Document that the payload of the BLE_EVENT packet is excluding the preamble
that is sent on air.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531b
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36785
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add BTLE physical channel pdu type from capture context. The dissector uses
the access address to determine if the packet is either an Advertising physical
channel PDU or a Data physical channel PDU.
This assupmtion is not valid for Periodic Advertising where the AUX_SYNC_IND
advertising packet will be sent with a non-advertising access address.
There is also the new Isochronous physical channel PDU which can be both
broadcasted or connection-oriented.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345318
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36782
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Document the RSSI sample result in the nordic_ble dissector. This value is
directly from the RSSISAMPLE register which is a positive number. It must
be converted to negative value.
Change to using INT8 because the RSSISAMPLE is only 7 bits value, and will
always be a positive number.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531a
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36784
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Dissect the common extendend advertising payload header which is common for
the following advertising PDUs:
- ADV_EXT_IND
- AUX_ADV_IND
- AUX_SYNC_IND
- AUX_CHAIN_IND
- AUX_SCAN_RSP
- AUX_CONNECT_RSP
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345317
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36781
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add handling of ADV_EXT_IND and setting valid adv header flags.
Advertising Extension assumes channel selection #2, and both TX and RX address
type bits must be checked if present in the extended advertising header by
reading the extended advertising header flags.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345315
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36780
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Like in markFrame, the integer list of selected rows is not used in
ignoreFrame. Remove it.
Change-Id: Ic2bf4b1d2d330767370a2e831e321e285cb00e91
Reviewed-on: https://code.wireshark.org/review/36805
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "rows" variable is populated with the indices of all selected rows.
It seems that rows is never read and can be removed.
(In parallel, there's QModelIndexList frames. This list is used
when it comes to actually marking the selected packets.)
Change-Id: If2b97a2f5d87fe24717b9ad56444e2a779e0b3fc
Reviewed-on: https://code.wireshark.org/review/36804
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure the summary record is large enough; if not, report it as a bad
file.
If it's *too* large, skip the added data.
Clean up the length check for the header records - use sizeof, as we
later use sizeof when subtracting the fixed length portion's length.
Change-Id: I70697804eaa0cbbb1fb074eadf6457d237f26876
Reviewed-on: https://code.wireshark.org/review/36814
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Get rid of leftover duplicate code setting up the wtap structure and
private data before we've found a summary record.
If we find no data records, break out of the loop, so we fall into the
code that sets up the wtap structure and private data.
Change-Id: I00652bb7f3cb52b6c7c2088c6dd5fe5ec9a012a7
Reviewed-on: https://code.wireshark.org/review/36806
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
A generated item is not derived from the bytes in the packet.
The components of the length field and the timestamp are fields in the
packet. They should not be marked as generated.
Change-Id: Ic2e74f7db50b2ea65bc0e48883e6562992114296
Reviewed-on: https://code.wireshark.org/review/36766
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use proto_tree_add_item() for the timestamp, there's no need to extract
the time manually.
Remove the unnecessary if (tree) check.
Call proto_tree_add_item_ret_uint() to read the value and add it to the
tree in one go.
Change-Id: Ibce3a5c83c260e46c4bd6ebf957e300fd345ed8a
Reviewed-on: https://code.wireshark.org/review/36765
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use content-type property to decode message.
Lookup Topic using topic-alias property mapping from the first Publish
message if this is used by the sender. Add an expert info note when
a lookup fails.
MQTT-4.7.3-1 defines that all Topic Names and Topic Filters MUST be
at least one character long. Add an expert info warning for this.
Change-Id: I5b27a72462a7c80b200ec065e5aed167cf36a3a8
Reviewed-on: https://code.wireshark.org/review/36748
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently every URI that carries display information has that presented
as the same field. This makes specific filtering difficult.
This change introduces seperate fields for every URI type, while
preserving the common display info field as hidden item.
A display field has been introduced for every URI handled, whether or
not the field is described in an RFC. Practice learns that it may be
done anyway.
Bug: 16488
Change-Id: I15bf10e3fbdcce581a62182c205976a751c98c69
Reviewed-on: https://code.wireshark.org/review/36773
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handle the reserved bits in the LE channel map. The bits do not
represent the advertising channels, but are simply reserved.
Allow the dissector to set these bits as non-channel map related, which
is the case for Extended Advertising Sync Info.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345314
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36779
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
check_dissector_urls.py was written and used to
find URLs within epan/dissectors/*.c and try to
fetch them using 'requests'. Will be commmitted
separately.
Most of the changes were to adapt to reorganisation
of IETF or 3gpp2 links, but many of the broken links
are for websites or companies that no longer exist.
Change-Id: Ie9afdb95099218402a61626a0cd5193c6f781b96
Reviewed-on: https://code.wireshark.org/review/36769
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The initiator address field of the directed advertising PDU has been renamed
to target address in newer versions of the Bluetooth specification.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345313
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36778
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add channel index to the bluetooth dissector context.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345312
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36777
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wtap_read_bytes() returns TRUE on *success*, so if we're in the loop,
the last read succeeded, and no error code was supplied. When we *exit*
the loop, the read didn't succeed; check for the status then. If we got
a short read, we ran out of file data, so check the heuristics (even if
it's not an integral number of 2-byte blocks, treat it as a CAM
Inspector file - it might have gotten cut short); if we got a real read
error, report that to our caller.
Bug: 16458
Change-Id: Ia1e838006744dadbc2883459aec16d0d11b732e1
Reviewed-on: https://code.wireshark.org/review/36795
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If it has none, we don't know what link-layer header type it has, nor do
we have a start time to use for time stamps.
If it has more than one, we don't know which one to believe.
Bug: 16459
Change-Id: I306ec45171f9de4643699a53a4d837f4f7750c69
Reviewed-on: https://code.wireshark.org/review/36791
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Rename packets names that has changed in the bluetooth core specification.
Requests have responses, indications have no response.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345310
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36775
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
pytest and `pycodestyle test/suite_*.py --select=W605` warned about it.
Change-Id: I015351d1c00d17aa9f04ab17abed00586ee09e89
Reviewed-on: https://code.wireshark.org/review/36771
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Don't give the first argument to CATCH7() a space after its comma; none
of the other CATCHn() arguments do.
Change-Id: I752d3329080b3bfba362adfff0cb2b0e2034be8b
Reviewed-on: https://code.wireshark.org/review/36768
Reviewed-by: Guy Harris <gharris@sonic.net>
Remove nested example tags from the dissection chapter, including and
unbalanced one. Mark our source blocks with [source,c].
Enable syntax highlighting in the Developer's and User's guides. This
isn't supported in the DocBook backend (which we use to generate the
HTML guides), but it is in the PDF backend.
Add a comment about failing on warnings when we generate our guides.
Change-Id: Ieee29fe75364ca23769aa997f90126e31b72cc8b
Reviewed-on: https://code.wireshark.org/review/36767
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wtap_cleanup() clears options which are still in use by the time
cf_close calls wtap_close. Be sure to close the capture file first.
Bug: 16487
Change-Id: Id9ef1c0321865e9574b69439870a842efb2b209b
Fixes: v3.3.0rc0-853-g3662a69036 ("Maintain cf->state, because file cleanup depends on it.")
Reviewed-on: https://code.wireshark.org/review/36755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <gharris@sonic.net>
This workflow will test the several options available in cmake,
by not using the default value.
The workflow runs once a day, instead on push, to spot problems
that unlikely happen.
The compilation without pcap has been removed from other CIs,
since it is included in this one and that will spare CI cycles.
Change-Id: I796a1ac1879fe85c66d9518207c7053531204c11
Reviewed-on: https://code.wireshark.org/review/36608
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add checks for bad block lengths - either too short or not a multiple of
4. (Yes, the pcapng spec requires it to be a multiple of 4. And there
is at least one implementation that requires it.)
For various structures with a length field, create the top-level tree
field for the item with a "run to the end of the packet" length and,
once we're finished dissecting it, set the length to its actual value.
Fetch various field values using proto_tree_item_add_uint. Fix some
incorrect field types based on errors reported by that.
If an end-of-options option has a non-zero length, 1) don't treat it as
not an end-of-options option and 2) report an error on its length.
Change-Id: I72b2c065f3e3c76d5b71a1cd2ef3c1f497623266
Reviewed-on: https://code.wireshark.org/review/36746
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
In LwM2M TLV format a Float can be a 4 or 8 bytes floating point value.
Allocate a separate FT_DOUBLE header field to handle this.
Refactor common code between OMA and UAT defined resources.
Bug: 16485
Change-Id: I45fe782a32444215959951f0b202de360a3b24b8
Reviewed-on: https://code.wireshark.org/review/36724
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
There were a bunch of 4-space tab characters in the file, which is 1)
not the way UN*Xes work and 2) not what the modelines say; replace them
with 4 spaces, and further adjust some indentation.
Change the modelines to turn tab-to-space expansion on.
Change-Id: I7e22294e928ef95ab9f5d61f5d0e8abfe18cfb4e
Reviewed-on: https://code.wireshark.org/review/36738
Reviewed-by: Guy Harris <gharris@sonic.net>
The IEEE 802.3br dissector does good work figuring out when a frame is
preempted by another, in the same direction, and reassemble the continuation
into a proper Ethernet frame. But when, at the same time, a frame appears in
the other direction, not unheard of in a full duplex link, the reassembly is
thrown in turmoil.
This change makes the reassembly directionally aware, so that preemptions,
either way and even simultanious, can be distinguised as long as the
direction of the frame is known.
Bug: 16470
Change-Id: Ic99353c1b95238e0d63c4cd14cd454d09e3675cc
Reviewed-on: https://code.wireshark.org/review/36731
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Track our recursion depth in fAbstractSyntaxNType. It calls several
functions which in turn call it, which makes it easy to overflow the
stack.
Bug: 16474
Change-Id: Ibad29272f99449bfa13b7422692e20ba8a79e19c
Reviewed-on: https://code.wireshark.org/review/36725
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This automatically closes existing and new pull requests on GitHub once
the GitHub app is installed.
Change-Id: I98e2426ff8f974534d6bcec6ee446619319c08bb
Reviewed-on: https://code.wireshark.org/review/36719
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Educated guess on the part of Jeff Morriss as don't have
ready access to appropriate spec.
Change-Id: Ib6b7ed5911d3c219c61c43d41369af1e9e51d10c
Reviewed-on: https://code.wireshark.org/review/36728
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
On UN*X platforms, we now build the Wireshark shared libraries with
compiler and linker options that arrange that most symbols are "hidden",
and only those declared with WS_DLL_PUBLIC are exported from the
libraries, if such options are available.
Change-Id: Ie954f114046fe4af678672b12cea693ac9882ba1
Reviewed-on: https://code.wireshark.org/review/36726
Reviewed-by: Guy Harris <gharris@sonic.net>
At least with Qt 5.12 on Debian/testing the following needs to be changed:
- The temporary file name created for the endpoint map file needs to be
retrieved at least once when the file is open to be available later on.
- The temporary endpoint map file needs to remain on temporary storage
because the external presentation process (web browser) needs to have
access to it when it starts (asynchronously) and for as long as it needs.
Change-Id: I554110a5a3ffa48b44575b1cb45f5971baac5e9c
Reviewed-on: https://code.wireshark.org/review/36599
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke