Initial go at adding the CableLabs Dual Channel Wi-Fi dissector.
Changes:
. New dissector for CableLabs Layer-3 Protocol ("CL3") IEEE EtherType 0xB4E3
. New dissector for Dual Channel Wi-Fi (Subprotocol of CL3)
. Defined EtherType macro for CL3 + description
Bug: 15818
Change-Id: I6edf99d40883c1890659185cc3f0524a2218a6c4
Reviewed-on: https://code.wireshark.org/review/33440
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The title of a decode_as_t was used by the GTK UI. It's no
longer required for Qt.
Change-Id: Ibd9d4acbe9cad2c1af520340d04e550326a97ebe
Reviewed-on: https://code.wireshark.org/review/33557
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sequence number shown in the info field is read from the
iv_ogm_packet_v15 object before the actual member is actual read from the
packet buffer. Just split the initialization of the info column to the
actual dissection code for the packet to avoid these kind of problems.
Change-Id: I8eb637aae17680d227116156ef7828e77e36beae
Fixes: 4cc4315793 ("batadv: Add dissector support for batadv v15")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33547
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The througput meter variant of the icmp packet only shared the first 17
bytes of the original packet structure. The rest of the packet is parsed
based on the message type (15). The new fields
* subtype (MSG, ACK)
* session
* seqno
* timestamp
are required to understand the data exchange between two mesh nodes.
Change-Id: Ic885097871c20d8b580a7f922ee5dac0510aa84e
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33542
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I63dee0897d8a8ee4efbc525f9de3938349fb849e
Reviewed-on: https://code.wireshark.org/review/33552
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Define a new dissector table for non-standard ISO7816 APDUs. If the
ISO7816 class byte indicates that an APDU does not conform to the
standard structure and encoding, we pass the entire APDU to a subdissector
from this table (if available).
Change-Id: I1e802506a66bdb2c9994d42893fa6825eb9fa5fe
Reviewed-on: https://code.wireshark.org/review/33550
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FabricPath recalculates the FCS based on the whole packet (incl. the Ethernet
header) and overwrites the last four bytes of the packet, effectively stealing
the Ethernet FCS.
Since FabricPath FCS dissection and verification isn't available and falsely
attempted on the Ethernet layer, this commit implements the FCS treatment on
the FabricPath layer and treats the Ethernet layer explicitely as it would not
have a FCS.
It also adds a procotol option to enable FabricPath FCS validation which is
disabled by default though.
Bug: 15769
Change-Id: I382a4907bca158b549bcc8d77459b7829e60f94a
Reviewed-on: https://code.wireshark.org/review/33322
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note that this dissector covers the USB to serial only. FTDI
Multi-Protocol Synchronous Serial Engine (MPSSE) should be implemented
as separate dissector receiving data from FTDI FT dissector if the chip
has MPSSE.
Ping-Bug: 11743
Change-Id: I1f2e2b56b9351442f7ddbe97106b5f166de2cdca
Reviewed-on: https://code.wireshark.org/review/33520
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sequence number shown in the info field is read from the
icmp_packet_v15 object before the actual member is actual read from the
packet buffer. Just split the initialization of the info column to the
actual dissection code for the packet to avoid these kind of problems.
Change-Id: I2ab316527854260bb8f85d2283964426fb7508bd
Fixes: 4cc4315793 ("batadv: Add dissector support for batadv v15")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33546
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To correctly show the message type of an batman-adv ICMP v15 packet, the
offset 3 inside the header has to be checked against the list of known
packet types.
Change-Id: I280aac59abd4133eac7d8381fac79f323c79b3de
Fixes: 4cc4315793 ("batadv: Add dissector support for batadv v15")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33545
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The B.A.T.M.A.N. V protocol replaced the OGM announcement with two new
types:
* Echo Location Protocol packet
* OriGinator Message 2 packets
The first packet is used locally to identify neighbors and their base
parameters (orignator + elp interval). The second one is used to announce
each mesh node globally.
The second step to understand the B.A.T.M.A.N. V mesh globally in wireshark
is to dissect the OGM2 packets.
Change-Id: Idee5793dd909fd01588024b4d9b44236ea5ffb86
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33544
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The B.A.T.M.A.N. V protocol replaced the OGM announcement with two new
types:
* Echo Location Protocol packet
* OriGinator Message 2 packets
The first packet is used locally to identify neighbors and their base
parameters (orignator + elp interval). The second one is used to announce
each mesh node globally.
