UTF8String is not a known-multiplier character string, since the
characters are variable width. That means that a size constraint
in characters doesn't correspond to a fixed number of octets, and
thus that constraints are never PER-visible. (X.691 27.6) That
includes size constraints, extensions, permitted alphabets, etc.
The length determinant is thus the unconstrained type, and always
at least an entire octet instead of ever taking up a smaller
number of bits.
Extract the string as UTF-8 after aligning as necessary, which
will deal with illegal encodings.
Fix#18600.
The RXStringV type has one character (octet) stored per 32
bit word. There's no real indication of the string encoding
(possibly locale dependent, maybe ASCII or UTF-8.) Validate
it as UTF-8 for now, to produce good UTF-8 and handle the latter
two cases.
Fix#18583.
Use tvb_get_stringz_enc with ENC_ASCII instead of tvb_strsize
and tvb_memdup. Note that, in MMS encoding at least,
OMA-TS-MMS-CONF says that Text-string (where encoding is
not specified) is always US-ASCII.
For Encoded-string-values, get and process the MIBEnum charset,
at least when it's an integer (which OMA-TS-MMS-CONF says it
must be.)
Fix#18575
Whenever a string is inline or retrieved from the string table,
it needs to use the document encoding. Not tvb_format_text
(which always assumes UTF-8, though that is the default for WBXML
if we don't know otherwise), and *definitely* not tvb_get_ptr.
Replace a bunch of calls of tvb_strsize and tvb_format_text
(and one tvb_get_ptr) with tvb_get_stringz_enc with the
document encoding, which is now stored in packet level proto
data. (There should be a fallback to parsing it from the
Content-Type string, if the calling dissector provides it.)
Fix#18573
The displayLabel type in SCCP (skinny) is ASCII where certain
bytes are replaced with common phrases from a codebook. When
displaying the replaced string, remember to replace the non
ASCII characters with REPLACMENT CHARACTERS.
Fix#18592
Make changes to packet-skinny.c.in and SkinnyProtocolOptimized.xml
that incorporate changes from 67f05835ca
and 8efad466c4 made to the dissector
manually and regenerate. Also fix a case where a comment mixed
tabs and spaces, which caused the python conversion tool to complain.
Convert parse_xml2skinny_dissector.py to Python 3.
This is mostly the output of running 2to3, but some of the
uses of dict.keys() were left as is instead of being converted
to lists, since only membership was tested.
The dissector still needs to be regenerated, which will happen
in a next commit, so that this change can be easily backported.
Separate the tokens in xcsl using tvb_ws_mempbrk_pattern_guint8
instead of the dissector doing it manually.
Retrieve the ASCII token strings with tvb_get_string_enc to do
conversion to UTF-8.
Fix#18587
As stated in 3GPP 26.445 chapter A.2.2.1.4.2, RTP padding must be taken
into account to discrimate between Header-Full format and Compact format
Closes#18498
Since fvalue_to_string_repr does take the field base
as a parameter and that affects the representation,
an existing comment is no longer true, and we can
get rid of a large amount of duplicative special
handling for integer-based types.
Properly generate filter expressions for custom columns by
using proto_construct_match_selected_string on each value and
then joining them together later instead of trying to split
the column expression value.
This ensures that escaping is done properly for display filter
strings, that commas internal to field values are not confused
with commas between occurrences, that for multifield columns
we can distinguish which field each value matches, etc.
It's not entirely clear whether AND or OR logic is appropriate
for multiple occurrences; currently OR is used.
Bump glib requirement to 2.54 for g_ptr_array_find_with_equal_func
(this doesn't drop support for any major distribution that already
meets our other library requirements, like Qt.)
Fix#18001.
This an action frame to update the EMLSR / EMLMR mode.
This adds partial support for this frame.
It is fairly hairy to parse it because of its variable format, so for
now, just parse the EMLSR part and leave the EMLMR part for later.
According to TS 26.101, AMR_SID payload is 39 bits.
Hence, (39+7)/8 = 5, rounding to octet boundaries.
This fixes incorrect dissecting of Osmux frames containing AMR_SID
payloads.
Gtk popped up a search box when typing in the tree view.
Most places in Qt, a Search: field was added to the dialog.
Looks possible to buffer keystrokes and do a string search in Qt.
Default value is 400ms (even on Windows). Average typing speed of
200 cpm = 300ms per character = too close to 400ms when searching
the protocol name in Preferences -> Protocols.
packet_info has items that correspond to the single "most recent"
conversation set via conversation_set_conv_addr_port_endpoints or
conversation_set_elements_by_id. These should be reset after each
call of a dissector, because they are only relevant for the
dissector and any additional higher level dissectors it calls.
Lower level protocols and protocols at the same level (i.e., in
different PDUs of a shared lower level protocol) don't want to
automatically use those conversation elements to find the current
conversation.
Separately, there should be an array or linked list of all conversation
elements set in a packet, so that it can be used by the conversation table,
conversation filters, etc., instead of just accessing the most recent
conversation / conversation based on the last set address and ports.
Fix#18278
Add a tlsinfo struct that is similar to tcpinfo, and carries
the sequence number (within the TLS stream) and the end of
stream notification (from the TCP FIN or close_notify alerts)
in addition to the session app handle pointer already used
by TLS heuristic dissectors.
Have HTTP use the end of stream notification in order to
handle DESEGMENT_UNTIL_FIN the same way it does when HTTP
is directly over TCP. Also have HTTP use the sequence number
in order to reduce chunked processing from O(N^2) to O(N)
similar to done over TCP.
Update all the TLS heuristic dissectors that set the app
handle to use the new structure.
Note the workaround for the issue #15159 - the TLS dissector
has to report to the TCP dissector that desegmentation at FIN
is required, so that the TCP dissector will know to call the
TLS dissector at FIN. However, the TLS dissector does not request
that the TCP dissector resend bytes belonging to records that
TLS has already desegmented (and decrypted, if possible), to
avoid decrypting twice (and upsetting the decoder state.)
This can mean the TCP dissector calling the TLS dissector to
desegment at FIN with a zero byte payload. In such as case, the
TLS dissector artificially returns "1" byte dissected to avoid
indicating rejecting the payload and having the TLS (and subdissector)
layers removed. (TCP ignores the value returned when desegmenting
at FIN.)
Fix#9154. Fix#14382.
The host, request method, request URI, and response code are
information that are local to a request/response pair. Storing
them in the conversation data struct means that we only have access
to one set of values at any one point.
Currently they are updated every time a packet is dissected,
which is fine for sequential processing but causes unexpected
behavior when scrolling the window upwards, going directly
to a packet, or filtering, among other out of order behavior.
Store the values in the per packet data, and create the
file scoped data only on the first pass. The conversation
level data will have access to the final http_req_res_t
struct, which is useful for connections that Upgrade to a
different dissector.
Also, when a response code is in the Informational 1xx category,
that means it is an interim response and the next response could
be for the same request. (This affects 100 Continue, 103 Early
Hints, etc.)
Fix#16753.
Add the name, type, and values of field tables and arrays as
fields under the FT_NONE header. This makes them filterable
and show up in JSON export.
Fix#18385
John Thacker
Pau Espin