Add global preference to allow for "stricter" conversation tracking
Bug: 13518
Change-Id: I166a084c402374fa76dac7bb54f941e2e9c9325a
Reviewed-on: https://code.wireshark.org/review/22842
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I94da228cba6baf20a2cd02bafc9704492f2cfc9f
Reviewed-on: https://code.wireshark.org/review/23956
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
They test where the address is XXX, for various values of XXX, so name
them accordingly.
Change-Id: I437175f02b3f97fecee77e8bb9416bb5b71cd0d0
Reviewed-on: https://code.wireshark.org/review/24075
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That allows a parallel typedef of ws_in4_addr for guint32.
Change-Id: I03b230247065e0e3840eb87635315a8e523ef562
Reviewed-on: https://code.wireshark.org/review/24073
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we're building on Windows we're going to have windows.h and
winsock2.h. Don't bother checking for them.
Change-Id: I0004c44d7364ab3f41682f34b8c84cd8617c9603
Reviewed-on: https://code.wireshark.org/review/24068
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Including where it says not to in comments. Use IPv4 dotted-decimal
notation.
Change-Id: Iafe1f6fbd2bd5867c41642dc27411f47dff8ce6a
Reviewed-on: https://code.wireshark.org/review/24044
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
- Introduce support for the NACK_REASON response type
- Tweak the PD dissector for DMX_PERSONALITY_DESCRIPTION, which
misinterpreted the "Personality Requested" field and used the wrong
length for the "DMX512 Slots Required" field
Change-Id: If5bc64f82e531e6cfb03a508c335b0468bf6e836
Reviewed-on: https://code.wireshark.org/review/24048
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8e9cd64edcabf810e70b134ecce7a771babafebc
Reviewed-on: https://code.wireshark.org/review/24017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
for reuse on QUIC dissector
Change-Id: Ic1d6b875e1e1944bb2aa6c7a85bfdd984c00948c
Reviewed-on: https://code.wireshark.org/review/24018
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icc4cfc4ce007eac29d9a502eae76527713e93e05
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/24019
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
- PUBREL, SUBSCRIBE and UNSUBSCRIBE does use QoS for v3.1
- CONNACK is also different between v3.1 and v3.1.1
- DUP flag is not reserved, it's Retain which is reserved
- Use proto_tree_add_item for reserved fields
- Use uniform layout and fixed indent (2 spaces in this file)
Change-Id: I26337ad63cd67d832db84993349fa3406e305b72
Reviewed-on: https://code.wireshark.org/review/24025
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to the MQTT v3.1 and v3.1.1 specifications,
the fixed header flags (DUP, QoS and RETAIN) are only set by
the PUBLISH message.
The DUP flag is also set by the PUBREL, SUBSCRIBE and
UNSUBSCRIBE messages but only when version 3.1 is used.
Currently, the MQTT dissector shows the header flags for
all the v3.1 and v3.1.1 messages.
This patch fixes the issues mentioned above.
To track the protocol version used during the connection handshake
a conversation is used. For subsequent messages, the way the header
flags are displayed is determined by this variable.
Change-Id: Iad808f77a2c379f9786152c26d3aa86e24be1b16
Signed-off-by: Flavio Santes <flavio.santes@1byt3.com>
Reviewed-on: https://code.wireshark.org/review/23939
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
In WS v11.4.0 released In May, 2014, "tvb_get_string_enc()" was added to
dissect_nfs4_stateid() which treats the numeric stateid as a string and
converted it to UTF-8. Invalid UTF-8 chars were replaced with the
"REPLACEMENT CHARACTER" which are actually three characters: 0xef, 0xbf,
and 0xbd (0xefbfbd). A hash was made of the first 16 chars of the returned
array although the string was often much larger due to 1 to 16 invalid
chars. This has often caused duplicate hashes for different files and
locks. That routine has been removed. In addition, the size of the hash
has been reduced from 32 to 16 bits which affords a 99.9984% chance of
unique hashes. Finally, hf_nfs4_seqid, used for the stateid hash seqid
has been changed to hf_nfs4_seqid_stateid because in CLOSE requests the
seqid has nothing to do with the stateid seqid.
Change-Id: I3bf7caefc3341887a4c9137500dfeac0115af8cf
Reviewed-on: https://code.wireshark.org/review/23966
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Correct include patch for packet-lldp.c
Change-Id: I5e2a267943ccd39616ef323848104fdba23c8f38
Reviewed-on: https://code.wireshark.org/review/24009
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
oui.c is a very small subset of what comes from http://standards.ieee.org/regauth/oui/oui.txt,
so use the "full" OUI list (and more) out of the manuf file and convert
hf_ fields to just use BASE_OUI.
Change-Id: Ic0c2ff618d8a6212f498e3b7475e0a7856c22b5b
Reviewed-on: https://code.wireshark.org/review/24007
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note that changes to tcp_analyze_sequence_number should be synced with
docbook/wsug_src/WSUG_chapter_advanced.asciidoc#ChAdvTCPAnalysis.
Change-Id: Iac72d2cf808d84c17fa5f12012675e0af1895cd1
Reviewed-on: https://code.wireshark.org/review/23989
Reviewed-by: Gerald Combs <gerald@wireshark.org>
** (process:8955): WARNING **: Field 'Uplink Time Unit' (pfcp.ul_time_unit) has a conflicting entry in its value_string: 3 is at indices 3 (Day) and 4 (Week))
** (process:8955): WARNING **: Field 'Downlink Time Unit' (pfcp.dl_time_unit) has a conflicting entry in its value_string: 3 is at indices 3 (Day) and 4 (Week))
Change-Id: I870af4a53721e0ffe0f9f778c8287e090f2b2929
Reviewed-on: https://code.wireshark.org/review/23985
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
** (process:8955): WARNING **: Field 'Class' (nfapi.csi.rs.class) has a conflicting entry in its value_string: 1 is at indices 1 (Class A) and 2 (Class B))
Change-Id: I6063fd5fe0094efe776a3a04556c633a4e495a9a
Reviewed-on: https://code.wireshark.org/review/23986
Reviewed-by: Michael Mann <mmann78@netscape.net>
Without any specific pattern, it is too weak and catch a lot of
unrelated UDP packets.
Change-Id: Iacac5ae65de59da1d46a06184517834edd91eb18
Reviewed-on: https://code.wireshark.org/review/23984
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icb326dac7cfe0478df3d892df279ad0f241c7ba6
Reviewed-on: https://code.wireshark.org/review/23981
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If4620a43d706f7067a018eb964e4db3733d65210
Reviewed-on: https://code.wireshark.org/review/23980
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It is not registered by IANA
Change-Id: Iff462ee0a2366ae72681b34e4e7e107c8c479822
Reviewed-on: https://code.wireshark.org/review/23976
Reviewed-by: Anders Broman <a.broman58@gmail.com>
register.c is a built source. It should not be included in the distribution
and should be removed with the distclean target.
Remove XXX comment suggesting adding the cache to the distribution; let's
not do that.
Change-Id: I20f9467a93e2b5ad3ee56a5fa83381095b1d28c6
Reviewed-on: https://code.wireshark.org/review/23971
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
[MS-SMB2] 2.2.13 CREATE Request, NameOffset:
> A zero length file name indicates a request to open the root of the share.
This also ends up enabling the parsing of missing
fields (InputBufferLength, AdditionalInformation, Flags) in QUERY_INFO
requests, which required a non-NULL saved->extra_info.
Change-Id: I9af3933cc6bb93247bad23c7dd82a52787595f69
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/23959
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes error: format '%lu' expects argument of type
'long unsigned int', but argument 4 has type 'guint64'
Change-Id: I431ab2e1920b7856ff686bd79bc881dee494706f
Reviewed-on: https://code.wireshark.org/review/23965
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Implemented a function to dissect zcl octet strings in a similar way as attributes
that have a data type of zcl octet string.
Currently the function is used for event data (publish event and publish event log),
as well as top up code (consumer top up and publish top up log).
Bug: 14138
Change-Id: Idae6240312bedeaa12f10777e1009b110d5f834d
Reviewed-on: https://code.wireshark.org/review/23881
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I31be23516d7fb169daa827b505bcde04426e84dc
Signed-off-by: Adam Wujek <adam.wujek@cern.ch>
Reviewed-on: https://code.wireshark.org/review/23961
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since the packet has an output and input buffer, having a field just
called "size" or "offset" was confusing.
Change-Id: Iadb45fa50e6ea6ffaa7c3b041704837641f64ab6
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/23958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
nfs dissector wrongly have used proto_tree_add_item to display a
counter, by assuming that last argument is a value.
Replace proto_tree_add_item with proto_tree_add_uint or
proto_tree_add_subtree_format when a loop counter must be
displayed. Update tree item size calculation.
Change-Id: I4137e42673fa33cae61494effe1195206fbf7f28
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/23748
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A renegotiated session with decrypted records has !maybe_encrypted which
means that the plaintext buffer is passed to dissect_ssl3_handshake. Do
not assume that this plaintext buffer might be encrypted, it is
definitely not the case.
Change-Id: I2ce9a5305e5cbc24b5c7e93077f7e796bf8cb406
Fixes: v2.5.0rc0-1314-g9d189c7e20 ("ssl: assume everything after CCS is encrypted")
Ping-Bug: 14117
Reviewed-on: https://code.wireshark.org/review/23948
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Value stored to 'offset' is never read
Change-Id: Ia7f651edec36a75c60816a3803e53dc86d749262
Reviewed-on: https://code.wireshark.org/review/23942
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Value stored to 'item' is never read
Change-Id: I964c06d1a3896e9e5c52dfcb2f17478f15350910
Reviewed-on: https://code.wireshark.org/review/23941
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use correct start offset for Join Request and Join Accept.
Always show the MAC Header fields (and add the RFU).
Add subtree for Join Request and Join Accept.
Register the dissector to be able to "Decode As" and calling the
dissector from Lua.
Change-Id: I644530f2ae36f5a9d2ea89e4446995a5caa4eea4
Reviewed-on: https://code.wireshark.org/review/23944
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Erik de Jong <erikdejong@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change-Id: I85be2eb645ab00d711f525d711ebf90f200595cc
Reviewed-on: https://code.wireshark.org/review/23943
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris