ElektroBit High Speed Capture and Replay protocol is produced by a
PCIe Card for interfacing high speed automotive interfaces.
Bug: 15474
Change-Id: Ibb3ea36d9281b2779e2cc13d29b66dc382782ca3
Reviewed-on: https://code.wireshark.org/review/31847
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put back some code removed in g14d5ab01c0 but that is still required.
Change-Id: I5a2f52a5056e41b3907479dbae55acbc07080ef1
Reviewed-on: https://code.wireshark.org/review/31880
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is optional, and enabled by setting PROTO_ROOT_NAME to the name
of the item in the OPT section of the .cnf file. For now, setting
only in nr-rrc.
Change-Id: Ibe96c7de982af0346af90bc0e095f20d1a7ac506
Reviewed-on: https://code.wireshark.org/review/31876
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Try to find dissector for Content-Body based on Content-Type
Change-Id: I2d4b4bd2de92e7e0d1282afdae1976ce00b962a6
Reviewed-on: https://code.wireshark.org/review/31807
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PCOM/Binary command translation to meaningful descriptions.
Add a few more PCOM/ASCII codes. Minor fixes.
Change-Id: I74da9cd2b220a0ab9e37ee06f5ef1f2563847c24
Reviewed-on: https://code.wireshark.org/review/31858
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Add Binary Output Change to the Read Objects list
Change-Id: I0e5a67fdba5d8b2412c05bc416feaa0fe81ace15
Reviewed-on: https://code.wireshark.org/review/31862
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
User guides are installed to doc/Wireshark. Use doc/wireshark instead.
Remove leftover variable CPACK_PACKAGE_NAME.
Change-Id: I9a1d6bdc7d8f0b48c61e43679285d5ba83904a63
Reviewed-on: https://code.wireshark.org/review/31851
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
PCOM/ASCII command codes translation to meaningful descriptions.
Additional dissect of PCOM/ASCII fields used in read and write
operations. Some pcap files for testing here [0].
[0] https://github.com/lmrosa/pcom-misc/tree/master/pcaps
Change-Id: I006de518d3de41c6a4b66eb2387cb546054c955d
Reviewed-on: https://code.wireshark.org/review/31467
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Ia64089516bd83e1441b55c23f88c967e396ee70d
Signed-off-by: Goldman, Adam <adam.goldman@intel.com>
(cherry picked from commit 9e95627f71cbdaf3a29cca24f7219d05d5d8f4c2)
Reviewed-on: https://code.wireshark.org/review/31774
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This caused a NULL pointer dereference on ASAN builds with
malformed packets.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==15485==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7ff49a4281fa bp 0x7ffe5257a4d0 sp 0x7ffe5257a2c0 T0)
==15485==The signal is caused by a WRITE memory access.
==15485==Hint: address points to the zero page.
#0 0x7ff49a4281f9 in dissect_tcap_AARQ_application_context_name wireshark/epan/dissectors/./asn1/tcap/tcap.cnf
#1 0x7ff498e7bab1 in dissect_ber_sequence wireshark/epan/dissectors/packet-ber.c:2425:17
Bug: 15464
Change-Id: I8fd4f09a1356211acb180e4598a33fce96d98e94
Reviewed-on: https://code.wireshark.org/review/31840
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the output of "tshark -Tjson --no-duplicate-keys" more useful.
Note: connection information is only available under the first QUIC item
to avoid duplication of information.
Bug: 13881
Change-Id: I5e25b1f3936e259d621002151f4d76a3538c9aa4
Reviewed-on: https://code.wireshark.org/review/31817
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A commoly used convention when adding more then 1 protocols in
COL_PROTOCOL (using col_set_fence) is to separate them using the
'/' character. Some dissectors use ' ', others use '|'. Make them
all use '/'.
Change-Id: Ibcddd7500f637d96313b264122d48ac6bff1e96c
Reviewed-on: https://code.wireshark.org/review/31804
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
One reason to use Wireshark is to diagnose protocol errors, so don't,
for example, treat too-short packets, in a TCP connection where we've
already seen rpcap packets, as not being rpcap packets. (Yes, that *is*
a bug, in the libpcap master, that I found and fixed.)
