reported by check_typed_proto_items.py
packet-bluecom.c:435 proto_tree_add_item called for hf_bcp_hdr_cmd - item type is FT_UINT32 but call has len 1
packet-bluecom.c:441 proto_tree_add_item called for hf_bcp_hdr_len - item type is FT_UINT8 but call has len 2
reported by check_typed_proto_items.py
packet-bgp.c:8440 proto_tree_add_item called for hf_bgp_update_encaps_tunnel_subtlv_lb_block_length - item type is FT_UINT16 but call has len 4
packet-bgp.c:9152 proto_tree_add_item called for hf_bgp_route_refresh_orf_entry_sequence - item type is FT_UINT8 but call has len 4
reported by check_typed_proto_items.py
packet-awdl.c:889 proto_tree_add_item called for hf_awdl_electionparams_private_phc - item type is FT_UINT32 but call has len 2
reported by check_typed_proto_items.py
epan/dissectors/packet-aim.c:2380 proto_tree_add_item called for hf_generic_idle_time - item type is FT_UINT32 but call has len 2
epan/dissectors/packet-aim.c:3222 proto_tree_add_item called for hf_aim_messaging_unknown - item type is FT_UINT16 but call has len 1
reported by check_typed_proto_items.py
epan/dissectors/packet-aruba-iap.c:113 proto_tree_add_item called for hf_iap_unknown_uint - item type is FT_UINT32 but call has len 1
Some UN*Xes (4.4-lite-derived, such as the obscure, little-known macOS,
FreeBSD, NetBSD, OpenBSD, and DragonFly BSD) have a length field in the
socket address structure.
That was originally done for OSI address support; unlike most transport
addresses, such as IPv4 (and IPv6) addresses, where the size of the
address is fixed, the size of an OSI transport layer address is *not*
fixed, so it cannot be inferred from the address type.
With the dropping of OSI support, that field is no longer necessary in
userland. System calls that take a socket address argument also take an
address length argument; in newer (all?) versions of the {macOS,
FreeBSD, NetBSD, OpenBSD, DragonFly BSD} kernel, the system call code
sets the length field in the kernel's copy of the address to the address
length field value.
However, that means that you have to pass in the appropriate length; if
you have a sockaddr_storage that might contain an IPv4 address or an
IPv6 address, connect() (and bind()) calls should use the IPv4 address
size for IPv4 addresses and the IPv6 address size for IPv6 addresses,
otherwise, at least on macOS, the call fails.
In cap_open_socket(), report socket() and connect() errors separately,
to make it easier to determine where TCP@ captures fail, if they do
fail. (That's how I got here in the first place.)
Improves the resolution of interval steps that can be selected in IO Graph.
Selectable interval steps follow a scheme of 1 -> 2 -> 5 -> 10.
Having a broad choice of different intervals is important for visualizing.
One entry in the list of strings didn't have the comma at the end, so
the entry after it was concatenated with it, forming a bogus entry and
causing neither "application/vnd.3gpp.mcptt-info+xml" nor
"application/vnd.3gpp.mid-call+xml" to be recognized by media type as
XML.
Should resolve Coverity CID 1355680.
Pull the value-formatting code in proto_custom_set into
proto_item_fill_display_label. Use that in FieldInformation::toString
instead of fvalue_to_string_repr. Fixes#16911.
Add ByteViewText::updateLayoutMetrics, which fetches the character width
and line height. Call it whenever our font changes and when we're about
to paint. Blind attempt at fixing #15819.
Make Protobuf fields that are not serialized on the wire (missing in
capture files) to be displayed with default values by setting the new
'add_default_value' preference. The default values might be explicitly
declared in 'proto2' files, or false for bools, first value for enums,
zero for numeric types.
Default values are generated in epan/protobuf_lang_tree.c during the
nodes of fields are created. The default_value_xxx() methods of field
descriptor are added into epan/protobuf-helper.c/h and
epan/protobuf_lang_tree.c/h files.
close#17000
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
Each peer in a get_peers response has its own entry in the list, unlike
the way nodes are represented, so if we see a string_len we don't
recognize (like 18 for IPv6 peers) treating it as several IPv4 peers
doesn't make sense.
When due to limited capture length the tailing part of the SRTCP packet
is missing it might be impossible to know the encryption status of this
packet. Before retrieving that information make sure that's even possible,
otherwise continue as if not encrypted.
This is roughly 10% of tshark startup time.
- Enterprise string does not need to be trimmed at the beginning
- No need to call g_hash_table_replace() as keys are just guint32
Many of the Kafka dissector's type dissection routines either returned
an offset or -1 in the event of an error. We don't appear to check for
errors anywhere, so ensure that those routines always return a valid
offset.
Make those routines always initialize their type offset and length
variables. Fixes#16985.
It's easy to create systemd blocks with a missing or invalid
__REALTIME_TIMESTAMP= field when fuzz testing. If that's the case, leave
WTAP_HAS_TS unset instead of returning an error. Fixes#16965.
Without a default swich case Coverity flags a possible
divide by zero error.
While at it remove unneeded initializers because it is a symptom
of the same issue.
Added dissection for Dynamic Access Control (DAC) specific ACEs.
These are Conditional ACEs, System Resource Attribute ACEs and System
Scoped Policy ID ACEs.
A Condition ACE must be one of the following types:
ACE_TYPE_ACCESS_ALLOWED_CALLBACK
ACE_TYPE_ACCESS_DENIED_CALLBACK
ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT
ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT
ACE_TYPE_SYSTEM_AUDIT_CALLBACK
ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT
Such an ACE may include a conditional expression (that will, if
present, be evaluated to determine whether or not the ACE allows or
denies access). If a conditional expression is present the ACE data
will start with the string "artx". The remainder of the ACE data will
be the conditional expression which is simply a list of tokens
(see MS-DTYP for details of each token type). With this change,
filter "nt.ace.cond" can be used to find packets containing one or
more Conditional ACEs and their details are dissected.
A System Resource Attribute ACE has a name, value type and a list of
values. The value types are: INT64, UINT64, STRING, SID, BOOLEAN and
OCTET_STRING (i.e. binary data). With this change, filter "nt.ace.sra"
can be used to find packets containing one or more System Resource
Attribute ACEs and their details are dissected.
System Scoped Policy ID is simply a new ACE type and it does not
require any new dissection. The SID associated with a System Scoped
Policy ID ACE will start with S-1-17 and identifies the "Central
Access Policy" that should be used.
Re-enable Fedora build and add CentOS 8 and OpenSUSE 15.2 builds.
Fedora 33 does out of build tree cmake builds and needs spec file changes.
CentOS 8 has some changes with cmake and other packages that are similar to
older Fedora, and needs extra repositories enabled to get -devel packages
(still missing -devel for some optional libraries). OpenSUSE Leap 15.2 also
has some changes needed to build. Note that OpenSUSE Leap 15.1 is EOL
at the end of November 2020. Fixes#16971
Declare padding_item outside the while loop and initialize it, as we
want the value from the previous loop iteration when using it for
expert_info. Fixes clang build warnings.
Change PT_DECIMALLIT, PT_OCTALLIT and PT_HEXLIT tokens to uint64
type, and make PT_IDENT excluding '-' numbers which will be parsed
in protobuf_lang.y. That negative enum number and number type of
constant can be correctly parsed.
Note, intLit is uint32 for parsing fieldNumber and enumNumber,
but might be uint64 as constant.
close#16988
PEP 394[1] says,
"In cases where the script is expected to be executed outside virtual
environments, developers will need to be aware of the following
discrepancies across platforms and installation methods:
* Older Linux distributions will provide a python command that refers
to Python 2, and will likely not provide a python2 command.
* Some newer Linux distributions will provide a python command that
refers to Python 3.
* Some Linux distributions will not provide a python command at all by
default, but will provide a python3 command by default."
Debian has forced the issue by choosing the third option[2]:
"NOTE: Debian testing (bullseye) has removed the "python" package and
the '/usr/bin/python' symlink due to the deprecation of Python 2."
Switch our shebang from "#!/usr/bin/env python" to "#!/usr/bin/env
python3" in some places. Remove some 2/3 version checks if we know we're
running under Python 3. Remove the "coding: utf-8" in a bunch of places
since that's the default in Python 3.
[1]https://www.python.org/dev/peps/pep-0394/#for-python-script-publishers
[2]https://wiki.debian.org/Python
Alexis La Goutte
Pau Espin