Use proto_tree_add_item() for the timestamp, there's no need to extract
the time manually.
Remove the unnecessary if (tree) check.
Call proto_tree_add_item_ret_uint() to read the value and add it to the
tree in one go.
Change-Id: Ibce3a5c83c260e46c4bd6ebf957e300fd345ed8a
Reviewed-on: https://code.wireshark.org/review/36765
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use content-type property to decode message.
Lookup Topic using topic-alias property mapping from the first Publish
message if this is used by the sender. Add an expert info note when
a lookup fails.
MQTT-4.7.3-1 defines that all Topic Names and Topic Filters MUST be
at least one character long. Add an expert info warning for this.
Change-Id: I5b27a72462a7c80b200ec065e5aed167cf36a3a8
Reviewed-on: https://code.wireshark.org/review/36748
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently every URI that carries display information has that presented
as the same field. This makes specific filtering difficult.
This change introduces seperate fields for every URI type, while
preserving the common display info field as hidden item.
A display field has been introduced for every URI handled, whether or
not the field is described in an RFC. Practice learns that it may be
done anyway.
Bug: 16488
Change-Id: I15bf10e3fbdcce581a62182c205976a751c98c69
Reviewed-on: https://code.wireshark.org/review/36773
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handle the reserved bits in the LE channel map. The bits do not
represent the advertising channels, but are simply reserved.
Allow the dissector to set these bits as non-channel map related, which
is the case for Extended Advertising Sync Info.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345314
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36779
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
check_dissector_urls.py was written and used to
find URLs within epan/dissectors/*.c and try to
fetch them using 'requests'. Will be commmitted
separately.
Most of the changes were to adapt to reorganisation
of IETF or 3gpp2 links, but many of the broken links
are for websites or companies that no longer exist.
Change-Id: Ie9afdb95099218402a61626a0cd5193c6f781b96
Reviewed-on: https://code.wireshark.org/review/36769
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The initiator address field of the directed advertising PDU has been renamed
to target address in newer versions of the Bluetooth specification.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345313
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36778
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add channel index to the bluetooth dissector context.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345312
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36777
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wtap_read_bytes() returns TRUE on *success*, so if we're in the loop,
the last read succeeded, and no error code was supplied. When we *exit*
the loop, the read didn't succeed; check for the status then. If we got
a short read, we ran out of file data, so check the heuristics (even if
it's not an integral number of 2-byte blocks, treat it as a CAM
Inspector file - it might have gotten cut short); if we got a real read
error, report that to our caller.
Bug: 16458
Change-Id: Ia1e838006744dadbc2883459aec16d0d11b732e1
Reviewed-on: https://code.wireshark.org/review/36795
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
If it has none, we don't know what link-layer header type it has, nor do
we have a start time to use for time stamps.
If it has more than one, we don't know which one to believe.
Bug: 16459
Change-Id: I306ec45171f9de4643699a53a4d837f4f7750c69
Reviewed-on: https://code.wireshark.org/review/36791
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Rename packets names that has changed in the bluetooth core specification.
Requests have responses, indications have no response.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345310
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36775
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
pytest and `pycodestyle test/suite_*.py --select=W605` warned about it.
Change-Id: I015351d1c00d17aa9f04ab17abed00586ee09e89
Reviewed-on: https://code.wireshark.org/review/36771
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Don't give the first argument to CATCH7() a space after its comma; none
of the other CATCHn() arguments do.
Change-Id: I752d3329080b3bfba362adfff0cb2b0e2034be8b
Reviewed-on: https://code.wireshark.org/review/36768
Reviewed-by: Guy Harris <gharris@sonic.net>
Remove nested example tags from the dissection chapter, including and
unbalanced one. Mark our source blocks with [source,c].
Enable syntax highlighting in the Developer's and User's guides. This
isn't supported in the DocBook backend (which we use to generate the
HTML guides), but it is in the PDF backend.
Add a comment about failing on warnings when we generate our guides.
Change-Id: Ieee29fe75364ca23769aa997f90126e31b72cc8b
Reviewed-on: https://code.wireshark.org/review/36767
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
wtap_cleanup() clears options which are still in use by the time
cf_close calls wtap_close. Be sure to close the capture file first.
