VRRP v2 in Cisco routers can use "Keyed MD5" for IP authentication, and
such packets are now dissected slightly better.
The offset of the MD5 digest value pointed out by this patch can be
validated against Cisco's IOU software by using the IOU's "debug vrrp
auth" feature.
Sample VRRP (version 2) .pcap files can be found at,
https://github.com/kholia/my-pcaps
Change-Id: Ib421428bea9c2a074aec4594b26c76bc271fada8
Reviewed-on: https://code.wireshark.org/review/21084
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I5df8cb794b7b76b708448ae4b74b7481bdd8faff
Reviewed-on: https://code.wireshark.org/review/21097
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
register.c, and the plugin.c for various plugins, are generated by tools
that must be available to do a build, and aren't distributed as part of
the source tarball. That means "make distclean" should remove them. Do
so.
Change-Id: I9e37abdafb50234cf1ebb5fb828446e45e605d78
Reviewed-on: https://code.wireshark.org/review/21125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also convert usage to a value_string_ext
Change-Id: Ie515591355879f8eb65faf50e7c04b30cff13519
Reviewed-on: https://code.wireshark.org/review/21124
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Suboptimal, but still much better than sending columns
for whole capture file. webshark by defaults requests for 120 rows.
Change-Id: I96188e0d2bc4539a57e5061c7784f8c44f318393
Reviewed-on: https://code.wireshark.org/review/20715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Revert commit 3752a643ac5c85622822c88c69d83ce23828acb8
to fix bug 13164 and bug 13570 introduced with this commit.
This reopens bug 13110.
Bug: 13164
Bug: 13570
Change-Id: Id237f08258ca100f675614a9cb36a32340944b3e
Reviewed-on: https://code.wireshark.org/review/21089
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
That way, you don't end up with "(none)" being used as the filter name
and getting confusing error messages.
Change-Id: Ifc77d4434d82dabebe74118742938cfa5234791d
Reviewed-on: https://code.wireshark.org/review/21118
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Cast an ssize_t value to unsigned int before subtracting it from an
unsigned int. The value is already known to be >= 0 and <= the value
from which we're subtracting it, and that latter value is an unsigned
int, so it's guaranteed to fit into an unsigned int. (ssize_t can be
bigger than unsigned int.)
Change-Id: I5c4d3c7fa4bf241c9ea72661beca89bc30495a3b
Reviewed-on: https://code.wireshark.org/review/21114
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ib8b80b2c4a79941cf56d8add783c88d1078f079a
Reviewed-on: https://code.wireshark.org/review/21104
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Use FT_UINT_STRING as appropriate
2. Replace many proto_tree_add_xxx_format with proto_tree_add_item[_xxx]
Change-Id: Id9853c54074c2c033b3494b2d687df8e9fd33881
Reviewed-on: https://code.wireshark.org/review/21098
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FindLibXml2.cmake populates LIBXML2_INCLUDE_DIR and leaves
LIBXML2_INCLUDE_DIRS undefined.
Libxml2 inclusion as optional dependency is suggested in Change-Id
I13c0a2f408fb5c21bad7ab3d7971e0fa8ed7d783.
Change-Id: If49c778230e99af4b2ebb97dcb2f8acb4b55aa88
Reviewed-on: https://code.wireshark.org/review/21109
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reduces the differences between our lemon.c and SQLite's.
Change-Id: Ie672fa564a43ffe2fae271968accfed2a864bb63
Reviewed-on: https://code.wireshark.org/review/21107
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes the code more like Lemon as distributed.
Note that Lemon, as distributed, at least claims to have a bunch of
stuff "From the file "XXX.{c,h}", which might be the result of lemon.c
being an "amalgamation":
https://www.sqlite.org/amalgamation.html
although, unlike SQLite, the individual bits of the amalgamation don't
appear to be present in the SQLite Fossil repository, so maybe they've
been permanently glued together.
Change-Id: I361d0d16be0744b127110d7d237fdd84e30b6432
Reviewed-on: https://code.wireshark.org/review/21105
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
They accepted some of our changes, but with no space between "struct
XXX" and "*. Whatever.
