Support type 0 (legacy), type 1 (peek), type 3 (pcap+radio) mode
via preference
type 2 (airmagnet) is no yet supported
Change-Id: I4f0d10e5d9b87bdcf5863d84e565201acaeee45b
Reviewed-on: https://code.wireshark.org/review/647
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We no longer need a preference to determine the byte order of the T and
L in the TLVs, as libpcap and libwiretap both, when reading a file,
translate from the file's byte order to the reading host's byte order
and, in fact, currently don't use the variable in which the preference
is stored; eliminate the preference.
Change-Id: Id06a6284960c1ac77028af07f3937eb4a7b0acaa
Reviewed-on: https://code.wireshark.org/review/656
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bugs fixed:
- Catch exceptions during heuristics test so that the sequence of
dissector heuristics tests is not terminated abnormally;
(Prevents incorrect tshark "one-pass" dissection);
- Comment out registration of heuristic for TCP; TCP dissection
requires different code than for UDP. ("XXX: ToDo" added)
Misc:
- Create/use two extended value_strings;
- "UL" is not needed as a modifier for several constants;
- Remove some unneeded initializers;
- Localize some variables;
- Remove unneeded '#include <stdlib.h>
- Do some whitespace changes.
Change-Id: Ida11cb6b26911c0032155fde7491dd2a6f136c34
Reviewed-on: https://code.wireshark.org/review/650
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Added the field information for Phase 1 for the Send Routing Info
For Sm message per request of ticket 9704. Code per the suggestion of
Anders Broman. Adding Phase 1 code to GSMMAP.asn.
Did not have any data to verify that the change worked.
Change-Id: Ic387e2e12e8893abb0f453f5010909ffbfd1808c
Reviewed-on: https://code.wireshark.org/review/147
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Make field filterable and use value_string for status
Based from capture available in bug 9855
Need to continue... lot of enhance is possible in ZigBee dissector...
Change-Id: I0ac84e05a7b8b54e9879abbb7495034318188394
Reviewed-on: https://code.wireshark.org/review/631
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The PeekRemote headers are 802.11, so "Dot80211" is redundant.
"Wep" really means "Protected" as there's also WPA/WPA2.
"FlagsN" means "802.11n", not "802.11ac", and the "n" in "flagsn"
indicates that. Also, "Hz" stands for "Hertz", as in "Heinrich Hertz",
so the "H" is capitalized.
Change-Id: If46cc4859ae8d65a199c9ad1fd48d2f2128ccd3d
Reviewed-on: https://code.wireshark.org/review/630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This adds support for a variant of the current Aruba ERM format,
a new format that provides rdio information. This addresses
enhancment bug 9880.
Change-Id: Ia38ff09d9f814193bdc544466dbd005123771262
Reviewed-on: https://code.wireshark.org/review/629
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That just breaks too many things.
This catches the examples of that found in bug 9878. There might be
others that my grepping didn't find.
We should also have the checkAPIs.pl script check for this, so this
isn't a full fix for bug 9878.
Change-Id: I3bf6f1fc0fe8654d0f54a995e72f1966ae012f5e
Reviewed-on: https://code.wireshark.org/review/623
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Information about value of flags from Emburey
Change-Id: Iba79fba8e95cd2fc80f6fba5fa937d5485fbb381
Closed-bugs: 9586
Reviewed-on: https://code.wireshark.org/review/595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
The behavior for SIP/SDP handling of RTP conversation tracking
changed in v1.10, with some unintended consequences. The bugs did not
show up at the time because wireshark makes 2 passes of the packet list,
and so the problems auto-corrected themselves in most cases. Unfortunately,
a change in r53641 modified how UDP behaves, making it always create
conversations for UDP packets, and that exposed the bugs inherent in the
SIP/SDP code changes.
This commit reverts the behavior of SIP/SDP to its pre-1.10 model, but
creates a new preference setting for "Delay SDP changes for tracking media",
which if enabled, will turn on the new (but buggy) model introduced in 1.10.