Bug: 16487
Change-Id: Id9ef1c0321865e9574b69439870a842efb2b209b
Fixes: v3.3.0rc0-853-g3662a69036 ("Maintain cf->state, because file cleanup depends on it.")
Reviewed-on: https://code.wireshark.org/review/36755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <gharris@sonic.net>
This workflow will test the several options available in cmake,
by not using the default value.
The workflow runs once a day, instead on push, to spot problems
that unlikely happen.
The compilation without pcap has been removed from other CIs,
since it is included in this one and that will spare CI cycles.
Change-Id: I796a1ac1879fe85c66d9518207c7053531204c11
Reviewed-on: https://code.wireshark.org/review/36608
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add checks for bad block lengths - either too short or not a multiple of
4. (Yes, the pcapng spec requires it to be a multiple of 4. And there
is at least one implementation that requires it.)
For various structures with a length field, create the top-level tree
field for the item with a "run to the end of the packet" length and,
once we're finished dissecting it, set the length to its actual value.
Fetch various field values using proto_tree_item_add_uint. Fix some
incorrect field types based on errors reported by that.
If an end-of-options option has a non-zero length, 1) don't treat it as
not an end-of-options option and 2) report an error on its length.
Change-Id: I72b2c065f3e3c76d5b71a1cd2ef3c1f497623266
Reviewed-on: https://code.wireshark.org/review/36746
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
In LwM2M TLV format a Float can be a 4 or 8 bytes floating point value.
Allocate a separate FT_DOUBLE header field to handle this.
Refactor common code between OMA and UAT defined resources.
Bug: 16485
Change-Id: I45fe782a32444215959951f0b202de360a3b24b8
Reviewed-on: https://code.wireshark.org/review/36724
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
There were a bunch of 4-space tab characters in the file, which is 1)
not the way UN*Xes work and 2) not what the modelines say; replace them
with 4 spaces, and further adjust some indentation.
Change the modelines to turn tab-to-space expansion on.
Change-Id: I7e22294e928ef95ab9f5d61f5d0e8abfe18cfb4e
Reviewed-on: https://code.wireshark.org/review/36738
Reviewed-by: Guy Harris <gharris@sonic.net>
The IEEE 802.3br dissector does good work figuring out when a frame is
preempted by another, in the same direction, and reassemble the continuation
into a proper Ethernet frame. But when, at the same time, a frame appears in
the other direction, not unheard of in a full duplex link, the reassembly is
thrown in turmoil.
This change makes the reassembly directionally aware, so that preemptions,
either way and even simultanious, can be distinguised as long as the
direction of the frame is known.
Bug: 16470
Change-Id: Ic99353c1b95238e0d63c4cd14cd454d09e3675cc
Reviewed-on: https://code.wireshark.org/review/36731
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Track our recursion depth in fAbstractSyntaxNType. It calls several
functions which in turn call it, which makes it easy to overflow the
stack.
Bug: 16474
Change-Id: Ibad29272f99449bfa13b7422692e20ba8a79e19c
Reviewed-on: https://code.wireshark.org/review/36725
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This automatically closes existing and new pull requests on GitHub once
the GitHub app is installed.
Change-Id: I98e2426ff8f974534d6bcec6ee446619319c08bb
Reviewed-on: https://code.wireshark.org/review/36719
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Educated guess on the part of Jeff Morriss as don't have
ready access to appropriate spec.
Change-Id: Ib6b7ed5911d3c219c61c43d41369af1e9e51d10c
Reviewed-on: https://code.wireshark.org/review/36728
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
On UN*X platforms, we now build the Wireshark shared libraries with
compiler and linker options that arrange that most symbols are "hidden",
and only those declared with WS_DLL_PUBLIC are exported from the
libraries, if such options are available.
Change-Id: Ie954f114046fe4af678672b12cea693ac9882ba1
Reviewed-on: https://code.wireshark.org/review/36726
Reviewed-by: Guy Harris <gharris@sonic.net>
At least with Qt 5.12 on Debian/testing the following needs to be changed:
- The temporary file name created for the endpoint map file needs to be
retrieved at least once when the file is open to be available later on.
- The temporary endpoint map file needs to remain on temporary storage
because the external presentation process (web browser) needs to have
access to it when it starts (asynchronously) and for as long as it needs.
