According to MS-SFU 2.2.2 PA_S4U_X509_USER checksum section;
PA-S4U-X509-USER may be returned inside encrypted-pa-data, but
it contains just the checksum data so do not try to dissect it.
Quote:
The padata of type 130 in the encrypted-pa-data field contains
the checksum value in the S4U request concatenated with the
checksum value in the S4U reply.
Change-Id: Ia124f56914ef2fefd5b0a64fccd176911321f246
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decoding a collection-ID from the
key-bytes.
Update DCP as collection_len is no longer in the
protocol and the system events have changed.
Change-Id: Ib910083d929a906729e2bba2b0f07ba23e093cf5
Reviewed-on: https://code.wireshark.org/review/30895
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added dissection of Support Type Object LB type.
Change-Id: I7e654faed4874a87865f1d94a372eb8f00dde412
Reviewed-on: https://code.wireshark.org/review/30903
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the couchbase packet dissector with some re-factoring of the
FlexFrame dissector and then extra functionality for:
* FlexFrame on requests (magic 0x08)
* Durability
* Out-Of-Order requests
* DCP Stream ID
Additional checks are added to warn/error for invalid frame lengths and
for the case where the FlexFrame byte0 is 0xff, which is not defined by
the protocol.
Change-Id: I5f1fec8293284dadbdef717d02fa1eef27da7a0c
Reviewed-on: https://code.wireshark.org/review/30894
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes an issue where sometimes datafile_dir is not freed
before exiting.
Change-Id: I2ff7d1b8ea4e20a1ce98e5e11965073eb479bb03
Reviewed-on: https://code.wireshark.org/review/30909
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't set the display filter combo's minimum size. This lets us show
more filter expression buttons.
Clear the filter expression toolbar before redrawing it. This gets rid
of a leftover artifact here on macOS.
Change-Id: Iab944e8992caf554e024521df52d0089a4501674
Reviewed-on: https://code.wireshark.org/review/30902
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make our package relocatable on Unix systems.
Linux, Solaris and FreeBSD are known to support $ORIGIN.
Change-Id: Ibcdda33d62c075bfa867d006cb6aaf5824609011
Reviewed-on: https://code.wireshark.org/review/30896
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reverts commit 4154e35cde.
Apparently we do need to call PeekNamedPipe on Windows.
Change-Id: I9c9bbcb56bf1e1c2e6ae240ac5056b8a80674f15
Reviewed-on: https://code.wireshark.org/review/30900
Reviewed-by: Gerald Combs <gerald@wireshark.org>
GAP field dissection shows an acknack analysis. This analysis doesn't
make any sense in the GAP field.
Change-Id: I9c4cca2b722390112b6a350bd2310b48874e5c9d
Reviewed-on: https://code.wireshark.org/review/30897
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Somewhere in the code the handling of the offset goes wrong.
Instead of incrementing the offset it's the pointer to the offset
which is being incremented, leading to all sorts of problems.
Add a dereference to these few statements which lack them.
Bug: 15322
Change-Id: If575711a5b120f25f0172e0efb26e01f07244e8b
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30899
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
use an hf variable of type FT_ADDR
Change-Id: Ice88965825d05ee10825b1a7dc91475ffaa75cb2
Reviewed-on: https://code.wireshark.org/review/30890
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We can't install from DATAFILE_DIR on this platform, we
must use CMAKE_BINARY_DIR.
Do that and try to keep this thing intact.
Ping-Bug: 15301
Change-Id: I5c0b787f8b1a148dda52f26242ab681e3c3a0d44
Reviewed-on: https://code.wireshark.org/review/30879
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
When no content is provided, creating the tree with empty content leads
to malformed IMF.
Ping-Bug: 15090
Change-Id: Idf521c26f69638a94300792e50dba29645a45a68
Reviewed-on: https://code.wireshark.org/review/30874
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The asn1 is based on [MS-SFU] 2.2.2 PA_S4U_X509_USER
Change-Id: Ic072b7c4eca5c924da8833f85529098f6a93f436
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We don't need it and, if there *is* no pcap.h header, because the pcap
headers aren't installed, it won't compile.
