Microsoft reshuffled their documentation - almost all of it moved from
msdn.microsoft.com to docs.microsoft.com. Some blogs moved to
devblogs.microsoft.com; the comments *didn't* move, so in one case we go
to the Wayback Machine - the link isn't dead, but it formats horribly,
at least on my browser, but the archived version formats OK.
Use the Wayback Machine for some URLs, and update others.
Update the sections for MS-ADTS.
Point to the HTML versions of some RFCs and I-Ds.
Change-Id: I344b20f880de63f1ae2a4e3f9ff98af78a7fe139
Reviewed-on: https://code.wireshark.org/review/34101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissect raw USB Packets. The actual USB packets to transaction conversion
(which is needed to pass the data to existing USB URB dissector) is not
implemented yet.
Ping-Bug: 15908
Change-Id: Ia75d58882d770fdd8650622d318241743069ad8f
Reviewed-on: https://code.wireshark.org/review/34006
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's broken, unmaintained, poorly implemented and obsoleted by saner
debug-info methods.
Note: To do the compliance check properly would require much more
extensive work to clearly define public and private interfaces (without
manual bookeeping of files or symbols either, of course, because who
would want that...).
Change-Id: Ib801f3c152ca2369f95ca1f4af4d37cd8cc7c47a
Reviewed-on: https://code.wireshark.org/review/33928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
It's preferable to parse text files and generate packets on demand,
rather than generate a temporary PCAP file and dump all available
packets into it.
Parsing on the fly has a benefit of handling damaged files up to the
point of damage, while the approach with a temporary file doesn't
allow either to report that the original file is damaged or perform
conversion in the first place.
This version works faster than the previous one.
Command:
time ./run/tshark -r ./candump-2019-07-01_111120.log.gz > /dev/null
The test file is attached to the bug 15889
The current version:
real 0m0,597s
user 0m0,533s
sys 0m0,118s
The previous version:
real 0m2,176s
user 0m1,966s
sys 0m0,100s
Bug: 15889
Change-Id: I862ce47752531c2e9d9459f5d865c1fc08f32fea
Reviewed-on: https://code.wireshark.org/review/34007
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
candump_open() may be called with non-empty error code and string.
The error code is not reset upon success in run_candump_parser() which may
mislead the caller function thus affecting opening the file.
yy_fatal_error(), yy_alloc(), yy_realloc() and yy_free() make no use
of the yyscanner argument, which results in warnings on OSX.
In order to get rid of those warning we provide our own
implementations of memory allocation functions and hack
YY_EXIT_FAILURE macro in order to pretend using the argument.
Change-Id: I672d374b26970b2699b9d789b6118e97ba660bdf
Reviewed-on: https://code.wireshark.org/review/33892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Include string.h to fix implicitly declaring library function
'memcpy' with type 'void *(void *, const void *, unsigned long)'
Change-Id: Ia6796f1966db606f946e0935ed0e5b70702c88c9
Reviewed-on: https://code.wireshark.org/review/33891
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change adds ability to import text logs produced by the candump
tool.
E.g.: candump -L can0 -or- candump -l can0
The whole file is read and converted into a temporary PCAPNG file with
Exported PDU packets containing SocketCAN frames.
Bug: 15889
Change-Id: I5ad93dca96d6e955a4b21cf624f0553e60f060f6
Reviewed-on: https://code.wireshark.org/review/33800
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It takes a yyscan_t as an argument, not a pointer to a yyscan_t; a
yyscan_t is a pointer to the scanner state. (A pointer to it is passed
to the init routine so that it can be set to point to the allocated
state, not because it's a structure itself.)
Change-Id: If80ca1caaa07d8a966df8d07f989b722869ac58b
Reviewed-on: https://code.wireshark.org/review/33814
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Lexer private structure is initialized but never destroyed or reused.
Change-Id: I61d43b4cb14a2d3b3706267eb393e4562adb00f9
Reviewed-on: https://code.wireshark.org/review/33809
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We were using fields in the pcapng_t that weren't set yet to report the
version number in question; use the variables we were checking.
Change-Id: Ib03bafe62d8c7b1aa54b2ef22640e3b00722142a
Ping-Bug: 15862
Reviewed-on: https://code.wireshark.org/review/33671
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There may need to be more of these.
Bug: 15740
Change-Id: I5d3a97ed50d66dfcb85df0ab7053e8a44c531134
Reviewed-on: https://code.wireshark.org/review/33280
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This value is used when checking if the file was generated on a
machine with different endianess. The error message changes from
"Unrecognized pcapng format or not pcapng data."
to
"dumpcap: Interface 0 is big endian but we're little endian."
