Change-Id: I3d3cd451dbaa1778eb7dd841b162dff8c6ba99c1
Reviewed-on: https://code.wireshark.org/review/37310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Here it's enough to try longterm keys from the keytab.
Change-Id: I4d98fd7aa456c5cf2ca175cdcefc0ad1a4a8be2d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This will replace enc_key_list in the long run,
but will hold only keytabb entries, as that's what
the consumers outside of packet-kerberos.c are using.
Change-Id: Iba0436a0c1754232f0363cb1e9a905ac7c22986f
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37285
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the long run we'll remove enc_key_list and use a wmem_map instead.
Change-Id: I50a0a32eea4cb21bf2bcb5e97ed8eab6b847a75d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37283
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Populate the dynamic table with dummy entries to ensure that nghttp2
will continue even if previous headers were missing (for example, due to
the capture starting in the middle of a plaintext h2c connection).
Bug: 16496
Change-Id: Ifb2fd4c6b8f3f93babed42e1f803048a695b23e9
Reviewed-on: https://code.wireshark.org/review/37278
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Report case 2b from https://tools.ietf.org/html/rfc7413#page-6 where the
server drops the data and sends a SYN-ACK acknowleding only the SYN
sequence number. Tested with tfo.pcapng from the linked bug.
Bug: 16559
Change-Id: Ia03b923f8192f025e2e81716e615d49db4bafe91
Reviewed-on: https://code.wireshark.org/review/37161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The function used to search for an SA allocates one entry if none
exists. Searching for an SA is done in many places including on
packet decryption. In practise this means for every encrypted packet
with unique STA/BSSID an SA is allocated. This is a waste both from a
memory and performance point of view but also a limitation as with
the old static array SA storage decryption would fail when max
number of SAs is reached. i.e. decryption would fail for captures
with more than 256 unique STA/BSSids.
Separate the searching for SA entries and allocation of new SAs to
avoid allocating unnecessary SA entries.
Change-Id: I7ddc9ac4bad5d69e273f97f8f8fb38d34b59a854
Reviewed-on: https://code.wireshark.org/review/37308
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simplify the SA storage by replacing the static array with a
hash table. This way there's no need to keep track of whether
an entry is used or not and no need to traverse the whole
array for the non-matching case. This change should benefit
performance but was mainly done to prepare for coming changes
where code adding and searching for SA entries is modified. With
this change in place those changes become cleaner.
Change-Id: Ide572c5e4e7e872f1654d8d8f288cd6451f04435
Reviewed-on: https://code.wireshark.org/review/37307
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The function tracing functions DEBUG_TRACE_START/END are only
used in a few functions and START/END often don't match making
them unreliable. Remove these macros and their usage as it
clutters code without adding any useful debug capabilities.
Change-Id: I7ea214c07ba1f35cc546942b5d4737f5752d20a7
Reviewed-on: https://code.wireshark.org/review/37306
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove some unused defines, function parameters and functions.
Change-Id: I1bbc3ff7e0a9d11e8521ddf24b35113d8e332f08
Reviewed-on: https://code.wireshark.org/review/37305
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In Create Session Request generic IE Millisecond Time Stamp is
Origination time stamp.
Change-Id: Ib033d56bc9995903973837c56f1a3ec7c62c3663
Reviewed-on: https://code.wireshark.org/review/37303
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With AES-256 we need 32 bytes, there's no need to use allocated memory.
Change-Id: Ibbb99523c00f167d0b4dce95f038707855964bde
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37282
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The id is relative to the frame number, -1 means "keytab".
A key with a lower value means it was learned before
a key with a higher value.
This will make it easier to match keys, between learning and using.
Change-Id: I7b44626b4724dbd541c4702e3b9aa9350d809b08
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the MIT/Heimdal case we'll add much more details in future,
this step just passed down the required information.
Change-Id: I8c2ef732a66ca63931ee0481952014b6c460e0d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37273
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This constructs more more useful origin names.
It also allows specific handling of each key type in future.
