that it exists.
Change-Id: I1986b7678193f3b4c9ed8cabff7e411cef5bf185
Reviewed-on: https://code.wireshark.org/review/23892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Expose the PSN (packet sequence number) and the RETH DMA length
to protocol's dissectors.
Change-Id: Ied53a8964d7cd5c3d148ec7c7642017951e56118
Reviewed-on: https://code.wireshark.org/review/23886
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I4f3af7e06169461a15507ed8ecce8f15075b9667
Reviewed-on: https://code.wireshark.org/review/23835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
declaration of rand shadows a global declaration
Change-Id: I98f4edb14cd241bd709d50e8ac9151448773a658
Reviewed-on: https://code.wireshark.org/review/23884
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Protobuf dissector supports the almost all basic protobuf types of
varint, sint, string, and so on.
2. Protobuf messages are not self-described protocol, for example,
varint in protobuf may be int32, int64, uint32, uint64, sint32,
sint64, bool or enum. Currently dissector will dissect field without
detail definition in common way, for numeric field it show uint32 or
uint64, for length-delimited field it just show as bytes. But user
turn the try_dissect_all_length_delimited_field_as_string or
show_all_possible_field_types options on, that dissect will show all
possible value for each field according to wire type. (for example,
a numeric field will parsed in int32, uint32, sint32, sint64 and so
on).
Ping-Bug: 13932
Change-Id: Idfe49307b1c84fe461603756f75daeb3e410a905
Reviewed-on: https://code.wireshark.org/review/23814
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
filter.
Change-Id: Idcfa53d1db9e9f7b5501ca92592fb0fa0790ffe9
Reviewed-on: https://code.wireshark.org/review/23873
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
FI_BITS_XXX were using bits 5-15 of the field_info->flags bitmask.
Move FI_VARINT to be outside of that range.
Change-Id: I92efcb5644cdbb562537d2813b611e583315874b
Reviewed-on: https://code.wireshark.org/review/23871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9e0314ae2e975a1c50cfaf2b00e469ad7f640357
Reviewed-on: https://code.wireshark.org/review/23866
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make string mapping for UC_RDMA_WRITE_MIDDLE consistent with
all other mappings in the OpCodeMap table.
Remove extra blank lines in the OpCodeMap table.
Change-Id: Ifb3e242a89458103f3db3b5718d5d939dffb6dae
Reviewed-on: https://code.wireshark.org/review/23867
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Let's perform the check before potentially breaking the loop.
While we are at it, let's update the test to remove the last layer so as to
match the one used to add it.
Change-Id: I5807219de75c4e2c23b9435d6271ad60aec45783
Reviewed-on: https://code.wireshark.org/review/23844
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the chunk_size to the offset to get the correct write list
count, this issue was introduced by the fix for Bug: 13558
Change-Id: I306a9c0c9d601f7bdf4cc0e49eacd5466a6adb89
Reviewed-on: https://code.wireshark.org/review/23851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. fix returing new offset value
dissect_grpc_message() is called with the offset to the message that
needs to be parsed and returns new offset (e.g. offset to the next
message in stream).
Before this change length of the parsed message (including 5 bytes
header) were returned which was incorrect and may lead to infinite
loops.
2. fix reported length in case of invalid packet
3. fix typo in comment: "streaam"
Change-Id: I577cdcc0203a87122a4d8d8c660f43295609e8aa
Signed-off-by: Vladimir Rutsky <rutsky@google.com>
Reviewed-on: https://code.wireshark.org/review/23843
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Switch the file_data handling to use the captured length. In a test
capture here this lets us call the GIF dissector in a truncated packet.
Fixup a variable type and some whitespace.
Change-Id: I21b64519ad84f730e1412115035125c2bf1f361c
Reviewed-on: https://code.wireshark.org/review/23838
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 24384 is at indices 72 (DF.EIA/TIA-533) and 78 (DF.WLAN))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28421 is at indices 31 (EF.LP) and 80 (EF.LI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28472 is at indices 37 (EF.SST) and 89 (EF.USI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28481 is at indices 41 (EF.PUCT) and 96 (EF.PUCI))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28489 is at indices 23 (EF.SDN) and 103 (EF.SIN))
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28494 is at indices 28 (EF.EXT4) and 107 (EF.EXT5)
Field 'File ID' (gsm_sim.file_id) has a conflicting entry in its value_string: 28495 is at indices 29 (EF.ECCP) and 108 (EF.CCP2))
Change-Id: I4bde0cc644131e9b088fca07837fa1b909f30f44
Reviewed-on: https://code.wireshark.org/review/21381
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added new user preference 'restore_filter_after_following_stream',
defaults to false.
When true, the current display filter is restored after following a stream.