Change-Id: I9a81e5b9a2910331574164395302247a446e805b
Reviewed-on: https://code.wireshark.org/review/31809
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to allocate pointers for subtree indexes.
Change-Id: Ia1214e42d8220341454e1126878c217835788797
Reviewed-on: https://code.wireshark.org/review/31776
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Free allocated strings before allocating new and in free callback.
Change-Id: If7bd0ee8455cf3c3e0c6300ce79e20557256eb8e
Reviewed-on: https://code.wireshark.org/review/31773
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The Unicast Schedule IE (US-IE) and Broadcast Schedule IE (BS-IS) may
define an explicit channel plan with the following fields in the channel
information fields:
24-bits - channel 0 frequency in kHz (little endian byte-order),
4-bits - channel spacing enumeration,
4-bits - reserved (must be set to 0), and
2-bytes - number of channels
Bug: 15451
Change-Id: If6923faca777343e17b0cb9012bb07d98b9bc194
Reviewed-on: https://code.wireshark.org/review/31745
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This should be changed so that ieee1609dot2 is called with a struct as
data containing the psid. If needed it can be stored in actx->private
data.
Change-Id: Iccef08a93fd090eb586401b2999684eee2afb382
Reviewed-on: https://code.wireshark.org/review/31775
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 digits values could overflow the destination buffer. Skip them
since they're invalid and can only from tainted data.
Bug: 15447
Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61
Reviewed-on: https://code.wireshark.org/review/31751
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
That would prevent subsequent protocols to clear it, resulting in multiple
definitions in that column.
An example is NFS as next protocol. When contains multiple NFS operations,
COL_PROTOCOL contains NFSNFSNFS...
Bug: 15443
Change-Id: Idf9469873164160dc4795589c61c342ce019521b
Reviewed-on: https://code.wireshark.org/review/31755
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Fixed issue with incorrect item end being set for the
grouping header if it includes a KA certificate.
Length was subtracted first (set to 0) and therefor the
offset would remain unchanged.
Change-Id: I23ab1620613af821ee5a41fc29b83e6d4b08430e
Reviewed-on: https://code.wireshark.org/review/31764
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Colmetadata handling for TEXT, NTEXT, and IMAGE types was incorrect for
TDS 7 versions before TDS 7.2. In addition, the macros using for testing
versions were incorrect.
Clean up max length display to agree with Microsoft specification (as best
as I can understand it).
Bug: 3098
Change-Id: I8254649fd3de97c103078ceaac1557fde3569ded
Reviewed-on: https://code.wireshark.org/review/31734
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Moved FabricInfoRecord ett to right location.
Change-Id: I97dd540e9929126648a0c690f54f2caa88838365
Signed-off-by: Goldman, Adam <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/31716
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The single byte within the ZWP could be retransmitted with the next
segment, this is perfectly acceptable behavior. Do not flag these new
segments as retransmissions or Out-Of-Order.
Bug: 15427
Change-Id: I76db2b7a2b684c8c78fa24c9c4b457e1833d12b7
Reviewed-on: https://code.wireshark.org/review/31731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes leaks of allocations from dissect_key_exch as detected by ASAN
while running the following tests:
test_ikev1_simultaneous
test_ikev1_unencrypted
test_text2pcap_ikev1_certs_pcap
test_ikev1_certs
Change-Id: Ifc102539efadd33d1b9d9921bcdbb35dfd31927f
Fixes: acfe071eb6 ("Add decryption support.")
Reviewed-on: https://code.wireshark.org/review/31740
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* remove _U_ unused attribute for used args
* no need for gcry_err_code() for success
Change-Id: I4c629657328506255da066671b69a98d0f088a3b
Reviewed-on: https://code.wireshark.org/review/31729
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change aligns this field with the image size and data size fields,
which are also shown as decimal.
Change-Id: I0e34a2742ae3d18c7b2501e895406f4b416a9ca6
Reviewed-on: https://code.wireshark.org/review/31717
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
HAVE_LIBXML2 can be set while PARSE_XDD is unset, resulting in missing
functions and linker errors.
Bug: 15419
Change-Id: I0aa20a80080d159bfb6eebccc503b66cc148f7f8
Reviewed-on: https://code.wireshark.org/review/31715
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Addresses a -Wmissing-variable-declarations warning from Clang.