This preference is *disabled* by default, since for a majority of cases the
new behavior is worse than the previous behavior.
The preference, and this commit's fix, is not intended to last long. I intend
to re-write the SIP/SDP/RTP interaction model for release 1.11 - I think it's
too big a change for 1.10, however, which is why I submitted this commit.
Change-Id: Ic5601749d6c2344e952ced8206dd9296bfdc4b90
Reviewed-on: https://code.wireshark.org/review/543
Reviewed-by: Evan Huus <eapache@gmail.com>
The status line of the 200 OK during a deregistration is (1 bindings), but it
should be (0 bindings). Wireshark should check the "expires=0" in the contact
header not just count the number of the contact lines. But since it's not
truly valid to have expires=o contacts in responses, this commit adds expert
info warning of such.
Also, the REGISTER request itself already says "(remove all bindings)"
in the Info column currently if the Contact was a '*', but it didn't
say something similar if only de-registering one or more explicit
contacts. This has been fixed as well.
Lastly, this fixes three other bugs I found while reading the code and testing:
(1) comma-separated Contact headers will be displayed as a single one if
the first one(s) don't have header params but a subsequent one does; and
(2) the last Contact header param is displayed with the trailing '\r\n'
header separator; and (3) the SIP REGISTER response code displayed contact
binding info for responses other than 2xx, which isn't logical.
Since all of these are in the same area and not critical, I'm lumping these
all together.
A test capture file used for testing is attached to the bug.
As an aside, the SIP header parsing code needs to be refactored. Most SIP
headers follow a common ABNF pattern, and should be parsed using a common
function(s) so these issues don't crop up for specific headers.
Change-Id: I16c531fcb244dc121fc0e8046908e475b41489f9
Reviewed-on: https://code.wireshark.org/review/612
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Fix modelines (no CR after modelines)
* Add UDP Port (Attributed in draft 04 Port 4789)
* Update link to last draft (no specify change)
Change-Id: I4cd89719ae00eb64ce4c234c39b9e18cdc1b8b93
Reviewed-on: https://code.wireshark.org/review/613
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
this was broken in 21aa7168c7
to be on the safe side, we assue that return value >= 0 means success,
< 0 means failure
Change-Id: I1d03000e6b6d70fac6bef8766d28990d953c8e27
Reviewed-on: https://code.wireshark.org/review/609
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- For PollResponse-Chaining SyncReq and SyncResp frames were introduced.
Those frame-types are not recognized by Wireshark yet.
- Currently only the FeatureFlags 0-13 where interpreted by Wireshark.
Flags 14-15 and all extended flags where missing.
14 = SDO Read/Write All by Index
15 = SDO Read/Write Multiple Parameter by Index
16 = Multiple-ASend Support (TRUE = Device supports Multiple-ASend; FALSE = Device doesn’t support Multiple-ASend)
17 = Ring Redundancy (TRUE = MN supports ring redundancy; FALSE = MN does not support ring redundancy)
18 = PResChaining (TRUE = Device supports PResChaining; FALSE = Device does not support PResChaining)
19 = Multiple PReq/PRes (TRUE = Device supports Multiple PReq/PRes; FALSE = Device does not support Multiple PReq/PRes)
20 = Dynamic Node Allocation (TRUE = Device supports DNA; FALSE = Device does not support DNA)
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ac19f8b71b1be1094f410141c0f806996b1cb25
Reviewed-on: https://code.wireshark.org/review/589
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0f6887c86afeb5b4ae8b9910688863c7dc866a99
Reviewed-on: https://code.wireshark.org/review/599
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
don't make private key and keylog file mutually exclusive
if we find a private key that does not match or is not usable for
getting the pre-master secret (e.g. because we're using an ephemeral
cipher suite), don't give up and exit with an error
continue reading the keylog file and search for our master secret there
Change-Id: I59fb460339e3e606a077b3a902fa1f9777b5e118
Reviewed-on: https://code.wireshark.org/review/590
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- Remove _U_from a function param;
document usage of the param;
add a DISSECTOR_ASSERT for the param;
- Remove a few unneeded variable initalizers;
- Use -1 iso tvb_length() in proto_tree_add_protocol_format(..);
- Add editor modelines.