Change-Id: I153107761003658c6d7f1464711da7b3adeb60a8
Reviewed-on: https://code.wireshark.org/review/22455
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In TLS 1.2, the "certificate_status" extension in the CH would result in
a response in the CertificateStatus handshake message. In TLS 1.3, the
response appears in a SH extension instead. Refactor the code to use
ssl_add_vector and hook it up with SH extensions dissection.
Do not stop dissection on a non-empty Responder ID list. Remove
misleading "CertificateStatus" tree item, it only covered the
"OCSPResponse" vector, now its two children (just OCSP Response Length
and the OCSP Response tree) are displayed directly.
Enable DTLS support, the spec does not forbid it and there is a user:
https://mta.openssl.org/pipermail/openssl-users/2016-August/004306.html
Tested with tls-sct.pcap (bug 13372) which now shows one tree item less
and tls13-18-cert-sct-ocsp.pcap (bug 12779) which now dissects the OCSP
response in the Certificate Extensions.
Change-Id: I2ccde84cb1e3bcb1bc47676eadc5cb542248cd92
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/23819
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5e42ceb5013a9ec629845953051cdeaf8b94112d
Reviewed-on: https://code.wireshark.org/review/23821
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since draft -17, SCT has moved from EE to Certificate extensions.
Decryption failed for a boringssl test suite capture because it tests
with an unknown version and a small SerializedSCT which resulted in a
malformed packet exception. Ignore the SCT following RFC 6962, sect 3.3.
Change-Id: I894d51447f28ca121ea7f3fcef2b711a0debc1fb
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/23818
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14091
Change-Id: Ic8d37e29f02dc9751c60e827aa773d915cabc088
Reviewed-on: https://code.wireshark.org/review/23802
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Increase number of subtrees for PublishEventLog so we can dissect
the 100 event logs that are specified as the maximum
in the Great Britain Companion Specification (GBCS).
Change-Id: I23b1729abd58168772e1937e1f52552fab2187a7
Reviewed-on: https://code.wireshark.org/review/23782
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In cases with missing frames, frames with incorrect CRC or unknown
direction it must be possible to turn off detecting retransmissions.
Change-Id: Ia5a1194004f768986b939b4195a21c6e7a2ac4c8
Reviewed-on: https://code.wireshark.org/review/23803
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Refactors the ES output to use hash tables and lists in preparation
of deduplicating fields. ES 5.x allows those, but will only store
the last instance and discard any other without warning.
ES 6.x altogether refuses to accept documents containing
duplicate fields.
This change should not change the output of Tshark in any way.
A subsequent change will introduce the actual deduplication.
Bug: 12958
Change-Id: I329ef0878e33b42d65a53bcac977429d87cde3ca
Reviewed-on: https://code.wireshark.org/review/23042
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds support for the SolarEdge inverter monitoring protocol. Based on the work
done by https://github.com/jbuehl/solaredge
bug: 14079
Change-Id: Ia0102c057e4cd27c187b01c7fd28053678f22727
Reviewed-on: https://code.wireshark.org/review/23653
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note that FACH 1 and FACH 2 are official terms as documented in TS 25.944
Change-Id: I1afbd99d5603df442dce903ad08ba071961f0586
Reviewed-on: https://code.wireshark.org/review/23785
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
... not to be confused with "machine-to-machine".
M2M seems to be a simple Wimax encapsulation protocol developed by Intel.
It's not documented publicly anywhere that I can find. The boilerplate to
code ratio is huge and it even includes a complete source file from the Wimax
dissector (yuck). Put it in the Wimax plugin instead.
Minor version number bump for wimax plugin.
Change-Id: I2694339dfe89be334093b257a5b34d1577f4dc20
Reviewed-on: https://code.wireshark.org/review/23790
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
a= b; looks a bit strange. Replace such assignments with a = b;
Change-Id: I09534e0201906490daeb5cd35c55df00e139cf30
Reviewed-on: https://code.wireshark.org/review/23800
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Generally, the average is calculated as node->total / node->count.
The curent code does not handle the case where we compare two nodes
and both have count == 0. It defines one of the nodes to be bigger.
This triggers (at least on Windows) an assertion about invalid operator<.
To fix this, we define average = 0 for a node with count == 0.
We can then simply compare the two averages.
Change-Id: Ie7d9cd590deddcdb9214c4a2693c2eb47c66b287
Reviewed-on: https://code.wireshark.org/review/23799
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For both autotools and cmake, the top-level source directory is always
part of the search path for include files. For include files in this
directory, we can simply use the file name. There's no need for a
relative path.
Change-Id: Ibf46265d91b5cb9bff4fa791e5b1d69ee3c1e165
Reviewed-on: https://code.wireshark.org/review/23798
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pascal Quantin