The first step to understand the B.A.T.M.A.N. V mesh locally in wireshark
is to dissect the ELP packets.
Change-Id: I13f5d60637a2774282ca75853884238e8e7dd33c
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33543
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The upper 3 bits of the lower nibble in the octet for the sequence number
in fragmentation packets is used to store the priority of the original
(unfragmented) packet.
Change-Id: I1711ba078aafa06bec309c395e0ec3741b097c17
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33541
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The mcast tvlv flags field was incorrectly mapped to "batadv.iv_ogm.flags".
But this is the generic B.A.T.M.A.N IV's flags field and not the
specialized mcast TVLV's flag.
Just add a special field "batadv.tvlv.mcast.flags" to handle these flags.
Change-Id: Ia1f37f10d8d58146bd71ef607933f61d7dbc6e88
Fixes: 4cc4315793 ("batadv: Add dissector support for batadv v15")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33540
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Due to a change in the meaning of wmem_strsplit's max_tokens argument, the
returned field_and_value[1] was always null, causing the dissector code to
mistakenly mark it as malformed.
Change-Id: Ifea9e3bf8ec6e18646fb83bc85661a143ce0126b
Reviewed-on: https://code.wireshark.org/review/33511
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do not attempt reassembly when it will end up failing due to missing
data in a tvb. The dissection results will be wrong as the middle of a
fragment is now interpreted as a full handshake message, but at least
future handshake records should be correctly interpreted and the null
pointer crash due to an incomplete reassembly is fixed.
Bug: 15811
Change-Id: I308d5fa6c131972625f1987d01a8c207e65b4ed2
Fixes: v3.1.0rc0-620-gb641febb1e ("TLS: Implement reassembly for Handshake messages")
Reviewed-on: https://code.wireshark.org/review/33535
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make the RDP port (3389) to default to TPKT when decrypting TLS.
Change-Id: I951531080b36905b2c3ac9039e66243c67b6efe6
Reviewed-on: https://code.wireshark.org/review/33521
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After a Version Negotiation, the handshake starts over with a new Client
Initial that have different DCID and SCID. Be sure not to link these
subsequent packets to the first session as that would break decryption.
Tested with a QUANT capture provided by Lars Eggert. Regression tested
against ngtcp2-19-dsb.pcapng, decryption still works there.
Bug: 13881
Change-Id: Ia6253c1f2ff39fbe5ce130966129215be479a20a
Reviewed-on: https://code.wireshark.org/review/33525
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15591
Change-Id: Icb8246ba196df026736ce1e54eb2ace2c7cd49b0
Reviewed-on: https://code.wireshark.org/review/33530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new hf item for sdo abort code and display abort code instead of index.
Added check of APWR and FPRW to decide if an EtherCAT command is a mailbox
command.
Change-Id: I42877c26cb70c7567dc2d1b703e84aad8a3f7ac8
Reviewed-on: https://code.wireshark.org/review/33405
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iaf243e36f0a6700a2fb34364d1666836a0f585e5
Reviewed-on: https://code.wireshark.org/review/33515
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
'ipdr.cm_ipv6_addr' exists multiple times with NOT compatible types: FT_IPv6 and FT_STRING
'ipdr.cm_ipv6_addr' exists multiple times with NOT compatible types: FT_STRING and FT_IPv6
Change-Id: I5e22b8ed1a9baa7b563d3170be930abdc609d0f0
Reviewed-on: https://code.wireshark.org/review/33505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I935b2b18a7636eb4e9708a248be9c8df0d935ac0
Reviewed-on: https://code.wireshark.org/review/33512
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 15825
Change-Id: Iec8dff38dd89e3947f3fe7053e38101c3ad7b1b2
Reviewed-on: https://code.wireshark.org/review/33523
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Convert generate-sysdig-event.py to Python 3. Update it to fetch from
the current version of Sysdig (0.26.1). Add logic to work around
mismatched parameter counts and mismatched types and formats.
