The mcast tvlv flags field was incorrectly mapped to "batadv.iv_ogm.flags".
But this is the generic B.A.T.M.A.N IV's flags field and not the
specialized mcast TVLV's flag.
Just add a special field "batadv.tvlv.mcast.flags" to handle these flags.
Change-Id: Ia1f37f10d8d58146bd71ef607933f61d7dbc6e88
Fixes: 4cc4315793 ("batadv: Add dissector support for batadv v15")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-on: https://code.wireshark.org/review/33540
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Due to a change in the meaning of wmem_strsplit's max_tokens argument, the
returned field_and_value[1] was always null, causing the dissector code to
mistakenly mark it as malformed.
Change-Id: Ifea9e3bf8ec6e18646fb83bc85661a143ce0126b
Reviewed-on: https://code.wireshark.org/review/33511
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do not attempt reassembly when it will end up failing due to missing
data in a tvb. The dissection results will be wrong as the middle of a
fragment is now interpreted as a full handshake message, but at least
future handshake records should be correctly interpreted and the null
pointer crash due to an incomplete reassembly is fixed.
Bug: 15811
Change-Id: I308d5fa6c131972625f1987d01a8c207e65b4ed2
Fixes: v3.1.0rc0-620-gb641febb1e ("TLS: Implement reassembly for Handshake messages")
Reviewed-on: https://code.wireshark.org/review/33535
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also make the RDP port (3389) to default to TPKT when decrypting TLS.
Change-Id: I951531080b36905b2c3ac9039e66243c67b6efe6
Reviewed-on: https://code.wireshark.org/review/33521
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After a Version Negotiation, the handshake starts over with a new Client
Initial that have different DCID and SCID. Be sure not to link these
subsequent packets to the first session as that would break decryption.
Tested with a QUANT capture provided by Lars Eggert. Regression tested
against ngtcp2-19-dsb.pcapng, decryption still works there.
Bug: 13881
Change-Id: Ia6253c1f2ff39fbe5ce130966129215be479a20a
Reviewed-on: https://code.wireshark.org/review/33525
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 15591
Change-Id: Icb8246ba196df026736ce1e54eb2ace2c7cd49b0
Reviewed-on: https://code.wireshark.org/review/33530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new hf item for sdo abort code and display abort code instead of index.
Added check of APWR and FPRW to decide if an EtherCAT command is a mailbox
command.
Change-Id: I42877c26cb70c7567dc2d1b703e84aad8a3f7ac8
Reviewed-on: https://code.wireshark.org/review/33405
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Iaf243e36f0a6700a2fb34364d1666836a0f585e5
Reviewed-on: https://code.wireshark.org/review/33515
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
'ipdr.cm_ipv6_addr' exists multiple times with NOT compatible types: FT_IPv6 and FT_STRING
'ipdr.cm_ipv6_addr' exists multiple times with NOT compatible types: FT_STRING and FT_IPv6
Change-Id: I5e22b8ed1a9baa7b563d3170be930abdc609d0f0
Reviewed-on: https://code.wireshark.org/review/33505
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I935b2b18a7636eb4e9708a248be9c8df0d935ac0
Reviewed-on: https://code.wireshark.org/review/33512
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 15825
Change-Id: Iec8dff38dd89e3947f3fe7053e38101c3ad7b1b2
Reviewed-on: https://code.wireshark.org/review/33523
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Convert generate-sysdig-event.py to Python 3. Update it to fetch from
the current version of Sysdig (0.26.1). Add logic to work around
mismatched parameter counts and mismatched types and formats.
The following warnings were generated:
WARNING: Forcing semget INT32 format to DEC. Params: [('key', 'INT32', 'HEX'), ('nsems', 'INT32', 'DEC'), ('semflg', 'FLAGS32', 'HEX')]
WARNING: Forcing notification STRING format to NONE. Params: [('id', 'CHARBUF', 'DEC'), ('desc', 'CHARBUF', 'NA')]
WARNING: Forcing infra STRING format to NONE. Params: [('source', 'CHARBUF', 'DEC'), ('name', 'CHARBUF', 'NA'), ('description', 'CHARBUF', 'NA'), ('scope', 'CHARBUF', 'NA')]
WARNING: seccomp: found 2 parameters. Expected 1. Params: [('op', 'UINT64', 'DEC'), ('flags', 'UINT64', 'HEX')]
Bug: 15826
Change-Id: I5f8a7530f1003270cbbcb1f7dfd86f7b63066bba
Reviewed-on: https://code.wireshark.org/review/33513
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert asn2wrs.py to Python 3 via `2to3 --print-function --write` along
with additional tweaks.
Convert asn2deb and idl2deb using `2to3 --write`.
Work around what appears to be a Debian packaging bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818609
Change-Id: I5cc246f7162c2d713673955c10c092e1b91adf82
Reviewed-on: https://code.wireshark.org/review/33504
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft's pile of protocol documentation is probably the best place to
start now that it exists.
Change-Id: I2580379562cb664f3d00473f6be6313306682b89
Reviewed-on: https://code.wireshark.org/review/33524
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way, even if we're not building a protocol tree, so that you don't
get protocol tree items, you can get the display string, e.g. to use in
a column.
Replace the use of the "get display string" routines with calls to those
routines.
Change-Id: I23e3e88838bdf837d8660c271f78c79b7d1c5620
Reviewed-on: https://code.wireshark.org/review/33519
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The extra stuff done by that routine isn't needed for SMB2 strings,
which are always aligned on a 2-byte boundary if they're Unicode
strings. Just choosing the right type (FT_STRING or FT_STRINGZ) and
using proto_tree_add_item() - or proto_tree_add_item_ret_string() if the
string value is required - suffices. Using
proto_string_item_get_display_string() means we don't need the string
value in most cases.
Update and move a URL, putting Microsoft's references at the top of the
list of documentation links, and adding MS-FSCC.
Make the string fields STR_UNICODE.
Change-Id: Iad1a31dacad93e7b5ad43033c740fa00abbe86e7
Reviewed-on: https://code.wireshark.org/review/33518
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a BASE_SHOW_ASCII_PRINTABLE flag for the "display" field, to use
with FT_BYTES and FT_UINT_BYTES fields; it specifies that, if the field
consists solely of printable ASCII characters, its value be displayed as
a string, in quotes. Have a routine hfinfo_format_bytes() to do that
formatting, depending on the display field value.
Add routines to fetch the display value of string and
FT_BYTES/FT_UINT_BYTES fields; for strings, it's the result of
hfinfo_format_text(), and for byte arrays, it's the result of
hfinfo_format_bytes().
Use BASE_SHOW_ASCII_PRINTABLE for extended attribute data in SMB and
SMB2. Use the routines in question for extended attribute names
(string) and data (bytes). That keeps us from displaying non-text
extended attribute data as if it were text.
Document BASE_SHOW_ASCII_PRINTABLE.
Change-Id: I24dcf459c14f00985e4daaf9b58f5933964eabd8
Reviewed-on: https://code.wireshark.org/review/33517
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-sysex.c:753:1: warning: no previous prototype for function 'proto_reg_handoff_sysex' [-Wmissing-prototypes]
Change-Id: I6e78abe0686818dec1c915d4e77c5f84b43f6460
Reviewed-on: https://code.wireshark.org/review/33509
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-dcom-provideclassinfo.c:32:5: warning: no previous prototype for function 'dissect_IProvideClassInfo_GetClassInfo_rqst' [-Wmissing-prototypes]
packet-dcom-provideclassinfo.c:40:5: warning: no previous prototype for function 'dissect_IProvideClassInfo_GetClassInfo_resp' [-Wmissing-prototypes]
Change-Id: I0d4b4f4cf5e3d5d3612a6e01c71dbbfc3a14915f
Reviewed-on: https://code.wireshark.org/review/33508
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-dcm.c:3888:6: warning: no previous prototype for function 'col_set_str_conditional' [-Wmissing-prototypes]
packet-dcm.c:3901:6: warning: no previous prototype for function 'col_append_str_conditional' [-Wmissing-prototypes]
Change-Id: I26117b8c3bcb0f88889edd7de5044e57dd0c4b38
Reviewed-on: https://code.wireshark.org/review/33507
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "_loop" header field also when processing attributes
Change-Id: I109b34d8f6cb8fbf3c38dc09f58b740b4d96436b
Reviewed-on: https://code.wireshark.org/review/33460
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
While the actual power parameters are vendor specific and can't be
dissected the mere _presence_ of the MS/BS Power Parameters IE itself is
rather important, since it implies that dynamic MS/BS power control is
active, and does therefore have an impact upon the interpretation of the
(preceding) MS/BS Power IE, too.
Change-Id: I0c6f73ca41d63887a52dcde05b59d5177971f1d0
Reviewed-on: https://code.wireshark.org/review/33439
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Display the default strings in all contexts where usb.bDescriptor is used.
Change-Id: I9f4479ccc0664585fc259927c0b2ee1149b02454
Reviewed-on: https://code.wireshark.org/review/33368
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
By providing such a file, we give the users a basic toolbox
of macros. At the moment 3 macros have been added, for private
mac addresses, as well al IP v4 and v6.
Change-Id: Icc33efce437adef00e268172c184c8b52167df23
Reviewed-on: https://code.wireshark.org/review/33449
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
the 'x_octetx' variables were removed a few years back, replace them with get_CDR_xxx()
Change-Id: I8cf3410d8a152c834e7019f7d1d80de3798530c3
Reviewed-on: https://code.wireshark.org/review/33457
Reviewed-by: Gerald Combs <gerald@wireshark.org>
add a mode to ignore a few optimisations in favor of working output
Change-Id: I875cec5a80e9449e9fd954d4ff6a21e5b128db5e
Reviewed-on: https://code.wireshark.org/review/33459
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wireshark_gen goes into an infinite recursion if it encounters a multi-level
alias, this is prevented
Change-Id: Icec678fb326b7c14344dc6df51015dad980587a9
Reviewed-on: https://code.wireshark.org/review/33458
Reviewed-by: Gerald Combs <gerald@wireshark.org>
convert the "DEBUG" constant to a command line parameter
Change-Id: I7f873d85fa053cb9298bd03444125d0160ef4640
Reviewed-on: https://code.wireshark.org/review/33456
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The code can be called by the GUI, outside of the scope validity.
Bug: 15810
Change-Id: I1f394cb3d1f978d6e99fe15d8238153aad62ebee
Reviewed-on: https://code.wireshark.org/review/33499
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This reverts commit 13c5960a2c.
Based on the features that needs integration of "multi-selection" (which this change introduced), it seems that there will be fair amount time and code changes required in packet_list.cpp and possibly other files.
I am reverting this change from the master branch so that people can still continue to use features with single-selection.
Meanwhile, Stig B and others ready to test can import this change to verify which features are missing integration and/or integrated correctly. Once the feature set integration is complete and there is fair amount of approval from all of you, the core committers can decide on it.
Change-Id: I106fd3c54350dd0fd85fc44743e7f5321cb04110
Reviewed-on: https://code.wireshark.org/review/33454
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update dissect_iso7816_class() to return 1 only if both APDU structure
and coding are compliant with ISO 7816. In this case, the iso7816 dissector
can continue dissecting the APDU.
Change-Id: I73d4246fbc234779fceb337c788dd0b680102d61
Reviewed-on: https://code.wireshark.org/review/33480
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some of the range strings for the ISO 7816 class byte were not correct.
Update them to match the ISO 7816 specification.
Change-Id: Ieae7baac7e2428293525dd940eddc6bf5406a446
Reviewed-on: https://code.wireshark.org/review/33479
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check whether the byte count includes the padding before skipping it; it
may not be present (at least not if this is at the end of the byte
parameters).
Change-Id: I4385a4713cb6813a6e8519005288d6ef5a28f028
Reviewed-on: https://code.wireshark.org/review/33493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The file name doesn't appear to be padded, and may have a 1-byte null
terminator (yes, 1 byte, according to MS-CIFS) at the end, not included
in the file name length.
Change-Id: I8510434b3b5aec092290697c336924d6ff6be763
Reviewed-on: https://code.wireshark.org/review/33486
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to MS-CIFS:
1) the file name is not one of those "buffer format followed by
a string" fields, it's just a string, so there's no buffer
format field;
2) it's always in ASCII, so ignore the "Unicode strings" flag.
Note that, for the *request*, the *directory* name isn't claimed to
always be ASCII, so honor the "Unicode strings" flag there.
Change-Id: I495b7be8257d941ccf4b45126a44d25cf0ab2c12
Reviewed-on: https://code.wireshark.org/review/33482
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sometimes there appears to be an extra byte before that field; try to
catch some of those cases.
Expand comments discussing various weirdness with that field, including
a note that clients might not pay any attention to it, so maybe we just
have buggy servers talking to clients that don't care about those
particular bugs.
Change-Id: I4d35d2e2c475d4da37debedfed31b891e6f3cfa8
Reviewed-on: https://code.wireshark.org/review/33481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Note, for all of the different word count values, what protocol or
protocols it represents.
(If we have the Negotiate request, and can thus determine which protocol
was selected based on the set of protocols the client was willing to
accept, should we verify that the server selected a protocol for which
the given word count value was used, and add an expert info if it
didn't?)
Change-Id: I95ad4b1245bf2a04fdef4746815352967d8ac0a6
Reviewed-on: https://code.wireshark.org/review/33475
Reviewed-by: Guy Harris <guy@alum.mit.edu>
