Bug Fixed: UDP heuristic wasn't properly setting the dissector
for the UDP conversation.
From https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9837#c3:
I did a little survey about alternative OSC transmission, but UDP.
As OSC is packet-based, it is tramitted raw via packet-oriented protocols (e.g. UDP).
For reliable stream-based protocols (TCP, USB), the raw OSC packet is
prefixed with the packets Int32 size as a packetization scheme.
For unreliable stream-based protocols (RS232 and other serial lines),
the raw OSC packet is SLIP and/or double SLIP encoded as packetization
scheme.
There was discussion in the past to make SLIP encoding the default for
all stream-based protocols, but apparently it has never been adopted
for any OSC via TCP implementation I've found in the web.
As OSC is used in networked Audio, most implementations run with the
Nagle algorithm disable, and send the prefixed length and the raw OSC
packet separately.
Change-Id: Ife690cc5ea0575c65124a7b441431e1cc6ba5091
Reviewed-on: https://code.wireshark.org/review/858
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
profiled in october Fetch cost has gone from 15,6M to 24,2M, changing
tvb_get_string() to tvb_get_string_enc() with ENC_UTF_8 where it seems
safe helps a bit and should be done any way.
Change-Id: I4d3e640bfde3304a991c09e2a30ad7dd132fc5ac
Reviewed-on: https://code.wireshark.org/review/855
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5a9eefb7f5108de0e46b70453a4485b1cbc3983d
Reviewed-on: https://code.wireshark.org/review/850
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6a06bf297ef68ca351deff2e08eec7cd12ba8fe0
Reviewed-on: https://code.wireshark.org/review/849
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
the usage of variables in the h248_package_t struct.
Change-Id: Ic5419ab5c20051e56963fe8ea1728d78f95538f0
Reviewed-on: https://code.wireshark.org/review/846
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5a34a59c88a4119be2fac4acdd352d474ffc62cd
Reviewed-on: https://code.wireshark.org/review/840
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6d294a901af88f993ca6a44ababad194fb44a693
Reviewed-on: https://code.wireshark.org/review/839
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
use value_string instead of our own data type
read the type string in one go
Change-Id: I115c99c4636540702c1fd301f09a92a0dd466fcd
Reviewed-on: https://code.wireshark.org/review/838
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
the parameter for proto_tree_add_text() is the length, not the end offset
Change-Id: Ie24d5982b7ff13363061fb087438dd714cae748a
Reviewed-on: https://code.wireshark.org/review/837
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If95ece8e2db1b650de5804465128020caf391956
Reviewed-on: https://code.wireshark.org/review/828
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iaa7dfdc979e78f53b53f2b9a0b093873c9004f2d
Reviewed-on: https://code.wireshark.org/review/827
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
data to the png dissector
Change-Id: I112733f97ba35d9ec497b427c64b2f5ea99fd963
Reviewed-on: https://code.wireshark.org/review/818
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
It seems that RFCOMM service can be dynamically changed while
connection is still alive. In other words: host can connect to
remote device and set one RFCOMM service (remote service), but later
remote device can change service to one of host service without
any disconnection. This patch add support for this case.
Also improve searching for useful UUID service through SDP.
Change-Id: I9e03b9b965d6b0d9761b4a451cdeb4a1a33ca017
Reviewed-on: https://code.wireshark.org/review/808
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In real option "SBC" was Default/Off, now user can choose between
Default and Force SBC Codec.
Change-Id: I605320d89fade11dc7172793bc0492bc4b319e9c
Reviewed-on: https://code.wireshark.org/review/822
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove some more 802.11i references, and replace a reference to the
"WEP" bit with a reference to the "Protected" bit.
Change-Id: I77b50af2b34e2bdc4c21af29b54627ed19219090
Reviewed-on: https://code.wireshark.org/review/821
Reviewed-by: Guy Harris <guy@alum.mit.edu>
802.11i was absorbed into a revision of the 802.11 spec, so speak of
"IEEE 802.11 RSNA EAPOL"/"wlan_rsna_eapol" until somebody comes up with
a better name for it.
Also, add in one more key flags bit that's in 802.11-2012 but not
802.11i-2004.
Change-Id: Ia825f7466f3b3d159706eb681546b5bbb4e066bf
Reviewed-on: https://code.wireshark.org/review/820
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I1824407cae4cded0680b01e9dea1de6f0408c607
Reviewed-on: https://code.wireshark.org/review/817
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Look for a dissector for "ppi_fnet" and use it if found, otherwise
just display the fnet tag on the data.
