The protocol is a continuation of the WOW protocol occuring between the
world server and the client (as opposed to the login server and the
client).
The first two opcodes are unencrypted and perform setup for the
encryption.
The encryption was setup in the WOW protocol through SRP6.
Using the session key for encryption like this is not part of the SRP6
protocol.
All other opcodes are encrypted using the session key, which will need
to be deduced first.
This patch adds support for LIN (Local Interconnect Network) as
well as support for:
- Signal PDUs on LIN
- ISO 15765 (ISO TP) on LIN
- TECMP transported LIN is handle like LIN
LIN is a simple automotive fieldbus to connect for example simple
sensors and actuators to an electronic control unit.
This big patch addresses the following items:
* implement the "message" virtual channel so that multi-transport and bandwidth
PDUs are dissected;
* prepare the identification of static channels to be able to dissect them later;
* fix the compression field in channelPDUHeader.channelFlags;
* implement the drdynvc channel dissector, so now we decode the traffic on this
channel and we're able to track data on dynamic channels and transition to UDP
transport
Added dissectors for RTPS Virtual Transport and RTPS Processed Protocols
RTI Connext DDS can capture RTPS-related traffic by using the Network Capture
Utility. The generated .pcap capture files will follow these protocols,
establishing a format for how information must be saved, and then
parsed. This will improve debuggability by including additional information
obtained from within Connext DDS.
RTPS-VT parses the information related to the transport. It then, calls
the RTPS-PROC dissector, which handles the rest: calling the RTPS
dissector when needed, and parsing additional information such as the
one related to security.
The BT LMP dissector calls btbredr_rf_add_esco_link and
btbredr_rf_remove_esco_link. Move their prototypes and required struct
definitions to a header file.
This patch adds a dissector for PDUs based on signals. On CAN,
FlexRay, etc. data is transported in PDUs that are based on
signals. These signals are typically an arbitrary number of bits.
This dissector allows:
- Parsing configured signals (shortened datatypes too)
- Scaling and moving signals values (compu scale)
- Naming signal values (compu consts)
- Filtering on the scaled and raw value
The dissector supports:
- Signal PDUs over CAN
- Signal PDUs over FlexRay
- Signal PDUs over SOME/IP
- Signal PDUs over PDU-Transport
The Linux kernel includes a module called psample which sends sampled
packets to user-space over generic netlink.
This patch adds a dissector for these netlink packets.
The dissector is expected to be invoked by the generic netlink dissector and
during its hand off routine it adds an entry in the 'genl.family' dissector
table.
The various netlink attributes are dissected by calling
dissect_netlink_attributes(), in a similar fashion to the rtnetlink and
net_dm dissectors. The sampled packet itself is encoded in the netlink
attribute 'PSAMPLE_ATTR_DATA' and dissected by invoking a dissector from the
'sll.ltype' dissector table based on the packet's protocol which is
encoded in the 'PSAMPLE_ATTR_PROTO' attribute.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
I believe this was the original intention, to use these API restricitons
with dissectors only (not that I necessarily agree with that policy either),
and through copy-paste and lack of clear guidelines it spread to other
parts of the build.
Rename the checkAPI groups to make it very clear that this is dissector-only.
This doesn't mean, of course, that good programming practices shouldn't be
followed everywhere. In particular assertions need to be used properly.
Don't use them to catch runtime errors or validate input data.
This commit will be followed by another removing the various ugly hacks
people have been using to get around the checkAPI hammer.
The include_directories documentation at
https://cmake.org/cmake/help/latest/command/include_directories.html
says:
"Note: Prefer the target_include_directories() command to add include
directories to individual targets and optionally propagate/export them
to dependents."
Switch from include_directories to target_include_directories in a bunch
of places.
Add "SYSTEM" to the remaining external include_directories calls in
order to minimize our compiler warning blast radius.
A complete dissector for Van Jacobson PPP header compression:
<ftp://ftp.rfc-editor.org/in-notes/rfc1144.pdf>
This dissector was created solely by reading the description of the
protocol in section 3.2 of RFC 1144. In particular, I did *not* read the
sample implementation of the RFC in its Appendix A, due to the
questionable legality of using code with "All rights reserved" in
Wireshark. See #12138 for details.
Closes#12138.
Use target_include_directories instead of include_directories in a few
places as recommended at
https://cmake.org/cmake/help/latest/command/include_directories.html
Doing so lets us mark a bunch of dependency includes SYSTEM PRIVATE, in
particular LIBXML2_INCLUDE_DIRS. On macOS this keeps us from triggering
the nullability warnings described at
https://www.wireshark.org/lists/wireshark-dev/202004/msg00056.html
(This might also keep the Visual Studio code analyzer from complaining
about various Qt headers, but I haven't tested this.)
Currently, only pcapng has one, and it does nothing, but this mechanism
will be used more in the future.
Update comments in epan/dissectors/CMakeLists.txt and ui/taps.h while
we're at it.
According to the LINKTYPE_BLUETOOTH_BREDR_BB Packet Structure specification
(http://www.whiterocker.com/bt/LINKTYPE_BLUETOOTH_BREDR_BB.html), the
Bluetooth header should be formatted according to the Bluetooth
specification Volume 2, Part B, Section 6.4. However, right now
wireshark expects the header to be in a weird format,
specifically it expects the header fields to be MSB but the bits
within each header field to be LSB. (Bluetooth standard is all
LSB). Furthermore, it computes the HEC (header check, i.e. the header
CRC) with 4 bits arbitrarily masked.
This patch decodes the header according to the spec. It still accepts
the old format (if the broken HEC matches), and displays a warning.
Until now writing subdissectors for SOME/IP was not really possible.
While you could register for messages, the subdissector did not know
which message it was called for.
This patch fixes the subdissector support of SOME/IP by:
- adding header file to CMakeLists (was missing)
- creating a "data" struct so that subdissectors know what they dissect
- passing this "data" struct to the subdissector
packet-rtps.h and packet-rtps-utils.c have been merged into the one
dissector packet-rtps.c.
All the functions have been made static.
Forward declarations have been removed if not needed.
Fix: #17113.
This patch adds a new dissector for PDU-Transport. This is a very
simple protocol to transport CAN, FlexRay, LIN, and other PDUs.
It is typically used to transport legacy messages/PDUs over Ethernet.
The format is compatible to FDN and AUTOSAR.
Enabled AUTOSAR NM on top of the PDU Transport and fixed a few bugs
in AUTOSAR NM as well (length parsing).
Solves #17095
Also modified eCPRI dissector to call it for payloads. This dissector will
claim the "IQ Data" and "Real-Time Control Data" message types - others
are still handled by eCPRI.
New link type DLT_ETW is added for write and read Event Trace on Windows.
This change updates MBIM dissector to decode a MBIM message from
a DLT_ETW packet.
Add SMCD(v2) clc proposal/accept/confirm and decline support.
Proposal and decline parsing routines are used by SMC-R and SMC-D(v2).
Enhance the existing SMC-R protocol dissector in such
a generic way that it supports both SMC-R and SMC-D(v2)
protocols. These two protocols are similar to each other.
SMC-D has a version 1 and version 2.
Signed-off-by: Guvenc Gulce <guvenc@linux.ibm.com>
Added dissection for Dynamic Access Control (DAC) specific ACEs.
These are Conditional ACEs, System Resource Attribute ACEs and System
Scoped Policy ID ACEs.
A Condition ACE must be one of the following types:
ACE_TYPE_ACCESS_ALLOWED_CALLBACK
ACE_TYPE_ACCESS_DENIED_CALLBACK
ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT
ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT
ACE_TYPE_SYSTEM_AUDIT_CALLBACK
ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT
Such an ACE may include a conditional expression (that will, if
present, be evaluated to determine whether or not the ACE allows or
denies access). If a conditional expression is present the ACE data
will start with the string "artx". The remainder of the ACE data will
be the conditional expression which is simply a list of tokens
(see MS-DTYP for details of each token type). With this change,
filter "nt.ace.cond" can be used to find packets containing one or
more Conditional ACEs and their details are dissected.
A System Resource Attribute ACE has a name, value type and a list of
values. The value types are: INT64, UINT64, STRING, SID, BOOLEAN and
OCTET_STRING (i.e. binary data). With this change, filter "nt.ace.sra"
can be used to find packets containing one or more System Resource
Attribute ACEs and their details are dissected.
System Scoped Policy ID is simply a new ACE type and it does not
require any new dissection. The SID associated with a System Scoped
Policy ID ACE will start with S-1-17 and identifies the "Central
Access Policy" that should be used.
Added a dissector to reassemble IPP Over USB packets and pass them to
the HTTP dissector. Added a display filter so IPPUSB packets can be
filtered. Dissector checks to ensure semgent is IPPUSB and supports
reassembly of send-documents and print-job documents. It also supports
the reassembly and dissection of packets that are truncted or
incomplete.
Change-Id: Icc9525592c07b00baaac887a70bc9e7568273016
New dissector for MC-NMF (.NET Message Framing Protocol) and
MS-NNS (.NET NegotiateStream Protocol).
TLS implementation is not tested due to the lack of a sample capture.
Fixes: wireshark/wireshark#16861
Stream Specification: https://www.ilda.com/resources/StandardsDocs/ILDA_IDN-Stream_rev001.pdf
The stream specification only defines IDN messages. The other packet commands
like ping request, ping response, etc. (see line 25 - 31 in packet-idn.c)
are part of the hello specification which is not released yet. We were still
able to implement some hello packets since we received a preliminary version
of the hello specification, because we need the hello packets for our work.
related to #16707
This adds a protocol post-dissector for Community ID support to
Wireshark/tshark: https://github.com/corelight/community-id-spec
The protocol is disabled by default. It establishes one new filter
value, "communityid".
Includes test cases and baselines to verify correct Community ID
strings based on similar testsuites in the existing Zeek and Python
implementations.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
Bug: 16764
Change-Id: Iff902150491c984d3069c1b83acef9c2c8ce12c7
Reviewed-on: https://code.wireshark.org/review/38106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Very rough support for dissecting the framing on unidirectional and
bidirectional streams. Support for dissecting QPACK contents will be
added later.
Thanks to Omer Shapira for identifying an important issue that broke
reassembly and blocked proper HTTP/3 support.
Bug: 16761
Change-Id: Ib7f87c824f1dca70967b82943e18d5afee39fa0b
Reviewed-on: https://code.wireshark.org/review/38084
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It is send from DCAgent to FSSO collector using UDP 8002 packet
It is based on analysis of protocol (and log)
Bug: 16657
Change-Id: I2e23a403a103c25820d714446d4e3245af04e876
Reviewed-on: https://code.wireshark.org/review/37547
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Technically Enhanced Capture Module Protocol (TECMP) allows the
transport of data recorded on different technologies (e.g. Ethernet,
CAN, LIN, FlexRay). A typical usage scenario is data recording in
vehicles, e.g. for validating and testing autonomous driving.
Bug: 16661
Change-Id: If7c08529049cc1d30d9a5640b4216eac83546800
Reviewed-on: https://code.wireshark.org/review/37610
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector for Asphodel (https://bitbucket.org/suprocktech/asphodel).
Asphodel is a protocol for streaming real-time data from sensors in industrial
environments. This protocol dissector supports complete dissection of the UDP
advertisment packets, and simple dissection of the TCP command and stream data.
Sample Capture:
https://wiki.wireshark.org/SampleCaptures#Asphodel_Protocol
Change-Id: I6a7f730a4ce5349ac48b4fd86e61429983af5bf9
Reviewed-on: https://code.wireshark.org/review/37318
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>