Fix dumpcap.c and pcapio.c.
Ping-Bug: 15754
Change-Id: I3a31f873f01bcb3f1324410e70f29f285e56c715
Reviewed-on: https://code.wireshark.org/review/33274
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use the local one *only* while we're trying to determine whether we have
a pcapng file or not; once we know we have a pcapng file, and have
allocated a pcapng_t and attached it to the wtap structure, pass *that*
one to pcapng_read_block(), so if it changes anything in the pcapng_t,
it changes the one we're using.
Change-Id: I53b32595276be97957a0b6056171471878fa40c4
Reviewed-on: https://code.wireshark.org/review/33226
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wth has been already checked in line 315.
Change-Id: Ib620e0b1e9262e5344feb934b024f7817cfda6fd
Reviewed-on: https://code.wireshark.org/review/33178
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is no FCS length information for a pcapng file; there's FCS length
information for each interface.
Change-Id: I3abb1a35b28475aa3ad6f126060140d0a524bbca
Reviewed-on: https://code.wireshark.org/review/33215
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit c599e49028.
Reason for revert: This completely fails to recognize Unicode iSeries dumps.
Change-Id: Ie31141879b1bc3608a5dfdcba6887bb6f0018a47
Reviewed-on: https://code.wireshark.org/review/32568
Reviewed-by: Guy Harris <guy@alum.mit.edu>
209 is LINKTYPE_IPMB_LINUX; add _LINUX/_linux to the WTAP_ENCAP_ name
and function/structure names, to clarify that it's not I2C in general,
it's I2C with a particular pseudo-header.
199 is now LINKTYPE_IPMB_KONTRON, not LINKTYPE_IPMB, as it doesn't have
raw I2C packets, it has I2C packets with a pseudo-header. Change the
WTAP_ENCAP_ name, and add a dissector for it.
Change-Id: Ie097f4317b03d2b2adfd9b81a4b11caf6268399e
Reviewed-on: https://code.wireshark.org/review/32539
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's what they are, and that's how other code in erf_open() treats
them; just use assignment to initialize prevts and to set prevts to ts.
Maybe this will keep the Clang static analyzer from calling prevts a
garbage value when compared with ts.
Change-Id: I2ee2376ced5c3efa6beab34276009a3177c94416
Reviewed-on: https://code.wireshark.org/review/32455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That made PACKET_DESCRIBE() do nothing, causing warnings from the Clang
Static Humiliator.
Change-Id: I6f433cd193b6398d89038e95c7bf5deb24aa186d
Reviewed-on: https://code.wireshark.org/review/32437
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move the read out of nspm_signature_version(), to make it a bit clearer
what file I/O we do in the open process; have nspm_signature_version()
just look for a signature in a single page.
In the loop in nspm_signature_version(), make sure we have enough of the
record header to look at the type and length fields in that header
before looking at them and, when we can look at them, make sure the
length of the record 1) fits in what remains of the page we're looking
at and 2) is big enough to be the length of a signature record.
Change-Id: I7d625859136e6f39c40b166067fc7efea806d9b0
Reviewed-on: https://code.wireshark.org/review/32426
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix more crashes found in the provided bug report.
Bug: 15497
Change-Id: If84498fa879ad56c8677f8c1442a8dc0e5906003
Reviewed-on: https://code.wireshark.org/review/32333
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When testing the signature field against a given version's signature:
we require that the signature field's size (size, not C
null-terminated string length) be at least the size of the
signature string (otherwise, it can't possibly match);
we check to make sure that the first N bytes of the signature
field, where N is the size of the version's signature string
(not including any terminating '\0' in that string), match the
version's signature string.
I.e., we require that the version's signature string is a prefix of the
signature string in the file.
This does not require that the signature string in the file be
null-terminated.
It also doesn't allow the file's signature string to be a substring of
the version's signature string, as that's *NOT* sufficient to identify
the file as a NetScaler trace file, especially if we forcibly
null-terminate the file's signature string and we trucate it to be
zero-length, as, in that case, it's *always* a prefix of the version's
signature string, and the file is incorrectly identified as a NetScaler
trace file.
(While we're at it, we make the nspm_signature_isvXXX() routines return
true if it *is* and false if it *isn't*, rather than the reverse; having
a routine with a name containing "is", and not "isnt", return true if it
*isn't* is confusing.)