Change-Id: I07009215faa8faad0e6a82468bad33f266778426
Reviewed-on: https://code.wireshark.org/review/778
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia6db5839a8bbbc79a5196406e3f8d59f7ce7498a
Reviewed-on: https://code.wireshark.org/review/814
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Issue requested by Tomasz Mon, thanks.
Change-Id: I9931f561294ef34573c6426f17a299c8929a2341
Reviewed-on: https://code.wireshark.org/review/810
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CID has two roles: Source CID and Destination CID. This two roles
have another two different meanings: one if frame is received, another if frame
is sent (SCID is "DCID", etc). Then using information that PDU is "request"
or "response" we can correctly recognize CID.
This should fix unrecognized L2CAP payload while there were no valid
Disconnection Request.
Change-Id: Ibcbbb9e6966873b6af12c1e3c65c6a3983aa4163
Reviewed-on: https://code.wireshark.org/review/807
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add some command codes seen in Core 4.1 specification.
Also add some missing fields.
Change-Id: If3761744b1ada185027a560bceb66804d7eea8ec
Reviewed-on: https://code.wireshark.org/review/806
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A few more filtering name separated by "." for convention.
Change-Id: Ie1ceb0ba807e033085c43826c334933c6b178389
Reviewed-on: https://code.wireshark.org/review/804
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of having a switch statement in the EAPOL dissector for Key
Descriptor types, have a dissector table, and:
have the EAPOL dissector register with a dissector for the RC4
type;
have the 802.11 dissector register with dissectors for WPA and
RSN types.
This means that ieee_80211_add_tagged_parameters() no longer needs to be
public; make it static.
Change-Id: I68e0592c3ea055c693d6d5d5a9eb88634ea37a95
Reviewed-on: https://code.wireshark.org/review/800
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This makes the code's if/then/else bracketing clearer.
Make the if/then/else style more consistent in one case, which also helps.
Change-Id: I7c765b761d92c6710461181b3e3ccd77d2a40f83
Reviewed-on: https://code.wireshark.org/review/799
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the capture file in Bug 9915 is opened in wireshark with GTK2,
the console prints out 'Pango-WARNING **: Invalid UTF-8' warnings.
This capture file was a subset of the one in fuzzbot crash bug 9883.
I believe it is what's causing the crash in 9883, because GTK is
finicky about such things. But my system doesn't crash for bug 9883,
so perhaps it's not the same root cause.
Change-Id: Ifaaed9157f9abd34014001c954647f7db51d650b
Reviewed-on: https://code.wireshark.org/review/786
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixed a null de-reference in packet-ieee80211.c caused by change-id
I742726027bcab7d25ca4a9ce3a406518db6d272f, commit g4b8b83407ac744d114462235a8bcca0d480954c7.
See Bug 9909 for details.
Change-Id: I7189476faee3ae6ab34fb52c1564ac668496679a
Reviewed-on: https://code.wireshark.org/review/780
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I7114028ce296ffa875ddfbb24b935dc2573f964c
Reviewed-on: https://code.wireshark.org/review/770
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id82763dd17e8c4e0902ae8e31ec6554e8f174b59
Reviewed-on: https://code.wireshark.org/review/769
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
packet-epl.c:2248: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_write_multiple_by_index':
packet-epl.c:2380: warning: declaration of 'index' shadows a global declaration
packet-epl.c: In function 'dissect_epl_sdo_command_read_by_index':
packet-epl.c:2489: warning: declaration of 'index' shadows a global declaration
Change-Id: Ib1a1d1d2aa596df558162839e7594b7fd12559a3
Reviewed-on: https://code.wireshark.org/review/765
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Each package is dissected using a reference to object indeces, so
that in the view of the dissector output, a clear indication
to what the index means and what the subindices mean is given.
Additional special entries (mappings, timestamps) have their own hf
fields, and can be searched for via display filter.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I928c11a9f4a5b762c8947713a0f70e03bd711158
Reviewed-on: https://code.wireshark.org/review/730
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Lukas Emersberger <lukas.emersberger@br-automation.co.at>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Adding a typedefinition which can be deactivated, so
that certain types of frames are only detected in their
respective transport protocols
- Rename bytes array as it is a key-word for some IDEs and
hinders syntax checking
- Add node info to the time request from/by fields
- EPL: add message type to heuristic dissection call
Change-Id: Ia572bb68fc1d24d70e72b77867f0dad323b055b9
Reviewed-on: https://code.wireshark.org/review/750
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There have been enough gnarly bus in sip/sdp/rtp that it needs
to have good debug printing. Using a debugger isn't good enough
because there's interaction across multiple frames and it's too
hard to follow what's going on without real printed data history.
Change-Id: Ifb5bb1fb580be81f988569ece79d238a9c030c34
Reviewed-on: https://code.wireshark.org/review/688
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes the crashing on buildbot, but only in the sense that
it now calls DESSECTOR_ASSERT_NOT_REACHED() for the case that's
causing the crash - which is a null dereference, due to something
going wrong in add_tagged_field() of packet-ieee80211.c.
I don't know what the right thing to do is, but at least this
gets buildbot going again. (that file is over 25k lines!)
Change-Id: I1658944f9704a071dffc7f4834b9294fffc0e7ba
Reviewed-on: https://code.wireshark.org/review/757
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently, some systems write out big-endian Prism headers (probably
big-endian-MIPS-based Wi-Fi APs running $LINUX_DISTRIBUTION and the
like), so check for both big-endian and little-endian message codes,
and, for the fields in the header, use the byte order that matched.
Change-Id: Ia13df606676bb7dbc5d12fe4e297681bebb6f478
Reviewed-on: https://code.wireshark.org/review/759
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I8e080b250b81976898d2950da9e91fb32b719590
Reviewed-on: https://code.wireshark.org/review/756
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I17e4bb3968e503b250b9c8d6a7a9bb2abf0f6868
Reviewed-on: https://code.wireshark.org/review/755
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Now Androit Logcat (Logger) binary logs are supported.
Try "adb logcat -Bf /sdcard/log.logcat; adb pull /sdcard/log.logcat".
Also there is possibility to save logs to text format like by "adb".
Change-Id: If7bfc53d3fbd549a0978d1dbf96f3fff671fd601
Reviewed-on: https://code.wireshark.org/review/235
Reviewed-by: Anders Broman <a.broman58@gmail.com>
packet-ieee80211.c:8583: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8584: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8585: warning: integer constant is too large for 'long' type
Change-Id: I5badc6e0d2595d4353e33cd273d55f28737b34a8
Reviewed-on: https://code.wireshark.org/review/737
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If the interface class is not yet known (for example, in the enumeration
phase; or if the interface descriptor was missed), then a HID descriptor
would not get dissected. Instead of printing an unhelpful "unknown
descriptor" message, always try to find a HID descriptor.
Change-Id: Ic162d6b93b0428a1edd3a925229093dfcc52c42d
Reviewed-on: https://code.wireshark.org/review/735
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This makes the usb.data_fragment field more useful in tshark, i.e.,
showing the bytes for the data stage. Previously, the GUI would just
show the "Data Fragment" text label which is not really useful on its
own.
Change-Id: Id0ca39a9a144a37aa6d0b4ae65c1d655deb76748
Reviewed-on: https://code.wireshark.org/review/734
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
packet-ieee80211.c:8581: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-ieee80211.c:8582: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8583: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8583: warning: implicit conversion shortens 64-bit value into a 32-bit value
packet-ieee80211.c:8584: warning: integer constant is too large for 'long' type
packet-ieee80211.c:8584: warning: implicit conversion shortens 64-bit value into a 32-bit value
Change-Id: I8f8c5518239c7d6e55006abfca8d9452f9a09c6a
Reviewed-on: https://code.wireshark.org/review/733
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(according to the 9th draft of the standard)
Closed-bug: 8594
Change-Id: I742726027bcab7d25ca4a9ce3a406518db6d272f
Reviewed-on: https://code.wireshark.org/review/632
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
trailing space in packet-lg8979.c
Change-Id: I80e5c93846c66aad1d1bc6f91b20501e0f384a6c
Reviewed-on: https://code.wireshark.org/review/729
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Buildbot found a crash which is cause by a bug that has
been there all along, but a recent change exposed. This bug is
likely in 1.10.6 as well, so I'll backport this if I can
reproduce it in 1.10.6.
Change-Id: I505bc73cbe6281e6d64f00de441c8e6231b55000
Reviewed-on: https://code.wireshark.org/review/702
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Commit includes dissector code for lg8979 as well as additions to RTAC Serial code to call dissector when required.