Change-Id: I04de4b2017a61f9e605892338426b1a49042671f
Fixes: v2.3.0rc0-1774-g8efb7fece1 ("Adjust proto_tree_add_xxx_format_value calls to use unit string")
Reviewed-on: https://code.wireshark.org/review/31721
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added Common function to convert 256-bit Port Select Mask into a range
string (e.g. "1-3,5-8,10").
Used wmem_strbuf API to allocate range string.
Change-Id: I70d737d1a33e84c7961eaf0bf83a1bc0689380a1
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28506
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the PDU types needed for SA
were missing in earlier RRC versions.
Change-Id: Ida3b091fe91961cf3cd8e7476692d2467211b5fd
Reviewed-on: https://code.wireshark.org/review/31703
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The string value is stored in the conversation, so use file-scoped
memory instead of g_strdup. Convert to union to save space.
Bug: 15440
Change-Id: Ie2dabfc67ac1db1cc8f864601b8395dcdec7caf8
Fixes: v2.9.0rc0-2719-g8bd0616621 ("SDP: Show callid from all call legs with the same RTP cpnversation.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11845
Reviewed-on: https://code.wireshark.org/review/31704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Caught by ASAN:
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x564bccf83549 in malloc (run/tshark+0x1b0549)
#1 0x7f8dd1d488d1 in g_malloc glib/glib/gmem.c:99:13
#2 0x7f8dd1d29094 in g_slice_alloc glib/glib/gslice.c:1024:11
#3 0x7f8dd1d64cde in g_hash_table_new_full glib/glib/ghash.c:717:16
#4 0x7f8dde889de6 in smb2_get_session epan/dissectors/packet-smb2.c:1135:15
#5 0x7f8dde89258e in dissect_smb2_session_setup_response epan/dissectors/packet-smb2.c:3356:16
#6 0x7f8dde8867cd in dissect_smb2_command epan/dissectors/packet-smb2.c:9189:12
#7 0x7f8dde87fb6e in dissect_smb2 epan/dissectors/packet-smb2.c:9543:27
Change-Id: I33586e8d27263a8e546efb2ee3a3054eb9a66893
Reviewed-on: https://code.wireshark.org/review/31702
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Add more Motion attributes
2. Pull out some copy-paste code into functions
3. Add some units to existing data
Change-Id: I82f112e2f8595eb904076ee758b2e7e034354243
Reviewed-on: https://code.wireshark.org/review/31680
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TS 32.298 reference TS 29.274 for decoding of CSGId,
which describes the CSGId as a unsigned int.
Change-Id: I79e7ae2ac2e997ba64e10a7351a04b421da1fc86
Reviewed-on: https://code.wireshark.org/review/31692
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the ZCL cluster id is in the range 0xFC00 .. 0xFFFF the cluster is a manufacturer specific cluster.
The information shown was 'Unknown' and should be 'Manufacturer Specific'.
Change-Id: Id3ae90aea65c6049c38df2029871fdcfc41ce565
Reviewed-on: https://code.wireshark.org/review/31668
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename ACK Block to ACK Range, merge the ACK(0x03) frame with the
ACK(0x02) frame by special casing the ECN Blocks addition. Update field
names and descriptions to match the current spec.
Bug: 13881
Change-Id: I9fb9d1f19d82bbd8323396627b773fd548a12a4c
Reviewed-on: https://code.wireshark.org/review/31688
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the flag descriptors for options inside a set_with_meta and
del_with_meta message, whilst also adding a new flag, IS_EXPIRATION,
for only del_with_meta.
Change-Id: I2f97c5aecb618e90783a39ce026ae0feba110dfd
Reviewed-on: https://code.wireshark.org/review/31675
Reviewed-by: Jim Walker <jim@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'Src port' (mint.header.srcport) has a conflicting entry in its value_string: 133 is at indices 63 (trouble/dgram) and 64 (trouble/stream)
Change-Id: Ic0033e2fad7cc8338aafec6f4a32df0fbe4c3d9d
Reviewed-on: https://code.wireshark.org/review/31630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* implement preauth hashing
keep hash state in conversation object
- preauth_hash_con for connection hash state
- preauth_hash_ses for session preauth hash state
- preauth_hash_current points to either one of the above depending
on where we are in the connection state
- store final session preauth hash in session object
store per-packet hash in the saved packet data
object (smb2_saved_info_t) and display it as generated field.
since request and responses share the same pointer, make a hash buffer
for each (preauth_hash_req, preauth_hash_res).