Change-Id: I3694773a71b8b63d280e42f146698c82a0f0c332
Ping-Bug: 15601
Reviewed-on: https://code.wireshark.org/review/32403
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We're defining it now based on whether there's an st_blksize member of
struct stat. We're currently testing _STATBUF_ST_BLKSIZE, but that's
not guaranteed to be defined on platforms that have an st_blksize member
of struct stat (it's not defined on macOS, for example).
Change-Id: I4e6011a7668da94cf1ca6328e29c50924dd1d8b0
Reviewed-on: https://code.wireshark.org/review/32381
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Libpcap's done that for a while; we should do so as well.
(Ideally, we should use those bits, but there's an issue with pcapng,
where the FCS length in the IDB is described as being in units of bits,
but where we're treating it as being in units of bytes, that I'd like to
resolve first.)
Change-Id: Ibcb82f1dcaa8baae5bba55636cea8852a6af814e
Reviewed-on: https://code.wireshark.org/review/32303
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That tells then what name they *can't* use for their file-type plugin,
because it's already a built-in file type name in Wireshark.
Change-Id: Ibbbfda21e1109cf46275008a46b8ea65c8fcf4b5
Reviewed-on: https://code.wireshark.org/review/32291
Reviewed-by: Guy Harris <guy@alum.mit.edu>
New link type for IEEE 802.15.4 with pseudo-header and optional
meta-data TLVs, PHY payload exactly as it appears in the spec (no
padding, no nothing), and FCS if specified by FCS Type TLV.
Specification at https://github.com/jkcko/ieee802.15.4-tap
Bug: 15429
Change-Id: I67bd154891ad5818be9a1630aa5cbb863b55509a
Reviewed-on: https://code.wireshark.org/review/32141
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Multiple bugs have been found in the provided bug. Some of them have
been fixed in gefe920a, others here. The main problem is when malformed
files give wrong lenghts to the code, that casts and dereference it
without checking, causing oob reads. The fix introduces a check function
that prevents to go beyond the limits, early returning with a malformed
file message.
Other bugs have been fixed by forcing the string terminator that allows
the use of strlen() and MIN() that prevent wrong reads.
Bug: 15497
Change-Id: I8411208b5ea0f1a0720a17b882f704d03296d1c4
Reviewed-on: https://code.wireshark.org/review/32194
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When reading a malformed packet, it can occur that we go close to
the end of the buffer. We need to check if we have 2 bytes before
reading a uint16.
Bug: 15497
Change-Id: I2b00f44933ca11b925ffbf05b9855684feebcda5
Reviewed-on: https://code.wireshark.org/review/32028
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add macros to extract the direction, reception type, and FCS length
fields of the pack_flags field, and add definitions for different
directions and reception types.
Add a macro to construct a pack_flags field value from subfields; this
is for use by non-pcapng file readers (the pack_flags field is just a
copy of the EPB flags option, so that's not needed for pcapng).
Move some #defines for that field from packet-frame.c to wtap.h, and
rename them to match the new macros.
Use the macros rather than rolling our own code.
Fix a variable name in text2pcap.c that apparently had the wrong name,
given the value that was being tested.
Change-Id: Ia788ca4e9f5fabd8d24e6ead5ff1817509f54827
Reviewed-on: https://code.wireshark.org/review/32010
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No UTF-8 patterns are in use. To avoid potential crashes on invalid
input, treat all lines as binary data in the dissector to match wiretap.
Change-Id: I10735c2246536fb4b2fdb9236cdbf7917d2e816c
Ping-Bug: 14905
Reviewed-on: https://code.wireshark.org/review/31938
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
User guides are installed to doc/Wireshark. Use doc/wireshark instead.
Remove leftover variable CPACK_PACKAGE_NAME.
Change-Id: I9a1d6bdc7d8f0b48c61e43679285d5ba83904a63
Reviewed-on: https://code.wireshark.org/review/31851
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
The two failure modes are 1) no byte has the low-order bit set, so we
didn't even find the end of the DLCI or 2) the byte at the end of the
packet has the low-order bit set, so that it's all DLCI with no control
byte after it.
Expand a comment.
Bug: 15463
Change-Id: Ib76686391213dd56c06d665aa87a188621fe6816
Reviewed-on: https://code.wireshark.org/review/31828
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we found no bytes with the low-order bit set in the packet data,
there's no point in checking the non-existent "next" byte to see if it's
a HDLC-style UI control byte (0x03).
Bug: 15463
Change-Id: Ibfd186e5b81d8ce229362e23f00b31a27900831a
Reviewed-on: https://code.wireshark.org/review/31824
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris