It appears we're only working on four chars anyways, so the cast to gint should
be safe.
Reverts 602d7d3d39
Change-Id: Ice101fea7dd7fe4cc65f0d673210c0c791cbe1c5
Reviewed-on: https://code.wireshark.org/review/277
Reviewed-by: Evan Huus <eapache@gmail.com>
fixes build errors on certain 32-bit systems
Change-Id: I6476107aa753b670df6bede0ce15ea6760e52aeb
Reviewed-on: https://code.wireshark.org/review/274
Reviewed-by: Evan Huus <eapache@gmail.com>
ADB Client-Server Protocol is protocol between adbd
(ADB Daemon aka Server) and adb client (aka adb).
Typically you can find it on "lo" interface over TCP protocol.
Change-Id: Iad008560c983f5ede554e1eaa728d703aae95eed
Reviewed-on: https://code.wireshark.org/review/233
Reviewed-by: Evan Huus <eapache@gmail.com>
BlueZ 5/Linux Kernel introduced new way to sniffing Bluetooth interfaces.
We are ready to use it. Libpcap provide new interface called
"bluetooth-monior".
Also fix trivial typos.
Change-Id: Ic608a3d8553bbebbb21f2733ec92c758cbf8f707
Reviewed-on: https://code.wireshark.org/review/253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Details:
- Use dhcpv6_domain() to handle dissection of certain FQDN fields:
+ OPTION_AFTR_NAME: Don't use get_dns_name(); It allows "compression"
which is not valid forthis field.
+ OPTION_CCCV6_IETF_PROV_SRV: Replace use of swap_field_length_with_char();
Fix bug which caused invalid "expert" message.
+ OPTION_CCCV6_KRB_REALM: Remove validation; replace use of swap_field_length_with_char().
- Allow filtering for each different FQDN field (rather than using a generic "dhcpv6.domain"
for the various FQDN fields).
- Fix some bugs in the display of the dissection for NTP_SERVER_OPTION;
- Add some "XXX ToDo" comments.
- Add some comments as the to specific RFC for certain options;
- Note that RFC 4075 is now "deprecated";
- CL-SP-CANN-DHCP-Reg: version I10 is the latest as Feb 2014.
Change-Id: I82edafb8293b71037b84629406ce609f9a835f04
Reviewed-on: https://code.wireshark.org/review/257
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I1e827ad4d2cf64411c5a87f4710235dc4d6efc35
Reviewed-on: https://code.wireshark.org/review/250
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Found by Massimo Vellucci
Change-Id: Ibbe2d0a4d1e421e647028262baf0398d05905c8d
Reviewed-on: https://code.wireshark.org/review/246
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Logcat can be exported from ADB over USB or ADB over TCP where can occur
multiple Logcat PDUs in one frame.
Change-Id: I290fa131e5600c62357e5be4e76096ea5c35364b
Reviewed-on: https://code.wireshark.org/review/234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
AVDTP does not specify byte order of protocol, but define that at byte level
(MSB/LSB). Moreover: Codec VendorId is in Little Endian and this patch fix that.
Change-Id: I91d8e9321e9909cb07d92d3df348ab6e1e5b1e1b
Reviewed-on: https://code.wireshark.org/review/222
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Z field of edns0 in Additinal records is decoded to text description incorrectly (wrong bitmask)
Found by Jittinan Suwanrueangsri
Closed-Bug: 9767
Change-Id: I8171b211cce79cb096a0f354764992f5cb18617c
Reviewed-on: https://code.wireshark.org/review/226
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Found by David Howells
Change-Id: Ic86e44b528069be8e43c1262c68afedcd159de23
Closed-bug: 9762
Reviewed-on: https://code.wireshark.org/review/225
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Up until now, openSAFETY hooked into a heuristic filter for epl
and dissected the whole package, handing back some epl header
information by calling epl again. This was time-consuming and
on a busy network led to an increase in dropped packages and
memory usage, as well as unresponsivness.
This patch only takes the payload data of epl frames, and
therefore greatly reduces the dissection overhead of openSAFETY.
On a second note, intergap data between safety frames is now
being displayed as Data, but only if the option for doing so
is specifically enabled in the openSAFETY preferences, as it
changes the behaviour of the dissector output.
Upd: Because of the gap handling, some frames where marked
as being truncated, although they were not, or did not contain
openSAFETY frames at all. In the course of the fix for this,
the byte copying for the byte swap with MBTCP has been moved
to only occur when needed, and is additionaly guarded.
Upd2: Identation and comment fixes
Upd3: Change memcpy to memdup and move find_dissector ( "data" )
to proto_reg_handoff
PLK: Store data dissector pointer
Move the if-clause to proto_reg_handoff as documented
in comment of Change-id: 191
Change-Id: I3038ed465900a2b5e63b3a0967abd62a4c66f318
Reviewed-on: https://code.wireshark.org/review/191
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Up until now, the heuristic dissector for epl allways passed the
complete epl frame. Therefore a lot of information got passed,
which was not needed, resulting in subdissectors to have to call
the epl dissector again, if the epl data had to be dissected.
This patch adds a second heuristic dissector (not breaking the
way, the existing one is working), which only passes the payload
of the epl frame to a sub-dissector, therefore reducing memory
overhead and increasing dissection speed.
Upd: Changes according to comments in patchset
Change-Id: I2ef309310f421f24d96dd1c188e188ccfa5935cd
Reviewed-on: https://code.wireshark.org/review/190
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
and fix up the msg names.
Change-Id: If2cc51a99bc236e840fea274d32989a5fe96aa29
Reviewed-on: https://code.wireshark.org/review/199
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
RFC 7118: The WebSocket Protocol as a Transport for the Session Initiation Protocol (SIP)
No yet support of auto-detect subprotocol (via Sec-WebSocket-Protocol)
Change-Id: I16e8ddd37002b3982673bd4a4a7b15f6200a4d85
Reviewed-on: https://code.wireshark.org/review/192
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- Add expert info about skipped notify IP address
- Add a couple of comments (cosmetic)
Change-Id: I6caa904cf16b304724c5da1933531cf865daf619
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/171
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
packet-parlay.c:53643:9: warning: passing argument 2 of 'get_CDR_wchar' from incompatible pointer type [enabled by default]
packet-parlay.c:53667:9: warning: passing argument 2 of 'get_CDR_wstring' from incompatible pointer type [enabled by default]
Change-Id: I027809139e74b563e759f28e2e141951166e53d0
Reviewed-on: https://code.wireshark.org/review/170
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
it only did the RSA MD5/SHA1 ones.
Change-Id: I7b16c7245dd1646f68479095540a8bef191d5fb2
Reviewed-on: https://code.wireshark.org/review/160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
From Anders Broman: parse security mechanism as specified in RFC 3329
Change-Id: I37300aa45740a11679149550943b3a1614ac8423
Reviewed-on: https://code.wireshark.org/review/138
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
- packet-bencode.c had the wrong FSF address
- wslua_int64.c had the license as a footer instead of a header
Change-Id: I71204b36a1034af72874d6fe87929c31c9ff03df
Reviewed-on: https://code.wireshark.org/review/123
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
There is no public spec, based only on analyze of packet
It is more easy to found the address IP of Intant AP
Change-Id: I3baf205c5e4ad699b954f4a9fbf4b9e65f82cb36
Reviewed-on: https://code.wireshark.org/review/121
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Specification: "If the TxAdd or RxAdd fields are not
defined as used in a given PDU then they shall be considered
Reserved for Future Use."
Change-Id: I767c0df0366afe789624046cda2d49c9875ffe60
Reviewed-on: https://code.wireshark.org/review/103
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Linux USB Header should be in Host Endian.
Also add ENC_HOST_ENDIAN to simplify code.
Change-Id: I95e7d97014633e8fc1d7739d0728780d70c60442
Reviewed-on: https://code.wireshark.org/review/15
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Apparently very recent gcc versions *do* complain about the cast from gint to
enum, despite the comment to the contrary.
Change-Id: I422df9950f1c7c46ca8ea37a0e3abd7aa8fc1c7d
Reviewed-on: https://code.wireshark.org/review/89
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Changed “GUID” to “CID” (Connection Identifier), as the original term carried common meaning and baggage that was not intended
Change-Id: I04986331aee33be237dab6963c0ff39accf507cd
Reviewed-on: https://code.wireshark.org/review/81
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When the GUID (CID or Connection Identifier in a more recent spec) field in Public Flags is 0, a zero-length item would be added.
This trivial patch prevents a dissector exception by checking the length first.
Change-Id: Idf6d970bc1b0b3f1a8e47618a8759f6a0cd54c65
Reviewed-on: https://code.wireshark.org/review/78
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
messages on the Data Display Channel (DDC)
this dissector is available as an option for I2C messages
it handles EDID messages (Extended Display Identification Data)
and passes HDCP messages on to the HDCP dissector
Change-Id: Ia8d8e73c36e2a1ad560b911dd4c1c9f34997b5c2
Reviewed-on: https://code.wireshark.org/review/63
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Try to dissect even it the size is not as expected.
Windows doesn't use alignment for smb-direct.
Change-Id: I66c465d331aaab5caf28385a6dd3a43b63af2208
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/56
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Change-Id: Ie1b684327a77c265188d916c1242d335c55aa8cb
Reviewed-on: https://code.wireshark.org/review/65
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
add editor modelines
Change-Id: I5433e0d41a30043264a0f60c2166de471c80745c
Reviewed-on: https://code.wireshark.org/review/64
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
This is wrong it breaks all sort of things. The "Volume label field"
is a special case, which can be fixed by using nopad=TRUE.
Change-Id: I3cd3f30ff0076d5e31a735391b175fd68e5fa142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/26
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
* Update to the last IANA icmpv6-parameters (2014-01-30)
* Update to final draft (for RFC 6743 and RFC 6775)
* Add RFC 7112 (Implications of Oversized IPv6 Header Chains) support (Add new Parameter Problem code)
* Fix a encoding arg
Change-Id: I90f65dfc54e5c0aff21a0e7ec2c937304aced02d
Reviewed-on: https://code.wireshark.org/review/62
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
- SNMT messages where presented in a way, where the value of the
field was not pointing to the correct bytes where it came from
- Sender / Receiver where renamed to be better understandable
- SN send to (Receiver) now comes first as it does in the byte
stream
Change-Id: I364cb248bed9489c0cf9c7bf9fbd37b0225dbd78