Change-Id: I7d7a8ea1176a26ea319d9fc0dab5d3a51050edd5
Reviewed-on: https://code.wireshark.org/review/584
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- fixes the wrap multiplier (for COUNT) for 12-bit sequence numbers
- fixes dissection of non-ciphered IP payloads
- adds a way for private protocols to set keys. The ueid->key lookup is now broken out into a separate function, and these settings are used in preference to the UAT ones
Change-Id: I723307df3ee20425897b82beb9b431a0860075cf
Reviewed-on: https://code.wireshark.org/review/583
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
add newline at the end of the file
Change-Id: I9a10751977260bd24497734f3788b5e794a3dd8d
Reviewed-on: https://code.wireshark.org/review/578
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I6eee13cda755b1f1d1a61288a6314fcebb681efb
Reviewed-on: https://code.wireshark.org/review/180
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8fe6ceb148ec8145a1e71002d42bbdace58edbb6
Reviewed-on: https://code.wireshark.org/review/574
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Discovered investigating bug #9833, not the cause of that bug.
Change-Id: I53ee5c792eba8429d2c203c03e2f359a433ca262
Reviewed-on: https://code.wireshark.org/review/562
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Ic57c2a36c88a7528c4e37681bc5db4309174019d
Reviewed-on: https://code.wireshark.org/review/463
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
IE "chosen channel" in message "perform location request" on Lb interface (BSC <-> SMLC) is decoded incorrectly. IE "chosen channel" on Lb interface is decoded as 2 octets data.
It should be 3 octet IE on Lb interface (IEI, length and data).
Change-Id: Ic815a7b4ac08a035c5b292985c64d14e986fe8d7
Closed-bug: 9531
Reviewed-on: https://code.wireshark.org/review/565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise it runs past the end of the array into stack memory. Should fix the
intermittent DVB-CI decryption test suite failures.
Change-Id: Ice17497e661c8579baf3a546efcb5529beda6b49
Reviewed-on: https://code.wireshark.org/review/559
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This patch adds some more ciphers to the list of ciphers that can be
decrypted by wireshark. Most of them are PSK based ciphers. To do the a
actually decryption in most cases the TLS pre master secret or the
master secret is needed.
In the changed lines just a comment with the name of the cipher was
added.
This was generated with the help of Peter Wu's generate-wireshark-cs
script from https://git.lekensteyn.nl/peter/wireshark-notes.git .
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change-Id: I347dc5a530380a04cc00418640f00bbda0db8de8
Reviewed-on: https://code.wireshark.org/review/558
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Need to continue on other packet-dcerpc-* file...)
Change-Id: I536d52017940cac9c810693045649a67e77a336a
Reviewed-on: https://code.wireshark.org/review/549
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This corrects a couple issues with the DNP3 Dissector:
- Refactored Read Object String lookups to use value_string
- Corrected issue with multiple object types in a single read not being processed
- Added processing for Direct Operate No ACK Messages
Fixes issues noted in Bug 9839
Change-Id: I9895e509a8d3931c805ce53b718a4951f8f8039e
Reviewed-on: https://code.wireshark.org/review/538
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.
Fixes BTLE dissector to correctly extract packet CRC.
Adds CRC checking to BTLE dissector.
Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.
Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When there is more then one interface or adapter then AVDTP dissector
incorrectly mixing it data together. Patch extends keys to support
multiple interfaces/adapters. Also do little simplification on trees.
There are two device, both use SEPs to configuration and
it is possible to use the same SEID. SetConfiguration use
remote "ACP" SEID and local "INT" SEID, so there is need to
distinguish them and please remember then INT SEID types can be
unknown in most case.