Change-Id: Ife959a39a0e5b3ef806c6f34f66128732b64536e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37272
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The 8 combinations of the display address, control, and tag were being
handled as 8 separate cases in `dissect_display_switch()`. This resulted
in duplicated, inconsistent code. Some paths resulted in bug #15219
while others did not have this problem.
I believe I have been able to combine them all into a single case branch
which handles each aspect correctly. I am not a UNISTIM expert and
welcome more knowledgeable reviewers.
Bug: 15219
Change-Id: Ie3eee8e19c10daab27c1df599ce0d03b52f69205
Reviewed-on: https://code.wireshark.org/review/37190
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Run doxygen -u to update doxygen config
file from 1.8.14 to 1.8.17. This update
removes the now-obsolete PERL_PATH and MSCGEN_PATH
configuration values so that an error isn't
displayed when building the doxygen docs.
Change-Id: I5ba815588bdc43592c03f826adfb486a32e3fb52
Reviewed-on: https://code.wireshark.org/review/37277
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It makes it easier to see what is actually decrypted.
Change-Id: I6c1378f93d32dc31cedc6d901069fa9c30438d61
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37269
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initialize err in capture_loop_init_output, as caught by both clang's
scan-build and Visual Studio's code analysis. Initialze err in
capture_loop_init_pcapng_output to match.
Move another variable to the code block in which it is used.
Change-Id: I0306ae6a02a02a8e1ebda89b7c574a7cae01b68f
Reviewed-on: https://code.wireshark.org/review/37274
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
* Add new initial_source_connection_id and retry_source_connection_id
transport parameters for authenticating connection IDs.
* Rename original_connection_id to original_destination_connection_id.
* Rename max_packet_size to to max_udp_payload_size.
* Add new APPLICATION_ERROR transport error code.
Bug: 13881
Change-Id: I45c92e10a42fa8f8849b4c9f7b36b93870760173
Reviewed-on: https://code.wireshark.org/review/37262
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Give a new URL on LiveAction's Web site; that version speaks of both
Aruba and Cisco access points together.
Change-Id: I122441531081ceebff6fb6c865da8d898209d2cf
Reviewed-on: https://code.wireshark.org/review/37267
Reviewed-by: Guy Harris <gharris@sonic.net>
That URL is now dead - Wildpackets is now (part of) LiveAction.
Change-Id: I2dea461fa6e97034d9070cef397038bf606de98b
Reviewed-on: https://code.wireshark.org/review/37263
Reviewed-by: Guy Harris <gharris@sonic.net>
Added range_string for Operating Indicator Class
information to support Hotspot 2.0 ANQP messages
Bug: 16568
Change-Id: I98db7aed00703cf329d5a96d317bdf655a0f3dcd
Reviewed-on: https://code.wireshark.org/review/37245
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adding Hotspot 2.0 ANQP Connection Capability Information
so the IP protocol and port assignments show up in the GUI
based on the Hotspot 2.0 documentation and implementation details.
Bug: 16569
Change-Id: Ic3e26e04c5d48269d59b6604b125569328c82faf
Reviewed-on: https://code.wireshark.org/review/37246
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adding ANQP Type 280 - Network Authentication Type
Information with Timestamp per IEEE 802.11-2016 standard
and adding fields required for timestamp values.
Bug: 16570
Change-Id: Ifbe5d8abc40fcb543c2abaa7478d5feaae2f7945
Reviewed-on: https://code.wireshark.org/review/37247
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
IVIM decoding fixed where RSCUnit subtype with PER visible constraint is used, e.g. RSCUnit(0..1)
Change-Id: I2c15ef70ed9d89875737dd01769f6f882215276d
Reviewed-on: https://code.wireshark.org/review/37192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- the DEB bit no longer exists
- the EPS parameter highlight was off by one
Change-Id: Ic2abf827a2d70babab7854f339964a6535c73c53
Reviewed-on: https://code.wireshark.org/review/37243
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Gerald Combs