Change-Id: I6b29462dc8b04ebf0822f8512d82f5f8df575447
Reviewed-on: https://code.wireshark.org/review/21101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Replace the dash in a range with a '\0', so that the first value in the
range is properly terminated.
Change-Id: Ib2807c2534c1e99e643848ca0fc32f4b78025ce3
Reviewed-on: https://code.wireshark.org/review/21099
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not used outside epan/prefs.c, and it probably shouldn't be.
Change-Id: I8a10961a33b93db1de982eec264c134f9f3bc66c
Reviewed-on: https://code.wireshark.org/review/21096
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not used outside epan/prefs.c, and it *shouldn't* be used outside
epan/prefs.c - there are other APIs that call it, and handle the details
of picking the right name, title, description, etc..
Change-Id: Ib95b4811d50c2bf1c480f115ee998274252243c9
Reviewed-on: https://code.wireshark.org/review/21095
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add registration of ett fields:
- ett_pcep_obj_unreach_destination,
- ett_pcep_obj_branch_node_capability,
Which were used since 7bca5e1688.
Reorder, ett_ registration to match declaration order.
Change-Id: Ie88cf518a77e134257570a054f6173ee49f27776
Reviewed-on: https://code.wireshark.org/review/21091
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
And make the message for an invalid character in a preference name more
like it, by putting the offending name in quotes.
Change-Id: I40db8b87eae5e46a1d49213a9a45861b6b3565af
Reviewed-on: https://code.wireshark.org/review/21092
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This solves a crash occurring when trying to free memory allocated by
GeoIP (cross-compiled with mingw(32|64)) with MSVC function
Bug: 13598
Change-Id: I757cff13660bd485d7ea91d10660e9bf86404728
Reviewed-on: https://code.wireshark.org/review/21090
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add millibel unit string, for wireless and optical power useage.
Change-Id: I7fe98fbeea7431fb74db57d2253ea78813379629
Reviewed-on: https://code.wireshark.org/review/21083
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
worth looking at every now and then.
The value of 16384 is the same as the default in VS.
Change-Id: I68fd51e373437088f59c1e197d1a889f856caded
Reviewed-on: https://code.wireshark.org/review/21030
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's copied-and-pasted from {somethingelse}shark.c, such as tshark.c;
it's not needed here.
Fixes CID 1405103.
Clean up indentation while we're at it.
Change-Id: Ia3ab41f64f055fcebeac6e49ebf5f5581125b960
Reviewed-on: https://code.wireshark.org/review/21082
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This structure contains an array of 65536 bytes.
Change-Id: Ied2c584100cb613dc195fbc5de7ae9a5ec5b770b
Reviewed-on: https://code.wireshark.org/review/21077
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That's the most recent version of the GeoIP legacy API.
GeoIP 1.6.1, and later, are available from GitHub, but not from
MaxMind's Web site.
Change-Id: I67b1b5b47761beac2fc303e18e39d9accac86e3b
Reviewed-on: https://code.wireshark.org/review/21081
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The payload dissection should start after the header, so do not reset offset.
Fixes: v2.3.0rc0-3039-g92ebd63892 ("netlink: let subdissectors handle the netlink header")
Change-Id: I6bdfdd967bc56cb99c07f4f151ef96592e18a508
Reviewed-on: https://code.wireshark.org/review/21057
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use offset in tvb, not 0 for computation.
Also add check for checksum = 0, which means checksum isn't present.
Bug: 13586
Change-Id: I18812894104c35e50ecb99aa8eca6b030c78c486
Reviewed-on: https://code.wireshark.org/review/21070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
MLE runs over UDP, but presumes IEEE802.15.4 is also an underlying layer.
Enforce it by ensuring IEEE802.15.4 protocol data is present.
Bug: 13589
Change-Id: I5fd54244499980637c121f5f8d1fb2d152d31c73
Reviewed-on: https://code.wireshark.org/review/21053
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
dissect_epl_asnd_nmtdna returns the offset + 27,
adding that to the original offset isn't correct,
unless the offset was 0 to begin with, which isn't the case.