* implement 3.1.1 key derivation
use session preauth hash to generate the keys
* sample
Sample from https://wiki.wireshark.org/SampleCaptures#SMB3.1.1_encryption
can be loaded as follows:
tshark -ouat:smb2_seskey_list:690000ac1c280000,b25a135fc3dc14269f20d7cbc8716b6b -r smb311-aes-128-ccm-filt.pcap
To obtain the session id and key you can compile your kernel with
CIFS_DEBUG_KEYS enabled and all the info should be printed on the
console when cifs.ko generates keys. The patch that adds this
config option merged in Linux 4.13 kernel.
Change-Id: Iee41ef9e2dd93795a0c7953fdd1f5256fe477dd2
Reviewed-on: https://code.wireshark.org/review/31659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
* factor out duplicated code to lookup and create sessions
* we now create (potentially dummy) session object all the time, no
need for null checks.
* stash session key in session object in preparation of SMB3.1.1
decryption
Change-Id: I5499c6363abc1356fd35f22b1b8bc363dd5ec347
Reviewed-on: https://code.wireshark.org/review/31658
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
in preparation for SMB3.1.1 decryption we need to know the dialect
when generating the keys.
Change-Id: I68a75bfe6f85b1941a201f8f261de16dbba3dc37
Reviewed-on: https://code.wireshark.org/review/31657
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
factor out duplicated code in decrypted and plain packet to display
generated session informations.
Change-Id: Id6d1d862da753cb5dc4111ec61d1c55c6f6fd760
Reviewed-on: https://code.wireshark.org/review/31656
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Change-Id: I37a0cd4bb6ee419873ab05a131279c36c68a8c13
Reviewed-on: https://code.wireshark.org/review/31653
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This results in shorter filters. Some filters (such as quic.stream)
already omitted "frame_type". Done with an automated search and replace.
Change-Id: Iad8710b3b66487e5f744e10cde3561d34f20fe99
Reviewed-on: https://code.wireshark.org/review/31648
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also reorder fields to match the bit layout.
Bug: 13881
Change-Id: I43d3186ae0a0f871302b8a3b34fcb628b38b2306
Reviewed-on: https://code.wireshark.org/review/31644
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As all packet number fields are encrypted, it is no longer useful to
display the partial packet number. The user can infer the original
decrypted value by checking the field length and truncating the value.
Bug: 13881
Change-Id: I7926ac7439ff579b9dd5047dde87f738aefac76d
Reviewed-on: https://code.wireshark.org/review/31643
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create ciphers earlier in the long header dissection process such that
the flag byte can be decrypted, dissect Reserved and Packet Number
Length fields.
Bug: 13881
Change-Id: I233ee1cab9783f00a4ed6e1e3689135f979ec820
Reviewed-on: https://code.wireshark.org/review/31642
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
While gQUIC Q044 is compatible with the IETF QUIC long headers format,
it is not the same. Remove gQUIC support since it is incomplete (flag
dissection is wrong, payload is not correctly dissected) and slows down
IETF QUIC dissector development. If support is restored, it should
likely be added as heuristics in packet-gquic.c
This is a manual revert of v2.9.0rc0-2173-g9fcb4af6b6 ("QUIC: gQUIC Q044
always use CHLO from gQUIC (with tag)") plus some other changes.
Change-Id: If75d81a4c38475f4e11fd8ade7252991f0ba0316
Reviewed-on: https://code.wireshark.org/review/31640
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This was necessary to support draft -12 and -13 at the same time. As the
QUIC WG seems to slow down on further changes, this can be removed.
Removing this prepares for properly dissecting the decrypted flag byte
in dissect_quic_long_header.
Change-Id: Ieb7852e2cbdb89730a80b574d04e9ca42e16c23a
Reviewed-on: https://code.wireshark.org/review/31641
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Draft -17 shifts the key phase bit and encrypts it. The old KP bit is
now always 1 which broke decryption due to selection of the wrong
payload protection cipher.