Change-Id: I150f3625f532386a1078deb8d0ac70a1c05c3f04
Reviewed-on: https://code.wireshark.org/review/473
Reviewed-by: Evan Huus <eapache@gmail.com>
When a single media line is rejected in an SDP answer, for example a second
'm=video' line, wireshark disables ALL media sessions, instead of just that
one. But per the RFCs, all it should do is disable just the one RTP media
session the m= line represents. This commit fixes that, so that a disabled
media session (one with a m= port of 0) in the SDP answer only disables its
associated/paired media stream in the offer.
Change-Id: I9bd0d3fc88b8eaa55207c9bf3f3e37da7746fd14
Reviewed-on: https://code.wireshark.org/review/526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
LE Advertising Report with length 0 is valid, so check
it before dissecting adverising data.
Change-Id: I4937ec2de5d703b05c6e5f5bac7f81d153e49b40
Reviewed-on: https://code.wireshark.org/review/475
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib8779b0db790a78fff8bd1970a7240bbd8f49f75
Reviewed-on: https://code.wireshark.org/review/537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I397eeed3008d91aeb6c025c9146b9ed6d98881a6
Reviewed-on: https://code.wireshark.org/review/535
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Source/Destination BD_ADDRs and name are filterable.
Also simplify code around wmem trees, and enable commented "data"
field in unreassembled case and fix btl2cap offsets
(discovered by enabling "data" field).
Change-Id: Ic28c9bf19bcd6281b652be538b221da74df4bb76
Reviewed-on: https://code.wireshark.org/review/471
Reviewed-by: Evan Huus <eapache@gmail.com>
Interface ID should correspond to the Wireshark Interface Id
to avoid mixing data from various interfaces in dissectors.
Change-Id: Ibaa3ddab7f0ebd0985efea74439b94a5881145a7
Reviewed-on: https://code.wireshark.org/review/472
Reviewed-by: Evan Huus <eapache@gmail.com>
When capturing, they'll be in host byte order. The top of the libpcap
trunk and 1.5 branch, when reading a file, will, if necessary, byte-swap
the type and length values so that they're in the byte order of the host
reading the file (rather than the host that wrote the file).
Do the same when we read a file, and have the NFLOG dissector assume
host byte order for those fields.
Change-Id: I493aed1e07b626af1157d75f3bc293b0a694ad07
Reviewed-on: https://code.wireshark.org/review/148
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Create a placeholder protocol tree item under which to put the options,
do the analysis of fields from the fixed-length portion of the TCP
header (such as sequence numbers), and then do a straightforward
dissection of the options, throwing an exception if we run past the end
of the options field.
This is a bit simpler, and doesn't add confusing notes about
truncation of the options.
XXX - we're currently not including selective acknowledgments in any of
the SEQ/ACK analysis; should we? That means, of course, that we have to
dissect the options before doing that analysis, and if the options were
cut short by slicing, you lose....
Change-Id: I425a6c83f26512b802267f76739cbf40121b3040
Reviewed-on: https://code.wireshark.org/review/511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The content of a YMSG message is a sequence of lines, each one of which
contains a text string (in some ASCII-based encoding) for a key, a
0xc080 separator, and a text string (in some ASCII-based encoding) for a
value. That's not a string in any ASCII-based encoding I know of - 0xc0
0x80 is not, for example, a valid UTF-8 sequence (it's a too-long
sequence for NUL).
This should fix bug 9832:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9832
by avoiding the general "GTK+ on Windows crashes when asked to copy
something that's not valid UTF-8" problem.
Fix some field descriptions while we're at it.
Change-Id: I4084dabc89b0186ecd1a7329452ca2f1cb48f1c0
Reviewed-on: https://code.wireshark.org/review/488
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Multiple value string arrays were defined in packet-fcels.h (which was included
in two differnt .c files). Only one of the arrays was actually used in two
different .c files. All the value_string arrays (and most of the #defines)
moved to packet-fcels.c.
