Due to the way the BLIP compresses its messages, it quickly falls apart
when the messages are not examined exactly in order (as is the case
when selecting random frames inside of a capture). The only solution
I can see is to only decompress once and store the result somewhere
that is persistent at the file level.
Change-Id: I38c781222c8efbbcded2446ae02fa7cb57c71509
Reviewed-on: https://code.wireshark.org/review/33827
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Comcast NGOD C1 LSC specification 'Comcast-SP-NGOD-SRM-S1C1_DSMCC-I03-100731',
Page 25, Table 11, extends the list of status codes to include 0x01, 0x04, and
0x05.
Change-Id: Ib208d1b409af62aa25cb5d7d6fee47ffc10dc880
Reviewed-on: https://code.wireshark.org/review/34342
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: Iea244eac276f6e37590b04cfbb53c3d7c802c7ae
Reviewed-on: https://code.wireshark.org/review/34320
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anthony Crawford <anthony.r.crawford@charter.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
With the design changes made in the Qt interface with respect to the
Deocode as dialogs the Users Guide content is confusing. Update the
graphics and text to accurately describe the current design. Update
references in other parts of the document too.
Change-Id: Iad6af555d2da3430230c7f176bf2ec1e808cc134
Reviewed-on: https://code.wireshark.org/review/34337
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Description for packet with length 480 was incorrent (EVS Primary 24.0 instead of AMR-WB IO 23.85)
Change-Id: I1625635468ce06a0057beb32d9558cbb71d6583f
Reviewed-on: https://code.wireshark.org/review/34338
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only CAN, CAN_BRIEF and LIN messages supported.
Change-Id: Id79574bcdab9f1ec66390357dd5860c73f194ccc
Reviewed-on: https://code.wireshark.org/review/31765
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
from draft-holmer-rmcat-transport-wide-cc-extensions-01
reference time field is a Signed Integer
Bug: 16007
Change-Id: I5686e43f2817b626ef45b07dd9fcec0c9bcc1cfb
Reviewed-on: https://code.wireshark.org/review/34330
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a profile is being deleted, but a system profile with the same
name exists, the dialog cannot be closed
Change-Id: I2fbaa999617203816e21a8e4486abaf368b69919
Reviewed-on: https://code.wireshark.org/review/34331
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Association analysis causes long loops if there is a lot off
associations or IMIT ABORTS. On a 679K packets trace loading with
amalysis takes 3.31.660 without 0.3.275. The culprit is the for loop
in find_assoc_index().
Change-Id: I07ae0e826c08aded3eb0e7dc3474dcf5cdd556f9
Reviewed-on: https://code.wireshark.org/review/34333
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Existing Apache Kafka support in Wireshark ends at version 0.10.
The version 0.11 (June 2017) brought significant changes to the message
format. This change makes the Wireshark Kafka dissector obsolete.
The recently released Kafka 2.3 has a lot of additions to the wire
protocol, which should be also addressed.
Major changes:
* Applied Kafka protocol changes since 0.10
* Zstd-packed message decompression (since Kafka 2.1)
* Added support for Kafka over TLS decryption
Bug: 15988
Change-Id: I2bba2cfefa884638b6d4d6f32ce7d016cbba0e28
Reviewed-on: https://code.wireshark.org/review/34224
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added missing time offset to GetProfileResponse end time.
Change-Id: I47f31cea709ccc600c9ea182c4bf6cf96410ff78
Reviewed-on: https://code.wireshark.org/review/34322
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Usage of USB address dissector creates several challenges. In order to
improve user experience let's create a custom address dissector.
This allows us to not only drop the busid parameter but also replace
endpoint parameter with hub port for SPLIT transactions.
The address may be one of 3 forms:
- host
- <device address>.<endpoint>
- <hub address>:<hub port> (for SPLIT transactions)
This also adds 3 new fields (source, destination and addr) with
exactly the same meaning as in usb. It also renames current addr field
to device_addr.
Strongly based on initial work by:
Maciej Purski <maciej.purski@gmail.com>
Ping-Bug: 15908
Change-Id: I5702295d7ef9076c3e0373de35ea4ac3cb2a0709
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Reviewed-on: https://code.wireshark.org/review/34279
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the optional HCS field to the snapshot marker (only send on
when non-zero for disk snapshots).
Also, remove the durability timeout field from DCP_PREPARE as it is
not sent and the UI warns about invalid extras length.
Change-Id: I46955e2a719d28a70377bc6addb65fa3356ea1d4
Reviewed-on: https://code.wireshark.org/review/34323
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The last parameter to beginRemoveRows() is the last row index, not the
number of rows. The QAbstractItemModel::beginRemoveRows() source code
expliticly checks if the value is smaller than row count.
Do not emit beginRemoveRows() if the model is empty as it does not make
sense and it is impossible to pass the QAbstractItemModel assertions
in such case.
Emit endRemoveRows() when finished instead of endInsertRows().
Change-Id: I93be4820b1ea0fbb5c0f3cd28edca329b4017814
Reviewed-on: https://code.wireshark.org/review/34318
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Passing the appdata dissector via the data parameter caused crashes due
to type confusion, use an alternative, indirect method instead.