Split calculation of the header protection and payload protection
cipher such that the short header flag can be decrypted earlier. Now the
decrypted flag can be displayed and the correct pp cipher is selected.
Bug: 13881
Change-Id: Ic9468498c3d0fb3f0a456d947824b40709db4927
Reviewed-on: https://code.wireshark.org/review/31637
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Decryption would fail after switching from Initial to the Handshake
message due to the packet number changing from 1 to 0 which would result
in the wrong reconstructed packet number. To fix this, implement three
different packet spaces and update the full packet number only if
decryption succeeds.
While at it, document all tricky interactions between packet number
spaces and different secrets / ciphers.
Bug: 13881
Change-Id: Ic88a83cdf76cb024054de8a32ea959bd1dacaca3
Reviewed-on: https://code.wireshark.org/review/31635
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Packet numbers in handshake messages are protected by a cipher different
from the initial cipher.
Bug: 13881
Change-Id: Ife6524c0525df10ff3c64f4333908b189f823509
Reviewed-on: https://code.wireshark.org/review/31634
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Swap Retry and 0-RTT Protected identifiers to fix connection tracking
and decryption. Fix detection of Retry packets.
Bug: 13881
Change-Id: I41d1b5674a5ec634b3c55bee72d6943664039dba
Reviewed-on: https://code.wireshark.org/review/31629
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of showing the CRC16 value of the clientid, this commit
displays the real value of the clientid in the INFO column.
Bug: 15432
Change-Id: Iaeae89bf7dfe4b08746a4da9515f25f9ae6c02ac
Reviewed-on: https://code.wireshark.org/review/31628
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While at it set p2p_dir.
Change-Id: Ia63ba998db72353963eddc4baa811ce552fd617a
Reviewed-on: https://code.wireshark.org/review/31590
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Joakim Karlsson <oakimk@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PUBACK, PUBREC, PUBREL, and PUBCOMP can all have abbreviated packets
which are not currently handled, leading to those forms being marked as
malformed.
Bug: 15428
Change-Id: I1e6e5dbbca29e7e731683d5c166f9abf978f62b2
Reviewed-on: https://code.wireshark.org/review/31580
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Show 3 digits of precision after the decimal place for API/RPI when
displaying in ms.
2. Remove displaying the value as hex microseconds.
Change-Id: I483739c13ff0e02bd773b5207b41a5eec6c23289
Reviewed-on: https://code.wireshark.org/review/31583
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DTLS and TLS dissectors already share code for parsing the key log
file contents but the actual key material was stored separately. As
implementations (like GnuTLS) write the TLS and DTLS secrets to the same
file (specified by the SSLKEYLOGFILE environment variable), it seems
reasonable to combine them.
This also enables use of the pcapng Decryption Secrets Block for
decryption of DTLS traces. The dtls.keylog_file preference has become
obsolete and can no longer be used (this was not tested anyway).
A new test was added based on dtls12-aes128ccm8.pcap, the master secret
was extracted using the tls.debug_file preference.
Bug: 15252
Change-Id: Idfd52c251da966fe111dea37bc3fb143d968f744
Reviewed-on: https://code.wireshark.org/review/31577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Should this be default off? I had a false positive.
While at it remove unused hf entry.
Change-Id: Ia3ec0f2e127659349226af9bc2acb0812960a0a6
Reviewed-on: https://code.wireshark.org/review/31574
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Corrected the Multicast Active/Idle true_false_string order
Change-Id: I1753f4cfc9e1ea138789a236976b649607d74831
Reviewed-on: https://code.wireshark.org/review/31567
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector for http://fd.io vpp graph dispatch traces. The file
format is described in detail here:
https://fdio-vpp.readthedocs.io/en/latest/gettingstarted\
/developers/vnet.html#graph-dispatcher-pcap-tracing
Fuzz-tested with good results.
Bug: 15411
Change-Id: I3b040bb072ce43fb2fb646a9e473c5486654906a
Signed-off-by: Dave Barach <dave@barachs.net>
Reviewed-on: https://code.wireshark.org/review/31466
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The UDP-NM dissector is actually AUTOSAR-NM and works over UDP and CAN.
The change also adds parsing of reserved bits of control bit vector and
the 'NM Coordinator Id' field which was present in revision 3.2 but now
is deprecated (bits are marked as reserved).