- Other:
Use -1 instead of tvb_length() for the length param of several proto_tree_add...() calls.
Add editor modelines.
Change-Id: Idc642caf1c8d62b658147a234d5560b8f2fd0630
Reviewed-on: https://code.wireshark.org/review/479
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Value string arrrays should never be defined in a .h file (especially one
included in multiple .c files).
So: a. The value_string array (and associated #defines) was moved from the .h file
to packet-rtp_events.c
b. A public extended value_string was created in packet-rtp_events.c
and declared as external in packet-rtp_events.h
- Other:
Remove a few unneeded initializers;
Add editor modelines.
Change-Id: Ib580c3e50ab5ce79484c9c6af57f62ca604b57d1
Reviewed-on: https://code.wireshark.org/review/468
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Move setting COL_PROTO & clearing COL_INFO to before a tvb fetch which
could cause an exception;
- Remove some unneeded initializers;
- Fix up some long-lines and whitespace;
- Use a consistent indentation;
- Add editor modelines.
Change-Id: I8a8015a65d5dc581ed02cbd134231481b9f96263
Reviewed-on: https://code.wireshark.org/review/467
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I9e50920fbc09fdf0650be3a63fee8153ce0fd3df
Reviewed-on: https://code.wireshark.org/review/462
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I8ecfdb1c366310d224660e89c99136a0a9f4a067
Reviewed-on: https://code.wireshark.org/review/461
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Ia1db91ef9344e46a3f32204bbf9cdbcc514980ce
Reviewed-on: https://code.wireshark.org/review/460
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I1e9ff715c3e315c9e36abb69fb5f441b71477501
Reviewed-on: https://code.wireshark.org/review/459
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I1542d715594b1b90e2442edb6f220ddc4dd99675
Reviewed-on: https://code.wireshark.org/review/458
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I355600320865a9c7c17093d37fc693b02f0a7f0c
Reviewed-on: https://code.wireshark.org/review/457
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Idea44f0e4678f738336215f4a250b9e9d9a60fbc
Reviewed-on: https://code.wireshark.org/review/456
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I81ef4cd363acf6cff99fd0f75b135962c4c22f53
Reviewed-on: https://code.wireshark.org/review/455
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
It's still O(n) in the worst case since the comparison function doesn't appear
to be suitable for use in a tree or hash-table, but at least we no longer spend
O(n) by default just finding the end of the list so we can iterate backwards.
Discovered while investigating bug #9823, but probably not the cause of that
bug.
Change-Id: Ib6c3691cff8e7fa49703df7c75635ef797c8fbe8
Reviewed-on: https://code.wireshark.org/review/443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Misc changes:
- sort entries in an enum by value;
- add some XXX notes as to possible missing entries in a value-string array;
- remove an unneeded initializer;
- 0 --> FALSE for several boolean values;
- whitespace.
Change-Id: I6c8f1c1f37edad120d979fcd2d7278e7981ca5a7
Reviewed-on: https://code.wireshark.org/review/449
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- val_to_str() -> val_to_str_const() in a few cases;
- localize some vars;
- remove some unneeded initializers;
- convert "4 space tabs" indentation to "4 spaces";
revise editor modelines to match;
- do some whitespace changes.
Change-Id: Ic91df02022971c973b27c71e6127395ed3ef06d3
Reviewed-on: https://code.wireshark.org/review/448
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
- Use VALUE_STRING_ENUM/VALUE_STRING_ARRAY macros to create one of the
value string arrays instead of using the usual separate #defines & array definition;
- Remove a few unneeded initializers;
- prefs_register_protocol() need not be called under 'if (gp_zbee_prefs == NULL)'
- Do some minor whitespace changes;
- Add editor modelines.