Change-Id: I1de3de4e7daf4504c176a6ad8947037606aa20bb
Depends-On: I4770d03f912dd75f92878dd74ad830ebb7eb1431
Reviewed-on: https://code.wireshark.org/review/34312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For use by EAP-TTLS which embeds TLS.
Change-Id: I4770d03f912dd75f92878dd74ad830ebb7eb1431
Reviewed-on: https://code.wireshark.org/review/34311
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support for decoding 29bit CAN IDs. Much of the
existing code was in place for handling 29bit IDs but lacked the
ability to check for the correct 29bit request and response IDs.
This patch adds that ability and correctly selects for use of either
11bit or 29bit CAN IDs.
Change-Id: I7cf10a56aa93d951c3ffa45734139689b3f3af4c
Reviewed-on: https://code.wireshark.org/review/34297
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: If9bdc776e249e969f76fdbf86313e7095266ae66
Reviewed-on: https://code.wireshark.org/review/34251
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A subframe number is not as useful as in LTE due to the different
sub-carrier spacing in NR; use the slot number instead.
While we are at it, uniformize a bit the label and info display.
Change-Id: I432546ab38b07e7f256493ece25595a10613841d
Reviewed-on: https://code.wireshark.org/review/34314
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Those generated fields are linked to the dns.qry.name field, so highlight
the same bytes.
Bug: 15999
Change-Id: Ia989b79a9ec14140472b79fdf7acea6e67baee68
Reviewed-on: https://code.wireshark.org/review/34299
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
LSC_DONE messages should dissect the Status Code field.
Status Code provides error code information to client devices.
Bug: 15997
Change-Id: I40f3b2835189047ee428cfc8376065c5eaff6eb4
Reviewed-on: https://code.wireshark.org/review/34280
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Created the Microsoft Diameter file based on MS-CHAP-* AVPs listed at
https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10
Many values are displayed as bytes for simplicit. The MS-CHAP2-Success
attribute could for example be dissected further as 1 byte followed by a
string, but that requires more effort.
Allow padding to be missing since the eap-ttls-mschapv2.pcapng capture
would throw a Malformed Packet exception otherwise.
Bug: 15603
Change-Id: I9efc322a86802e78bb6cd4bc3df1c1282a45fe9e
Reviewed-on: https://code.wireshark.org/review/34291
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested with the three captures from the linked bug: eap-peap-gtc.pcapng,
eap-peap-md5.pcapng, eap-peap-mschapv2.pcapng.
Bug: 15597
Change-Id: Idb1fb2809d05648a3b961af8dbdd9b35c3284c13
Reviewed-on: https://code.wireshark.org/review/34294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for dissecting the decrypted TLS payload as Diameter.
Add support for dissecting the EAP-Message attribute as EAP.
Disable retransmission detection when EAP-Message is detected (EAP in
TLS in EAP) since this results in false positives.
Tested with captures from Bug 15603:
* eap-ttls-pap.pcapng - ok, User-Name and User-Password AVPs.
* eap-ttls-eap-gtc.pcapng, eap-ttls-eap-md5.pcapng - EAP-Message AVP.
* eap-ttls-mschapv2.pcapng - partially supported, does not conform to
Diameter AVP requirements as it is not padded. Microsoft vendor types
are also not yet supported. To be fixed later.
* eapttls-diameter-avp.pcapng (Bug 12880) - EAP-Message AVP.
Bug: 12880
Bug: 15603
Change-Id: Ie7ea282d05c1d3ff8463c34bf259107562714440
Reviewed-on: https://code.wireshark.org/review/34281
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For use by EAP-TTLS which knows the next protocol that must be set.
Similar to the ssl_starttls functions, but simpler as the caller does
not switch the transport protocol to TLS.
Change-Id: Idadb6f33e5e1182bf7b3b0b5134df9af2717a592
Reviewed-on: https://code.wireshark.org/review/34293
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The EAP length field must cover at least Code (1 byte), ID (1 byte),
Length (1 byte) and not have missing data afterwards.
Bug: 14406
Change-Id: I829e2aa33e5f286d55d2e8249457e118e7c3ebcc
Reviewed-on: https://code.wireshark.org/review/34292
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The pointer returned by create_tempfile() must not be freed. As the
wtap_dump_open_tempfile() callers are freeing the returned filename,
duplicate the string so it can be freed.
Bug: 15377
Change-Id: Ib0b23aaee748ef67600ef3f7d40610ebbbec721c
Reviewed-on: https://code.wireshark.org/review/34272
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This protocol is a non-standard, ad-hoc protocol to pass baseband GSM
bursts between the modem (osmo-trx) and the encoder / decoder
(osmo-bts-trx). Osmocom inherited this when forking OsmoTRX off the
OpenBTS "Transceiver" program.
Change-Id: I31f5071d08eff1731f1d602886e204c87eed107c
Related: OS#4081 (https://osmocom.org/issues/4081)
Bug: 14814
Reviewed-on: https://code.wireshark.org/review/26796
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>