Since not every packet on a CAN bus is an Network Management one,
parameters were added to filter only packets with specific ids.
In order to define ids to be dissected one should define a reference id
and a mask in preferences.
Change-Id: Ica69032b7200c4c3a1f81130ebcea0dd4144cbf2
Reviewed-on: https://code.wireshark.org/review/31560
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In PID_TYPEOBJECT_LB dissection class_id_enum_names char* array has
been replaced by a string_values so it won't cause any issue if
the read index value is out of bounds.
Bug: 15405
Change-Id: I0dc9d8d00024a2fbb03fca7238ab709b91b059aa
Reviewed-on: https://code.wireshark.org/review/31484
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added support for dissecting IS-IS BIER Info Sub-TLV and BIER MPLS
Encapsulation Sub-sub-TLV, as per RFC 8401
Bug: 15421
Change-Id: Iec5e275f3afef7cb64d474634bd0a89b42a1b480
Reviewed-on: https://code.wireshark.org/review/31551
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It can be annoying to have to manually calculate the number
of tones based on the global bandwidth and the RU allocation.
Do that in the dissector.
Change-Id: I42eb403a91ebacc4fcfaa3e8c3e793a055d2b9f8
Reviewed-on: https://code.wireshark.org/review/31559
Reviewed-by: Emmanuel Grumbach <egrumbach@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
When selecting the Host key tree 4 bytes of the host key are missing because
the subtree has length key_len and does not include the length of key length
field itself.
Change-Id: I1a1ca2f3a5ea651c9dab4f0edc705df2c98a7ae4
Reviewed-on: https://code.wireshark.org/review/31464
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
SNN = Safety Network Number
No functional/parsing changes.
Changes:
1. Fix some display fields and filter names that previously used the
incorrect ssn naming.
2. Changed all variable names in a similar way.
Change-Id: I7bdc52a5aef31a9c6007545d5a79c99bab6cd184
Reviewed-on: https://code.wireshark.org/review/31549
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TSF values are "normal" numbers, not a bitmap
or anything like that.
Moreover, we often need to add or substract values
from the TSF of a beacon. Change it to be printed in
decimal to make people's life easier.
Change-Id: I01505395fb10538b204a87dd864ac04e29b821e0
Reviewed-on: https://code.wireshark.org/review/31544
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The change adds support of CAN flags stored in ids.
The flags allow dissectors to distinguish error frames,
remote transmission request frames and identify id type used (either
standard 11-bit or extended 29-bit).
Addition of bit flags allowed to add more checks whether a CAN frame may
be decoded by a particular dissector. I.e. some dissectors work only
with 11-bit ids (CANopen, DeviceNet) some only with 29-bit (J1939,
ISObus), others should be fine with bot types (OBD-II, ISO 15765).
The change also fixes 2 bugs in the DeviceNet dissector:
* removed byte swapping of CAN id (the pcap file seems to be broken;
verified dissector operation with random traffic generated by cangen)
* fixed "Warn Dissector bug, protocol DeviceNet, in packet N":
added a default value for fragmented message type string value lookup.
Bug: 15418
Change-Id: I70e91130789bb3367fe19e51489cd34e97d678a6
Reviewed-on: https://code.wireshark.org/review/31471
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the length we don't need to add another 4 bytes.
Change-Id: I276801ab4c5c6a1d9e37b55956f352c16b673db8
Ping-Bug: 15413
Reviewed-on: https://code.wireshark.org/review/31510
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When that version isn't available, we still need to have this
function available. Make it always available, then, with empty
implementation.
Change-Id: Ia827922c181676bbb2ba4a02dc09290b8cdb1a5c
Reviewed-on: https://code.wireshark.org/review/31491
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The old packet number encryption method was replaced by a new header
protection mechanism which also encrypts some bits of the first byte.
Patch the old code to support this byte. Future patch should clean up
this messy code, but at least (Initial) packet decryption works now.
Bug: 13881
Change-Id: Ia0f40614c1084ba6f7fc597b8f6dc85845ea1fbd
Reviewed-on: https://code.wireshark.org/review/31480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add additonal protocols as defined in RFC8287 section 6
Bug: 15410
Change-Id: I2254cda6031c85d103b85f47604265d80a54f436
Reviewed-on: https://code.wireshark.org/review/31478
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
What we were calling the "name" is actually a description to show to
users; what were calling the "short name" is just the name to use on the
command line.