Change-Id: I33669b25fa18ecc452b83a0d88a6c0b33aae904a
Reviewed-on: https://code.wireshark.org/review/441
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Also put a note in sctpppids.h saying that only IANA-registered PPIDs should go
in that file. Inspired by the rejection of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4332
Change-Id: I763aad7d1b69e9d36c798061473438ce3cb66ca1
Reviewed-on: https://code.wireshark.org/review/434
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
Offloading seems to be very common nowadays and having this option
enabled by default generates a lot of false positives. Suggested by
Laura Chappell.
Change-Id: I285f218efb3c9f164d8ad7a6d6de8270e442ffff
Reviewed-on: https://code.wireshark.org/review/426
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The HomePlug AV dissector was not consistently using the
HOMEPLUG_AV_MMVER_1_1 constant and was sometimes using it and sometimes
using mmver == 1 directly. Make sure we use that constant throughout the
code to help clarifiying which version tests are applying to.
Change-Id: I602413163e4e44dedfbf3e2364448a951fa70f54
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Reviewed-on: https://code.wireshark.org/review/428
Reviewed-by: Evan Huus <eapache@gmail.com>
dissect_homeplug_av_nw_info_sta() was processing stations
information correctly, except that after the first station dump, all
dumps would be off-by-one byte because we were not reserving a missing
byte at the end of the station dump. Fixes#9798.
Change-Id: Iff3afd5ff536ae718fa446de3c59cd5e9851ff20
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Reviewed-on: https://code.wireshark.org/review/427
Reviewed-by: Evan Huus <eapache@gmail.com>
A malformed capture could cause the zbee-nwk-gp and 6lowpan heuristics to be
called with an incompletely-initialized structure, leading to valgrind errors.
Change-Id: Iaea6daecdca6856466b58071f095930e68c6e159
Closes-Bug: #9735
Reviewed-on: https://code.wireshark.org/review/418
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
The URLs for the CRC-10 code are dead; use Wayback Machine URLs.
Change-Id: I3924e9cabb3b49b0e1abb31fbffa9b89f95cd0ce
Reviewed-on: https://code.wireshark.org/review/419
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We support ISO 8859-1 and 8859-8, so use proto_tree_add_item() for them.
That leaves only EUC-KR.
Change-Id: Ie61f69af43be03e5abeb84b95601a407900fb79b
Reviewed-on: https://code.wireshark.org/review/403
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If there are 8-bit "extended ASCII" encodings, either one should be
wired in or there should be a preference for them.
Change-Id: Id62381b2579e8edf3719bd92959821c21f7ba223
Reviewed-on: https://code.wireshark.org/review/402
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is implemented based on the documentation, I sadly don't
have a capture to verify this.
Change-Id: Ia7dc371cb5b17ea42be0e686c97797f8c06ccabd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/358
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also, note that the "8-bit" encoding is "user-defined".
Change-Id: Ic4786873150d837d8793d2d3d20af50cd0003cc7
Reviewed-on: https://code.wireshark.org/review/399
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix also indent for other custom...
Change-Id: Ic95b65d5217a0d1e967892ac2694f3ba749242fb
Reviewed-on: https://code.wireshark.org/review/379
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This will have to wait until the SMB Direct dissector is actually
committed. There's no point in getting a bunch of "OOPS: dissector
table "smb_direct" doesn't exist" messages every time you run Wireshark
or TShark.
Change-Id: I9772eb3f119822fbeaa78876570798d49bb4cab9
Reviewed-on: https://code.wireshark.org/review/382
Reviewed-by: Guy Harris <guy@alum.mit.edu>
So use tvb_get_string_enc() with ENC_UTF_8|ENC_NA.
Use tvb_reported_length() while we're at it.