Bug: 15317
Change-Id: Ie2a107f6117aad8f87943cd72269211f13b71142
Reviewed-on: https://code.wireshark.org/review/30883
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Correct cluster ID
- Parse ZDP Status
- Move from client to server
- Classify as notify instead of request
Change-Id: Idb3d26d3212af2762465d7ec02efcb8978830af3
Reviewed-on: https://code.wireshark.org/review/30859
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic559133086f4529f8dcc7b99cce6dbb97c11e197
Reviewed-on: https://code.wireshark.org/review/30860
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Two trivial cleanups of the definition of the tftp.destination_file field:
There is probably no need to shout DESTINATION in capital letters, and change
"source" to "destination" in the field's blurb.
Testing Done: Built on macOS 10.12.6. Examined the capture attached to
bug 10305 (tftpConversationError.pcapng, which includes a TFTP WRQ), and saw
that the capitalization of the "Destination File" field is as expected in
the packet dissection, and that the status bar now describes the field as
the "TFTP destination file name".
Change-Id: I9f5bded321c16d4e200bf1caf80ad5733ecc8287
Reviewed-on: https://code.wireshark.org/review/30857
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handling of preferences is often done in the dissector handoff
registration. Therefore this function is often registered as
callback while registering preference handling for the module.
In this way the preferences are processed both when registering
the dissector and when changes happen.
Some dissectors opt to register a seperate callback function to
be called when preferences change. Now these have to be called
from the dissector handoff function explicitly, in order to have
the preferences processed during dissector registration.
This becomes explicitly apparent when the port registration comes
into play. With the migration to using dissector registration on
ports with preference this port (range) is often retrieved from
the preferences to match against the ports in a packet to determine
an incoming or outgoing packet of a server. In case the callback
function is not called from the dissector registration this
determination fails, until the preferences are applied/changed,
causing the preference handling callback to be called.
This change add the calling of the callback during dissector
registration, fixing some dissector port registrations in the
process.
Change-Id: Ieaea7f63f8f9062c56582a042a3a5a862e286406
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30848
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is already done in epan_init.
Change-Id: I2bbfd22ef4a552003dc3644e9d21b5a5ca3465ba
Reviewed-on: https://code.wireshark.org/review/30849
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The Supported Protocols list has move from Help to View.
Also everything is presented in one dialog now.
Change-Id: Ie6105741b1307a0de062a33e4f5e3f933cd14caa
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apply change 30835 to dissector functions for version draft_01_v6 of the
protocol.
Dissector code added flag values in the "branch" label. Individual flags
are '0' when expanding the branch in the packet details pane due to
wrong definition.
Values on the branch label should be added by proto_tree_add_bitmask.
Use proto_tree_add_bitmask_with_flags instead. Remove code that adds
flag values to label "by hand" and remove unused local vars.
Change-Id: I1f639e4b0e617834276f2e11283315ac8b1594f1
Reviewed-on: https://code.wireshark.org/review/30843
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CMake requires zlib to be added to the exports via epan and wiretap
targets.
Ping-Bug: 15301
Change-Id: I5cfe746e67c195eb83b1d159a2cc2a645c8c47ea
Reviewed-on: https://code.wireshark.org/review/30793
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use the 'r' prefix to prevent backslashes from being interpreted.
Change-Id: I736d70c72a862086501a59b3c1acac0d77e2d6d3
Reviewed-on: https://code.wireshark.org/review/30840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GnuTLS is an optional dependency, allow tests to run without it.
Change-Id: Ib1bd7beaf1d885a157a0e1a630ccc4fbc8786af1
Reviewed-on: https://code.wireshark.org/review/30839
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The case_decrypt_tls.test_tls_rsa_pq test is unexpectedly passing when
GnuTLS is disabled. It checks for '/' in the output, but that also
matches an error message. Use assertRun here and pretty much everywhere
else to catch such issues. Remove a few redundant returncode checks.
Change-Id: I0f9d1dadc0ca73eef9cffb3e2f452aa7c8395c95
Reviewed-on: https://code.wireshark.org/review/30838
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>