The following warnings were generated:
WARNING: Forcing semget INT32 format to DEC. Params: [('key', 'INT32', 'HEX'), ('nsems', 'INT32', 'DEC'), ('semflg', 'FLAGS32', 'HEX')]
WARNING: Forcing notification STRING format to NONE. Params: [('id', 'CHARBUF', 'DEC'), ('desc', 'CHARBUF', 'NA')]
WARNING: Forcing infra STRING format to NONE. Params: [('source', 'CHARBUF', 'DEC'), ('name', 'CHARBUF', 'NA'), ('description', 'CHARBUF', 'NA'), ('scope', 'CHARBUF', 'NA')]
WARNING: seccomp: found 2 parameters. Expected 1. Params: [('op', 'UINT64', 'DEC'), ('flags', 'UINT64', 'HEX')]
Bug: 15826
Change-Id: I5f8a7530f1003270cbbcb1f7dfd86f7b63066bba
Reviewed-on: https://code.wireshark.org/review/33513
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert asn2wrs.py to Python 3 via `2to3 --print-function --write` along
with additional tweaks.
Convert asn2deb and idl2deb using `2to3 --write`.
Work around what appears to be a Debian packaging bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818609
Change-Id: I5cc246f7162c2d713673955c10c092e1b91adf82
Reviewed-on: https://code.wireshark.org/review/33504
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft's pile of protocol documentation is probably the best place to
start now that it exists.
Change-Id: I2580379562cb664f3d00473f6be6313306682b89
Reviewed-on: https://code.wireshark.org/review/33524
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, even if we're not building a protocol tree, so that you don't
get protocol tree items, you can get the display string, e.g. to use in
a column.
Replace the use of the "get display string" routines with calls to those
routines.
Change-Id: I23e3e88838bdf837d8660c271f78c79b7d1c5620
Reviewed-on: https://code.wireshark.org/review/33519
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The extra stuff done by that routine isn't needed for SMB2 strings,
which are always aligned on a 2-byte boundary if they're Unicode
strings. Just choosing the right type (FT_STRING or FT_STRINGZ) and
using proto_tree_add_item() - or proto_tree_add_item_ret_string() if the
string value is required - suffices. Using
proto_string_item_get_display_string() means we don't need the string
value in most cases.
Update and move a URL, putting Microsoft's references at the top of the
list of documentation links, and adding MS-FSCC.
Make the string fields STR_UNICODE.
Change-Id: Iad1a31dacad93e7b5ad43033c740fa00abbe86e7
Reviewed-on: https://code.wireshark.org/review/33518
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a BASE_SHOW_ASCII_PRINTABLE flag for the "display" field, to use
with FT_BYTES and FT_UINT_BYTES fields; it specifies that, if the field
consists solely of printable ASCII characters, its value be displayed as
a string, in quotes. Have a routine hfinfo_format_bytes() to do that
formatting, depending on the display field value.
Add routines to fetch the display value of string and
FT_BYTES/FT_UINT_BYTES fields; for strings, it's the result of
hfinfo_format_text(), and for byte arrays, it's the result of
hfinfo_format_bytes().
Use BASE_SHOW_ASCII_PRINTABLE for extended attribute data in SMB and
SMB2. Use the routines in question for extended attribute names
(string) and data (bytes). That keeps us from displaying non-text
extended attribute data as if it were text.
Document BASE_SHOW_ASCII_PRINTABLE.
Change-Id: I24dcf459c14f00985e4daaf9b58f5933964eabd8
Reviewed-on: https://code.wireshark.org/review/33517
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-sysex.c:753:1: warning: no previous prototype for function 'proto_reg_handoff_sysex' [-Wmissing-prototypes]
Change-Id: I6e78abe0686818dec1c915d4e77c5f84b43f6460
Reviewed-on: https://code.wireshark.org/review/33509
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-dcom-provideclassinfo.c:32:5: warning: no previous prototype for function 'dissect_IProvideClassInfo_GetClassInfo_rqst' [-Wmissing-prototypes]
packet-dcom-provideclassinfo.c:40:5: warning: no previous prototype for function 'dissect_IProvideClassInfo_GetClassInfo_resp' [-Wmissing-prototypes]
Change-Id: I0d4b4f4cf5e3d5d3612a6e01c71dbbfc3a14915f
Reviewed-on: https://code.wireshark.org/review/33508
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-dcm.c:3888:6: warning: no previous prototype for function 'col_set_str_conditional' [-Wmissing-prototypes]
packet-dcm.c:3901:6: warning: no previous prototype for function 'col_append_str_conditional' [-Wmissing-prototypes]
Change-Id: I26117b8c3bcb0f88889edd7de5044e57dd0c4b38
Reviewed-on: https://code.wireshark.org/review/33507
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde