Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I3ac2e2b6a1ed7621f65f1a98e8b7b3704e8b299d
Reviewed-on: https://code.wireshark.org/review/34481
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update build-in vendor ID list with last years additions.
Change-Id: I1916e160f6bcea5e94ce203b50f4a27a6ca1d261
Reviewed-on: https://code.wireshark.org/review/34460
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix linking of new Initial packets after a Retry packet in case the
client Initial packet has an empty SCID. Update a comment to drop
"Stateless" from "Stateless Retry" to match newer QUIC drafts.
Tested with quic-go-b083fd6f0e36-d22-dsb.pcapng.
Bug: 13881
Change-Id: Idc8b1ad6283ace95ae059a6ef6ee268c1ffb4097
Reviewed-on: https://code.wireshark.org/review/34469
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add "native" support for the "zig-zag" version of a varint in proto.[ch] and
tvbuff.[ch]. Convert the use of varint in the KAFKA dissector to use the (new)
"native" API.
Ping-Bug: 15988
Change-Id: Ia83569203877df8c780f4f182916ed6327d0ec6c
Reviewed-on: https://code.wireshark.org/review/34386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These environment variables are read very frequently, read them once to
globals for performance improvment.
Change-Id: I4f05a5edca85b370674cc5f85fce40bd1af695cb
Reviewed-on: https://code.wireshark.org/review/34449
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The heuristic is a bit expensive, set default off.
Change-Id: Ib0cb863810a1cbcae2fef0b5a035c63682246a0f
Reviewed-on: https://code.wireshark.org/review/34441
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RTP packets picked up by the dissector as it's a niche protocol set
heuristics to default off.
Change-Id: I33c6c3fc0f4a593cc4ed5866515cdcea669bee54
Reviewed-on: https://code.wireshark.org/review/34440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do not reuse Session AMBR fields for MFBR and GFBR.
Add averaging window and EPS bearer identity cases.
Change-Id: I34fad0b5f38aa097bb968106de2bbb86278579b9
Reviewed-on: https://code.wireshark.org/review/34430
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add hf_ fields for "raw" Sequence and Acknowledgment numbers. They will only be
visible when "Relative sequence numbers" preference is TRUE.
Bug: 15913
Change-Id: Icfbdc435e82723d663dce36c3a5cc513c837bdaf
Reviewed-on: https://code.wireshark.org/review/34421
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. he_mac_headers can be changed at runtime, so it is not "static" or "const"
2. Optimize out extended length calculation.
Ping-Bug: 15866
Change-Id: Ibf8191a7043a22109ae8a3db481bfbbef583b110
Reviewed-on: https://code.wireshark.org/review/34424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Create a state for the start of an SMTP conversation. If bytes seen don't match
a command and conversation is still in the "start" state, treat bytes as message data,
not a command.
Bug: 16026
Change-Id: I229b316a77819b07bf8cf93bed72570a947c6cf3
Reviewed-on: https://code.wireshark.org/review/34412
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Linux kernel includes a module called drop monitor which -
unsurprisingly - monitors packet drops.
Once enabled, the module will periodically send netlink notifications to
user space over generic netlink. Historically, these notifications only
included the program counter where the drop occurred and the number of
packets that were dropped in this location in the last interval.
Patches in net-next (queued for Linux kernel 5.4) extend drop monitor
with another mode of operation where the dropped packets themselves are
sent to user space along with relevant metadata as netlink
notifications. This allows users to perform a more detailed analysis of
the dropped packets.
This patch adds a dissector for these netlink packets. The dissector is
expected to be invoked by the generic netlink dissector and during its
hand off routine it adds an entry in the 'genl.family' dissector table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink
dissector. The dropped packet itself is encoded in the netlink attribute
'NET_DM_ATTR_PAYLOAD' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'NET_DM_ATTR_PROTO' attribute.
Bug: 16018
Change-Id: I10bfa4b9c9d8f5e82769c250f929f74693142a23
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34351
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEEE 802.11-2016 Section 9.4.2.25 RSNE
All information after Element ID, Length, and Version are optional; therefore the minimal IE length is 2.
Bug: 15905
Change-Id: I231e31c6a0fe5a26d5dd7c1c36be4e9816a7bb50
Reviewed-on: https://code.wireshark.org/review/34411
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove a useless assignment and a few useless return.
Change-Id: I38d868fe8cb81cd86683cf660a6a6699c1e8a54b
Reviewed-on: https://code.wireshark.org/review/34403
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
This IE has a variable length to allow future extension.
Change-Id: I158ef8a8aa2f5cace992113a9efeb324beebe1aa
Reviewed-on: https://code.wireshark.org/review/34402
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Added ability to decode CAT021 version 0.23 and version 0.26 ASTERIX
messages
Change-Id: I242ae3055f0af805e3a9eb126494d545702f836f
Reviewed-on: https://code.wireshark.org/review/34343
Reviewed-by: Ivan Quach <ivan.quach@aireon.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Commit 61c5e8e76d ("genl: make subdissectors responsible for header")
changed the generic netlink dissector to only call a sub-dissector if
there is a payload after the generic netlink header.
However, there are commands in certain generic netlink families that do
not have any payload. For example, 'NET_DM_CMD_START' in the 'NET_DM'
family. This means that the command will not be dissected by the
subdissector, as it will never be invoked.
Change the generic netlink dissector to always call a subdissector, if
it is present. Prevent the subdissectors from trying to dissect past the
end of the packet by adding checks in the two existing subdissectors,
for the 'nlctrl' and 'nl80211' families.
Change-Id: I4d2f48531dee92b11dc45000081a8d2d3dd875c6
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/34350
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A default condition was missing within the switch statement in
dissect_dsmcc_un_session_resources
Bug: 16025
Change-Id: I34a2c3715923ba80be456aa9b03f84f1dae58bd3
Reviewed-on: https://code.wireshark.org/review/34399
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
A few dissectors need the functionality of adding a time field to a proto_tree
while also needing the "time to string" value (typically to show on a tree above).
The functionality to do "get value from tvb and convert to string" was being done
in packet-ntp.c.
Instead proto_tree_add_item_ret_time_string can be used with various encoding to
get the necessary functionality with less code duplication.
ENC_TIME_MIP6 was added as a result of the refactoring.
ABSOLUTE_TIME_NTP_UTC was added as another potential "base" type for time fields.
Change-Id: Ie460c33370b0af59ef60bdab893ce9d6eb23b94f
Reviewed-on: https://code.wireshark.org/review/34390
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 16023
Change-Id: I78e1354ac5509707c818d7968c7067583fb469ba
Reviewed-on: https://code.wireshark.org/review/34379
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Commands with "-" at the end mean another line with the same command will
follow. Group all of those lines in a single response tree and don't append
the command value in the Info column for the additional lines.
Bug: 15933
Change-Id: Icba167f2f1d22ebaf53a6844285ba83ed8a20106
Reviewed-on: https://code.wireshark.org/review/34381
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Commit f57cf9e56c introduced a DISSECTOR_ASSERT()
that revealed a deficiency in pidl: currently pidl unconditionally adds calls to
dissect_deferred_pointers() which breaks dissecting any RPC function that
has only scalar arguments:
Warn Dissector bug, protocol RPCMDSSVC, in packet 51:
epan/dissectors/packet-dcerpc.c:2940:
failed assertion "list_ndr_pointer_list"
Bug: 16022
Change-Id: I9d3522a3e17ef79b9a8a5acb018104ab398a512a
Reviewed-on: https://code.wireshark.org/review/34364
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The observe option has different values for request and response. For
request it identifies register or deregister, and for response it is a
sequence number for reordering detection. RFC 7641 chapter 2.
Change-Id: I09515864997a32f7259e344532ea770b74030b04
Reviewed-on: https://code.wireshark.org/review/34368
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use both Token and Message ID in request/response tracking and retransmission
detection. The token is the same when using observables but the message id is
increasing.
Change-Id: I545416ce139328e6a8eb67258d7b51bddb6b278e
Reviewed-on: https://code.wireshark.org/review/34367
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I29872cb116dfc66c93d59b51a44161e627d3cfec
Reviewed-on: https://code.wireshark.org/review/34363
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15693
Change-Id: I790da95c1fa64596bd5131b491237fa084c0be49
Reviewed-on: https://code.wireshark.org/review/33382
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the same (as determined by key_equal_func) key gets added to the
GHashTable, old value gets freed and replaced with the new one. This is
fine for hash tables where the key validity is not tightly coupled to
the actual data.
In the nfs_name_snoop_matched hash table the key becomes invalid once
the value gets destroyed (because it shares the data pointed to by fh,
which gets freed once the value is destroyed).
A problematic capture includes packets such that the matching fh gets
added twice to the nfs_name_snoop_matched hash table. Prior to this
change the hash table would end up in a state where the new value is
associated with the old key (which contains pointer to already freed
memory). According to the nfs_name_snoop_matched_equal(), the old key
was equal to the key intended for new value *at the time* of insertion.
This change fixes the bug by using g_hash_table_replace() which does
update the key in case it already exists in the GHashTable.
Bug: 16017
Bug: 16019
Change-Id: Ib3943f1e27e82c05d9abaa1e436554b37a98488e
Reviewed-on: https://code.wireshark.org/review/34360
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info if session-id is empty.
Bug: 15951
Change-Id: I48ffe4ca26fd94f522ad1a668c99ed8f1f5e2c01
Reviewed-on: https://code.wireshark.org/review/34356
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib6cb86bc20dae9f88fdeb469983c2380bcc9216d
Reviewed-on: https://code.wireshark.org/review/34335
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
'usbaudio.as_if_gen.bmFormats.rsv' exists multiple times with NOT compatible types: FT_UINT32 and FT_BOOLEAN
Change-Id: I908b815bfa0f96f2ec421367995d971040f423a1
Reviewed-on: https://code.wireshark.org/review/34283
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use Unit and Transaction Identifier to identify the correct request to a
response.
The Transaction Identifier is only available in Modbus TCP.
Bug: 15698
Change-Id: Ic3a279ce200bee9e9274aaec66bd9dc2f1c096b9
Reviewed-on: https://code.wireshark.org/review/34274
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixed range values in message_discriminator_vals
and rsrc_attribute_vals.
Bug: 16015
Change-Id: Ib04b0be32fb8d58138913e643a38b95e64cdad7f
Reviewed-on: https://code.wireshark.org/review/34344
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use HTTPS for links when possible and update the e_machine entries by
post-processing a copy from the table on the website:
awk -F $'\t' '$1 ~ /^EM/ && $3 ~ /./ {printf " { %3d, \"%s\" },\n", $2, $3}'
Manually added the reserved entries for 182 and 184. Additionally added
Linux kernel BPF (247) and C-SKY (252).
Change-Id: I28ad07377a20499014437919da8e6871db2b8e59
Ping-Bug: 16016
Reviewed-on: https://code.wireshark.org/review/34346
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>