See bug report 9874 for further details and sample pcap files
UPDATE1: L&G 8979 commit for addressing comments from Anders and Alexis and added Cmakelists.txt
UPDATE2: address further comments from Alexis re. proto_item_set_text / proto_item_add_text entries. Also add modelines
UPDATE3: fix compilation error noted by Alexis
UPDATE4: address proto_tree_add_* comments from Michael
Change-Id: I6e69d2b7b7e91e6efa12e4a5fb7dbd140c0540ed
Reviewed-on: https://code.wireshark.org/review/610
Reviewed-by: Michael Mann <mmann78@netscape.net>
(based upon an OK from Anders).
(The commit caused 'reload_framing_info' to be referenced before being set).
This reverts commit b3ce4ecc14.
svn path=/trunk/; revision=52004
Change-Id: If715e1cad041fd832f460411cc652d9b5764d069
Reviewed-on: https://code.wireshark.org/review/718
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Use tvb_reported_length() iso tvb_length() in various places;
- Add some 'if(tree) {...}';
- Remove an unneeded length-check;
- Use a consistent formatting style for hf[]array entries;
- Do some minor whitespace changes;
- Add editor modelines.
Change-Id: Iac0a74142c5a5944e69fc911e54b0fbdfd1f5bab
Reviewed-on: https://code.wireshark.org/review/717
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
(Found by Jalil Moraney in change to add 802.11ad support review 632)
Change-Id: I547bf647ae7400633ad27c7849088fd088928075
Reviewed-on: https://code.wireshark.org/review/708
Reviewed-by: Anders Broman <a.broman58@gmail.com>
../../asn1/atn-ulcs/packet-atn-ulcs-template.c(126) : fatal error C1083: Cannot
open include file: 'stdint.h': No such file or directory
Change-Id: I8825a2f0b6440ec5a4bbfb49ea5c183dd8cbf03f
Reviewed-on: https://code.wireshark.org/review/705
Reviewed-by: Anders Broman <a.broman58@gmail.com>
precedence filling in the avp_item string. Use that in a couple of places.
Change-Id: I1af7a1ca4c14fb56ddeaab336202e6c2a18e556b
Reviewed-on: https://code.wireshark.org/review/699
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There have been discussions on -dev about removing this and I believe I was the last holdout. Finally convinced that I should just have a local copy (ignored by git)
Change-Id: Ic72a22baf58e3412023cf851f0fce16eb07113b0
Reviewed-on: https://code.wireshark.org/review/681
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
[ 5%] Building C object epan/CMakeFiles/epan.dir/dissectors/packet-umts_fp.c.o
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c: In function ‘umts_fp_init_protocol’:
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4526:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->iface_type = uat_umts_fp_ep_and_ch_records[i].interface_type;
^
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4527:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->division = uat_umts_fp_ep_and_ch_records[i].division;
^
/home/jmayer/work/wireshark/git/epan/dissectors/packet-umts_fp.c:4533:17: error: enum conversion in assignment is invalid in C++ [-Werror=c++-compat]
umts_fp_conversation_info->rlc_mode = uat_umts_fp_ep_and_ch_records[i].rlc_mode;
^
cc1: all warnings being treated as errors
Change-Id: Ie783a261c40d26ffd105822d5f45bd0513aa1914
Reviewed-on: https://code.wireshark.org/review/693
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
presetup conversations with FP dissection data.
Change-Id: Ibced63bf944d7268751f8055095eb26477664be1
Reviewed-on: https://code.wireshark.org/review/643
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-icmp.c:1245:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1245:7: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1245:30: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1245:30: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1254:6: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1254:6: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1254:29: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1254:29: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1623:7: error: taking the absolute value of unsigned type 'guint32' (aka 'unsigned int') has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1623:7: note: remove the call to 'abs' since unsigned values cannot be negative
packet-icmp.c:1629:7: error: taking the absolute value of unsigned type 'guint32' (aka 'unsigned int') has no effect [-Werror,-Wabsolute-value]
packet-icmp.c:1629:7: note: remove the call to 'abs' since unsigned values cannot be negative
Change-Id: I6b344d01b8239fb93aedf95d954ef1243ba45a6b
Reviewed-on: https://code.wireshark.org/review/673
Reviewed-by: Anders Broman <a.broman58@gmail.com>