Change-Id: I75bfa9abb23ca411dca5844dd56fe062d16319e0
Reviewed-on: https://code.wireshark.org/review/380
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not use of tvb_get_string(): what we really want is the byte string, not an ASCII string
Change-Id: I8b9a8b7ccacbdaf6d9525771ff8ed883ba01ad34
Reviewed-on: https://code.wireshark.org/review/329
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
../../asn1/h248/packet-h248-template.c:1222:31: warning: Value stored to 'prop' is never read
if (!prop->dissector) prop = &no_param;
Change-Id: I6d380fbb5fef9dc548385b0b470aea1cb3c34df1
Reviewed-on: https://code.wireshark.org/review/301
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In malformed sip-sec header fields, missing spi-c/spi-s values will
cause thie 'value' pointer to remain NULL, leading to bad things.
This fix checks for that and adds an expert warning about malformed
sip-sec mechanism.
Change-Id: Ia7d1741fc8d829dd14e5c68f21fa99282eddbeab
Reviewed-on: https://code.wireshark.org/review/299
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is a permanent solution for bug #9786. guint overflows
are now prevented, and the remaining length is queried from
tvb and taken into consideration.
As a side-effect, the fix brought up two bugs in the openSAFETY
dissector, which where fixed as well.
Upd: Remove stdio.h and fix one encoding error found by
fix-encoding-args.pl
Change-Id: Ic2d478a8ea15b0bcfd2536a074c217daf610fe08
Reviewed-on: https://code.wireshark.org/review/291
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
It appears we're only working on four chars anyways, so the cast to gint should
be safe.
Reverts 602d7d3d39
Change-Id: Ice101fea7dd7fe4cc65f0d673210c0c791cbe1c5
Reviewed-on: https://code.wireshark.org/review/277
Reviewed-by: Evan Huus <eapache@gmail.com>
fixes build errors on certain 32-bit systems
Change-Id: I6476107aa753b670df6bede0ce15ea6760e52aeb
Reviewed-on: https://code.wireshark.org/review/274
Reviewed-by: Evan Huus <eapache@gmail.com>
ADB Client-Server Protocol is protocol between adbd
(ADB Daemon aka Server) and adb client (aka adb).
Typically you can find it on "lo" interface over TCP protocol.
Change-Id: Iad008560c983f5ede554e1eaa728d703aae95eed
Reviewed-on: https://code.wireshark.org/review/233
Reviewed-by: Evan Huus <eapache@gmail.com>
BlueZ 5/Linux Kernel introduced new way to sniffing Bluetooth interfaces.
We are ready to use it. Libpcap provide new interface called
"bluetooth-monior".
Also fix trivial typos.
Change-Id: Ic608a3d8553bbebbb21f2733ec92c758cbf8f707
Reviewed-on: https://code.wireshark.org/review/253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Details:
- Use dhcpv6_domain() to handle dissection of certain FQDN fields:
+ OPTION_AFTR_NAME: Don't use get_dns_name(); It allows "compression"
which is not valid forthis field.
+ OPTION_CCCV6_IETF_PROV_SRV: Replace use of swap_field_length_with_char();
Fix bug which caused invalid "expert" message.
+ OPTION_CCCV6_KRB_REALM: Remove validation; replace use of swap_field_length_with_char().
- Allow filtering for each different FQDN field (rather than using a generic "dhcpv6.domain"
for the various FQDN fields).
- Fix some bugs in the display of the dissection for NTP_SERVER_OPTION;
- Add some "XXX ToDo" comments.
- Add some comments as the to specific RFC for certain options;
- Note that RFC 4075 is now "deprecated";
- CL-SP-CANN-DHCP-Reg: version I10 is the latest as Feb 2014.
Change-Id: I82edafb8293b71037b84629406ce609f9a835f04
Reviewed-on: https://code.wireshark.org/review/257
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
Change-Id: I1e827ad4d2cf64411c5a87f4710235dc4d6efc35
Reviewed-on: https://code.wireshark.org/review/250
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Found by Massimo Vellucci
Change-Id: Ibbe2d0a4d1e421e647028262baf0398d05905c8d
Reviewed-on: https://code.wireshark.org/review/246
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Logcat can be exported from ADB over USB or ADB over TCP where can occur
multiple Logcat PDUs in one frame.