Change-Id: Id0d5043b23a83aef8d07a6f6ee3b70486d913e9f
Reviewed-on: https://code.wireshark.org/review/21056
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Command' (zbee_zcl_general.applctrl.execcmd.id) has a conflicting entry in its value_string: 4 is at indices 4 (Start Superfreezing) and 5 (Stop Superfreezing))
Field 'Meter Type ID' (zbee_zcl_ha.metidt.attr.meter_type.id) has a conflicting entry in its value_string: 0 is at indices 0 (Utility Primary Meter) and 2 (Data Quality ID))
Change-Id: I9e92a5c58aea0d6ef00e8d5f61fdfb073b41ee80
Reviewed-on: https://code.wireshark.org/review/21058
Reviewed-by: Michael Mann <mmann78@netscape.net>
Field 'Stream Based Volume ID' (unistim.stream.volume.id) has a conflicting entry in its value_string: 111 is at indices 0 (C1=0xFF00 C2=0x00 C3=0x00 c4=0x00 Steady on. -13 dBmO per frequency.) and 1 (C1=0x0505 C2=0x0505 C3=0x0505 c4=0xFF00 3 burst(0.1 sec on,0.1 sec off),Then steady on.-13 dBmO per frequency.))
Change-Id: I49f50688b9e68d597190d891b114eea1ff3e4858
Reviewed-on: https://code.wireshark.org/review/21059
Reviewed-by: Michael Mann <mmann78@netscape.net>
As the comments say, proto_find_finfo() is slower than
proto_get_finfo_ptr_array(), as it has to scan the entire tree, and,
given that we're priming the tree with the fields we need (which we
*have* to do to *guarantee* that we'll get the fields we want;
requesting that a protocol tree be constructed isn't sufficient, and
asking for a "visible" protocol tree is overkill),
proto_get_finfo_ptr_array() will work.
Change-Id: Ic1e21105a0a89003a3cdd3d7a2e55ac287ddad5e
Reviewed-on: https://code.wireshark.org/review/21068
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes sure that postdissectors that indicate that they need certain
fields in the first pass will get them.
While we're at it:
Fix the field-fetching code in TRANSUM not to assume it got any
instances of the field being fetched.
Rename process_packet_first_pass() in sharkd to process_packet(), as
it's the only routine in sharkd that processes packets.
Rename process_packet() in tshark and tfshark to
process_packet_single_pass(), as it's what's used if we're only doing
one-pass analysis.
Clean up comments and whitespace.
Change-Id: I3769af952c66f5ca4b68002ad6213858ab9cab9b
Reviewed-on: https://code.wireshark.org/review/21063
Reviewed-by: Guy Harris <guy@alum.mit.edu>
bugfixes.
Change-Id: I7c42ddabea263bb15178a71014b6e25eb690cc4c
Reviewed-on: https://code.wireshark.org/review/21042
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pacify macOS buildbot
Change-Id: I60bdb0ca7b9a1456d6fe12879dec61c5dff19e53
Reviewed-on: https://code.wireshark.org/review/21039
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Problem: the "Apply as filter" option in the Endpoints dialog creates
the "INVALID==11:22:33:44:55:66" filter for IEEE 802.11 packets.
Since dissect_ieee80211_common initialises the address "whdr->src" and
"whdr->dst" fields using the "wlan_address_type" type, we have to do the
same in "wlan_host_get_filter_type". While at it, remove the check for
AT_ETHER since these will never match.
Change-Id: I43f9298adfa406ea37a383187137e3e0c1f8733d
Reviewed-on: https://code.wireshark.org/review/21015
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's sufficient to include <epan/proto.h>...
...as long as <epan/proto.h> includes <epan/tfs.h>, just as it includes
<epan/value_string.h>.
And, since it's already including <epan/value_string.h>, it doesn't need
to have a definition of struct _value_string as an incomplete type,
given that <epan/value_string.h> gives a definition of it as a complete
type.
Change-Id: Ic296bc0b0d68277ba7e0569412b780fd847ecca2
Reviewed-on: https://code.wireshark.org/review/21033
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dhiru Kholia