Change-Id: I554110a5a3ffa48b44575b1cb45f5971baac5e9c
Reviewed-on: https://code.wireshark.org/review/36599
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new "RX Payload" and "TX Payload" data sources. The "RX Payload" can
be reconstructed from multiple low-level USB packets contents grouped
together into one URB.
Ping-Bug: 11743
Change-Id: Ia0bd23404ab48148f7aaced08d41725b43fbb046
Reviewed-on: https://code.wireshark.org/review/36694
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SOF Packet is always Broadcasted from Host
to all the Devices.
This patch also fixes a few indentation errors.
Ping-Bug: 15908
Change-Id: Iae0b82ea2bf0e7fb5d1a3fa9861fcebce178403a
Reviewed-on: https://code.wireshark.org/review/36652
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Exit straight away if the packet is not e100, don't wrap the
dissection code into a big if-statement.
Move all variable desclarations to the beginning of the function.
Remove unnecessary initializers for the variables.
Remove the pointless if (tree) check.
Remove the manual calculations for the timestamp, we can
use proto_tree_add_item() with ENC_TIME_SECS_USECS.
Use proto_tree_add_item_ret_uint() if we need the value of a field.
No functional change intended. I checked that this patch does not
change the output of
tshark -r E100_TestCap.pcap -Y e100 -V
(where E100_TestCap.pcap is the sample capture from bug 3195)
Change-Id: I533209906165beecec397cf9c1864e2b02429232
Reviewed-on: https://code.wireshark.org/review/36703
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are at least two problems with the previous implemenation:
- The odd/even indicator was not used when dissecting the digits and
an additional 0 was displayed when location number has odd number of
digits.
- For International Numbers the correct NA is 4 and not 3 (national) and
for national numbers an incorrect country code is displayed.
Change-Id: If5bb143642205eab762fbccae28f131af28d89c0
Reviewed-on: https://code.wireshark.org/review/36720
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcapng has been the compile-time default since 2011. If there are any
users who would like to use the libpcap format, then they should use
runtime options instead (e.g. `tshark -P` or `editcap -F pcap`).
Change-Id: I54b70368cdc3ca78bc8617bc488cc687740a1eb9
Reviewed-on: https://code.wireshark.org/review/36721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
In proto_tree_add_item_ret_time_string, we should return the result of
proto_tree_add_node directly like other similar functions.
Change-Id: I5f0cdc32ee3e69ecf3c62f1d56cb8278c91c9c45
Reviewed-on: https://code.wireshark.org/review/36716
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Check is enabled by #ifdef ENABLE_CHECK_FILTER
Remaining issues found by this check are fixed here,
along with a documentation note that the entries
are checked in order and the first match is used.
The only issue not yet fixed is in packet-isup.c,
where the spec was not available to me.
Change-Id: Ife747cda9b91a265bc2b81ce0a53f55f3389919e
Reviewed-on: https://code.wireshark.org/review/36708
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Commit 3398c2898d duplicated the '-i'
option in the synopsis. Remove this again.
Change-Id: I85fb78515910b11e9dff9b3aa876746b2ff11fa4
Reviewed-on: https://code.wireshark.org/review/36678
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Updated the displayed protocol information according the latest version
of the standard - IEEE Std C37.118.2-2011
Refactored phasors dissection for a more complete display of information
Change-Id: I03c477b02236d667401c9e883947de47ad776278
Reviewed-on: https://code.wireshark.org/review/36675
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Coverity Scan reports an out-of-bounds acccess on memcopy from addr1
of 802.11 mac header. This out-of-bounds access is a controlled access
knowing that addr2 and addr3 is located in memory right after addr1.
Type cast to a guint8 pointer to indicate that there's no fix length.
This should silent the Coverity Scan error reported.
Coverity CID 1460754
Change-Id: Ief2280f1b686deebf3aba74f19a5730c66d4d313
Reviewed-on: https://code.wireshark.org/review/36706
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This fixes a -Wused-but-marked-unused compiler warning.
Change-Id: I44a04e60020b392d4d2c700e157617938a6164db
Reviewed-on: https://code.wireshark.org/review/36704
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Kaiser