Change-Id: I290fa131e5600c62357e5be4e76096ea5c35364b
Reviewed-on: https://code.wireshark.org/review/234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
AVDTP does not specify byte order of protocol, but define that at byte level
(MSB/LSB). Moreover: Codec VendorId is in Little Endian and this patch fix that.
Change-Id: I91d8e9321e9909cb07d92d3df348ab6e1e5b1e1b
Reviewed-on: https://code.wireshark.org/review/222
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Z field of edns0 in Additinal records is decoded to text description incorrectly (wrong bitmask)
Found by Jittinan Suwanrueangsri
Closed-Bug: 9767
Change-Id: I8171b211cce79cb096a0f354764992f5cb18617c
Reviewed-on: https://code.wireshark.org/review/226
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Found by David Howells
Change-Id: Ic86e44b528069be8e43c1262c68afedcd159de23
Closed-bug: 9762
Reviewed-on: https://code.wireshark.org/review/225
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Up until now, openSAFETY hooked into a heuristic filter for epl
and dissected the whole package, handing back some epl header
information by calling epl again. This was time-consuming and
on a busy network led to an increase in dropped packages and
memory usage, as well as unresponsivness.
This patch only takes the payload data of epl frames, and
therefore greatly reduces the dissection overhead of openSAFETY.
On a second note, intergap data between safety frames is now
being displayed as Data, but only if the option for doing so
is specifically enabled in the openSAFETY preferences, as it
changes the behaviour of the dissector output.
Upd: Because of the gap handling, some frames where marked
as being truncated, although they were not, or did not contain
openSAFETY frames at all. In the course of the fix for this,
the byte copying for the byte swap with MBTCP has been moved
to only occur when needed, and is additionaly guarded.
Upd2: Identation and comment fixes
Upd3: Change memcpy to memdup and move find_dissector ( "data" )
to proto_reg_handoff
PLK: Store data dissector pointer
Move the if-clause to proto_reg_handoff as documented
in comment of Change-id: 191
Change-Id: I3038ed465900a2b5e63b3a0967abd62a4c66f318
Reviewed-on: https://code.wireshark.org/review/191
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Up until now, the heuristic dissector for epl allways passed the
complete epl frame. Therefore a lot of information got passed,
which was not needed, resulting in subdissectors to have to call
the epl dissector again, if the epl data had to be dissected.
This patch adds a second heuristic dissector (not breaking the
way, the existing one is working), which only passes the payload
of the epl frame to a sub-dissector, therefore reducing memory
overhead and increasing dissection speed.
Upd: Changes according to comments in patchset
Change-Id: I2ef309310f421f24d96dd1c188e188ccfa5935cd
Reviewed-on: https://code.wireshark.org/review/190
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
and fix up the msg names.
Change-Id: If2cc51a99bc236e840fea274d32989a5fe96aa29
Reviewed-on: https://code.wireshark.org/review/199
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
RFC 7118: The WebSocket Protocol as a Transport for the Session Initiation Protocol (SIP)
No yet support of auto-detect subprotocol (via Sec-WebSocket-Protocol)
Change-Id: I16e8ddd37002b3982673bd4a4a7b15f6200a4d85
Reviewed-on: https://code.wireshark.org/review/192
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
- Add expert info about skipped notify IP address
- Add a couple of comments (cosmetic)
Change-Id: I6caa904cf16b304724c5da1933531cf865daf619
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Reviewed-on: https://code.wireshark.org/review/171
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
packet-parlay.c:53643:9: warning: passing argument 2 of 'get_CDR_wchar' from incompatible pointer type [enabled by default]
packet-parlay.c:53667:9: warning: passing argument 2 of 'get_CDR_wstring' from incompatible pointer type [enabled by default]
Change-Id: I027809139e74b563e759f28e2e141951166e53d0
Reviewed-on: https://code.wireshark.org/review/170
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>