Rename some routines and structure members, and put the name first and
description second in the table.
Expand some descriptions to give more details (e.g., to be more than
just a capitalized version of the name).
Fix the CamelCase capitalization of InfiniBand.
Change-Id: I060b8bd86573880efd0fab044401b449469563eb
Reviewed-on: https://code.wireshark.org/review/31472
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixed the data type for zbee_zdp.profile to use the proper data type
of UINT16.
Change-Id: I20bac57ec3a0a7261aeb65333d9dd4b5bdb4a85c
Reviewed-on: https://code.wireshark.org/review/31458
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using raw CAN id allows us to drop error frames and frames with
standard ids since J1939 work only with extended ids.
Also if allows us to not to decode payload of RTR frames.
Change-Id: I06cec52176be79028f9ac5bce2017907c06aacfb
Reviewed-on: https://code.wireshark.org/review/31449
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the current implementation only masked id is provided to
subdissectors, which doesn't allow to filter packets effectively.
E.g.: J1939 should dissect only extended frames. Without EFF flag, the
subdissector is unable to filter out frames with 11-bit ids.
Also J1939 tries to dissect pyaload of RTR of ERR frames, which obviously
doesn't make sense.
The change exports raw id alongside the masked one for backwards
compatibility. Once all the CAN dissectors are updated to use the raw
variant (if necessary) the masked variant may be dropped.
Change-Id: I52df5673ecfd53d2e65790c4187ea129e67a88e9
Reviewed-on: https://code.wireshark.org/review/31448
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was previously being parsed as a UNID, which is not correct.
Change-Id: I2f9fc17debf3ce60d35d71a28bd1d19f54a1b982
Reviewed-on: https://code.wireshark.org/review/31441
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This avoids warnings from Clang. Rewriting this to use the cursor API might
be interesting.
Change-Id: I8a5459ffbee8d0907757e99eff273d7eff6d1735
Reviewed-on: https://code.wireshark.org/review/31436
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9c3a6098e2a54d281228689cdbbbbf78604b2750
Reviewed-on: https://code.wireshark.org/review/31422
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
for avoid -Wmissing-prototypes warning
Change-Id: I92edf8d62c3685033c4424f9af16d4094c6599d6
Reviewed-on: https://code.wireshark.org/review/31421
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie8f1a4a4a11370ff5d5d85f8110aec568f88877e
Reviewed-on: https://code.wireshark.org/review/31410
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
DATE_AND_TIME struct is actually time then date. We were previously
parsing it as date then time.
Change-Id: I7367b5502318de32b7c9e7fd170ae58de4c3347f
Reviewed-on: https://code.wireshark.org/review/31431
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The only place where it's currently called passes it data.
Do a DISSECTOR_ASSERT() check to make sure it's non-null.
Remove null-pointer checks that this renders no longer necessary.
Change-Id: I2fc86f9591a7126d328029379ecfe98400dd01cb
Reviewed-on: https://code.wireshark.org/review/31419
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All exported (via dissector tables and dissector handles) routines that
call dissect_atm_common() first do DISSECTOR_ASSERT(atm_info != NULL),
so dissect_atm_common() will never be called iwth a null data pointer.
dissect_reassembled_pdu() is called only from dissect_atm_common(), so
it also won't ever be called with a non-null data pointer.
Fixes Coverity CID 1442299.
Change-Id: I3b455ac546a6a0cd6aa8ef184c71fda2ca2a0710
Reviewed-on: https://code.wireshark.org/review/31418
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I9913b9653fedeb9cc119f10632f4c96fe54027b4
Reviewed-on: https://code.wireshark.org/review/31408
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I09e9a2ee8a89e4784057eb50e47022a7d1e74943
Reviewed-on: https://code.wireshark.org/review/31291
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ifbe72c48ec401582d2df30b440e449398c71eb40
Reviewed-on: https://code.wireshark.org/review/31414
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic9774cc09ab5c7582dc85bf41e4021bddfca1ebe
Reviewed-on: https://code.wireshark.org/review/31382
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
