The Ubuntu build commented on some spelling errors in executable code
files. Fix the errors that don't come from external files containing
the spelling errors (USB product and vendor IDs, PCI IDs, ASN.1
specifications), and fix some errors that don't show up in the
executable code files (e.g., in comments and variable names).
Some checks intended for dissectors don't work well on dissector
*generators*, as they see stuff such as "value_string %s[]" in a format
string used to generate dissector code and get upset because the
purported value_string doesn't end with {0, NULL} (the generator *does*
put a {0, NULL} at the end, but the checker isn't clever enough to
figure that out).
Allow the user to select multiple packets, and
* add the same comment to all selected packets
* remove all comments from selected packets
A new comment is added to each packet, now that we support multiple
comments per packet.
This is one potential way to address #8713.
6caf24e966 uncovered a bug
in the h225 dissector where h245_list was used in a path that wasn't
guaranteed to be initialized. It wasn't causing fuzz errors before
because the memory was at least being zeroed, although that state was
still technically invalid.
Initialize and call the tvb_lists in dissect_h225_h225_RasMessage, which
is the other h225 entrypoint, just like dissect_h225_H323UserInformation
(the other dissector entrypoint) was already doing.
Remove "Section N:" headers from capinfos table (`-T`) output when
outputting "additional capture file information" with `-F` and/or
comments with `-k`. These headers broke the formatting of table output.
The downside to this fix is that pcapng files with multiple SHBs and/or
comments will have extra table columns that don't line up with the
header, as in:
...,hardware1,os1,application1,comment1,comment1,hardware2,os2,
application2,comment2,comment2,...
There's no real good way around this though.
IEC 61850 is directly over Ethernet, so use set_actual_length
like other such protocols so that the Ethernet dissector has a
chance to detect and dissect trailers / FCS.
Usage, Usage Minimum and Usage Maximum can be "Extended" Usages. When
parsing report descriptor, respect page encoded in extended usage value.
Remove arbitrary usage count limit, as the usage ranges are limited to
16-bit value and thus the usages array can grow by up by 256 KiB with
single usage range.
Consolidate build instructions and troubleshooting into WSDG chapter 2.
Remove (moved) troubleshooting note that libpcap is required.
Link from WSUG build instructions to the WSDG chapters.
Reorder WSUG to have install instructions before build instructions for both
Windows and Unix.
Link from WSDG build instructions in WSDG sources chapter back to
WSDG chapter 2.
Offer options to the 'git clone' lines in obtaining sources: '--depth' and
'--shallow-since'
Add brief descriptions of new options mentioned.
Save a list of all user options that were specified on the Wireshark
command line using the `-o` option. Reapply those preferences after
reloading Lua plugins. Fixes the behaviour given in #12331 wherein such
prefs were reset to the defaults, not the command-line values, when
reloading Lua plugins.
When the user changes a preference in the Wireshark UI, remove that
preference from the stored command line options, so it doesn't get reset
when Lua plugins are reloaded again.
Use the same style of message for too-short block errors ("pcapng: total
block length XXX of {a,an} XXX is too small...").
Add an additional check for the "skip" Netflix cutom block, to make sure
it has enough room for the 4-byte "skipped" value.
Starting with 3.0 there is a new non backwards compatible Web-Sec-Protocol for BLIP, so the plugin should handle both (the differences are irrelevant from Wireshark's standpoint)
Have the IEEE 1722 AVTP dissector call the MP2T dissector when that
is the payload type. Comment out the "if (tree)" statement since
the MP2T dissector needs to be called on the first pass regardless
to handle fragmentation.
Since there is a 4 octet source packet header timestamp before each
MPEG2-TS packet when carried on AVTP, the MP2T dissector has to be
called multiple times per frame. Since the fragmentation data is
indexed by the offset in the tvb passed to the MP2T dissector, create
a table for each MP2T layer in the packet via pinfo->curr_layer_num.
Fix#10702.
A few helpers weren't in exception-throwing paths and can just free
unscoped memory. The macro in proto.c is only used in contexts with a
tree, so just use the tree's scope there.
Re-implement below change but for the legacy ccmp decryption used on
3.2 release track but also on later releases when Wireshark is built
with older versions of libgcrypt:
e5e37add9a 802.11 Decrypt: Fix AAD Calculation when HT-Control present in a QoS Data Frame
Ping #17577.
If a graph is added it should be a single operation, not multiple setData operations
leading to a myriad of dataChanged signals to be fired, which in turn can hinder redissection.
Allocate the root node in the same pool as the list itself, and make
that pool explicit so we can pass the pinfo scope instead of using the
global packet pool.
Fix support for IEEE 1722-2016 Annex J IP Encapsulation.
Dissect extra 4-octet encapsulation_sequence_num field that
is present when carried on UDP/IP. Perform rudimentary sequence
analysis with it. Fix#17389.
When written by hand, it’s difficult to have a fully functional
subdissector for a given command if the structures in it contain at lot
of fields and/or numerous level of sub-structures, making the definition
of all sub-structures mandatory before we have all sub-structures fully
defined before we can dissect anything.
This patch makes it easy not to defined some structure fields and let
the generic Thrift dissector handle them.
If you care only about some fields for your analysis or you have some
obsolete fields that may appear in your captures due to old client but
are no longer defined in the .thrift files, you can still write the sub-
dissector for your protocol just by omitting the obsolete field.
For example:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ &hf_tcustom_data_content, 3, TRUE, DE_THRIFT_T_STRUCT, &ett_tcustom_resource, { .members = tcustom_resource } },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
could become:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ NULL, 3, TRUE, DE_THRIFT_T_GENERIC, TMFILL },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
and avoid the need to define the extremely complex "resource" struct.
In this case, the structured data would be dissected by the generic
dissector while keeping the possibility for the user to filter on the
resource id or name.
wblock->internal is not initialized on pcapng_read_custom_block function
pcapng.c:3747:9: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
This patch adds support to SOME/IP to be dissected on top of DTLS. This
can be used via the Decode As feature of Wireshark.
This extends the existing support for DTLS.
Add an expert info for more protocol issues:
- Thrift protocol exceptions.
- Thrift application exceptions.
- Negative field id that are now prohibited in new interfaces.
- Out-of-order field ids (not prohibited but unusual).
Graham Bloice