Add TLS 1.3 tests that verify decryption of handshake, application and
early data. Add another test that shows that early data is properly
skipped. This completes TLS 1.3 (RFC 8446) decryption support.
The trace was created using boringssl c4131a4a23a1.
Bug: 12779
Change-Id: Iddd266ecd3f428c95aa3f69616ce55e75d4ccca0
Reviewed-on: https://code.wireshark.org/review/29170
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When early data is present but undecryptable (due to lack of keys), it
should not result in incrementing the sequence number or the following
application data from the client will fail to decrypt.
Change-Id: I8016a30508d96c14cbd6a3b9c4af1591a6c437c3
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/29169
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The Remarks section in WaitForMultipleObjects describes what kind of
handles the function can wait for. Pipe handles are not listed there.
The problem was introduced in c18459e66e
While it might be possible to setup overlapped reads on the pipe handles
and then wait on overlapped events, it would result in quite complex
code. As a tradeoff, simply keep peeking at the pipes every 100 ms.
Change-Id: I6ba4f4bf4c1d2af856027cca36ffd6d4f7f49f36
Bug: 14657
Reviewed-on: https://code.wireshark.org/review/29163
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The code was decoding IB_SG_DATA according to Encoding Variant 1.
Added parsing of the second variant and a preference to let the user choose
between the two.
Bug: 15054
Change-Id: I45efcb84c48d599b46037488792dbc5dad97ebd1
Reviewed-on: https://code.wireshark.org/review/29018
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now in alphabetical order
Change-Id: I28d863fc176518a2c26c417257f657f9d888ceb7
Reviewed-on: https://code.wireshark.org/review/29156
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for the TDS_MSG token, used in TDS 5.0.
This requires support for TDS_PARAMS and TDS_PARAMFMT
tokens in the response stream as well as the request
stream. Add support for the TDS 5.0 LONGBINARY type.
Change-Id: I49b70f8b03881767283fcc41610517a08ee7c4e7
Reviewed-on: https://code.wireshark.org/review/29160
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On Windows the code calling extcap worked as follows:
1. Create stdout and stderr pipes with default buffer size
2. Execute extcap redirecting output to the pipes
3. Wait for extcap process to exit
4. Read the data from stdout pipe
This resulted in deadlock when the extcap wrote more data than the pipe
could buffer. This was especially seen with USBPcap as it is quite
normal to have plenty of USB devices connected.
Fix the issue by contantly reading the stdout data and storing it in
GString. To prevent similar deadlock on the stderr, the stderr data is
being constantly monitored as well (and discarded).
Change-Id: I0f93e6d79617cef0e828aef2b96fad2757227923
Bug: 14657
Reviewed-on: https://code.wireshark.org/review/29159
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
According to RFC 3278 / RFC 5753 and RFC 3370 / RFC 5911
Renaming where RFCs differ (e.g. id-alg-des-ede3-cbc to des-ede3-cbc)
Change-Id: Ib221136c6a64cc6dd5dac8b4b5e7baa5aae47a9c
Reviewed-on: https://code.wireshark.org/review/29157
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Display correct temperature unit for the Temperature Measurement Value.
Bug: 15058
Change-Id: I310c2fabfb1a824cb84f6f4182e881d7a22495cb
Reviewed-on: https://code.wireshark.org/review/29139
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFCs 2459 / 5280 define the name for Authority Information Access as
id-pe-authorityInfoAccess, and the sequence as AuthorityInfoAccessSyntax. This
was mixed up - fixed.
Adding related "Access Description" OID names id-ad-caIssuers and id-ad-ocsp
from RFCs 2459 / 5280.
Example certificate containing this extension and access descriptions e.g. used
by https://www.google.com
Change-Id: Ic6881531a2f6d8e318e8d3a47bcb1f7ea38e5236
Reviewed-on: https://code.wireshark.org/review/29138
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allocate the exp_pdu_data using the wmem_packet_scope allocator so the
epan_dissect_run_with_taps will free it after calling all registered tap
listeners.
valgrind --tool=memcheck --leak-check=full ./run/tshark -r sctp.pcap -U "OSI layer 3" -w exported.pcap
32 bytes in 1 blocks are definitely lost in loss record 48 of 76
at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
by 0xB3FC3C5: g_malloc (gmem.c:99)
by 0x68C2BE1: export_pdu_create_tags (exported_pdu.c:251)
by 0x68C2D5E: export_pdu_create_common_tags (exported_pdu.c:231)
by 0x70AA54E: create_exp_pdu_proto_name (packet-sctp.c:3240)
by 0x70AA54E: export_sctp_data_chunk.part.23 (packet-sctp.c:3268)
by 0x70AB76B: export_sctp_data_chunk (packet-sctp.c:3256)
by 0x70AB76B: dissect_data_chunk (packet-sctp.c:3509)
Change-Id: I6e247ab2861bbb053f0958faf253913b28dbcbeb
Reviewed-on: https://code.wireshark.org/review/29126
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The RFC was posted in the Radiotap mailing list.
Change-Id: I8ddb1cd474d05c94d1b5a51eb5e16d548a313a86
Reviewed-on: https://code.wireshark.org/review/28923
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
This will let val_to_str_const() choose the given 'unknown_str'
instead of always showing 'SSL' when the version is unknown.
This is relevant for DTLS when only having a 'Client Hello' packet.
Change-Id: I3931460e70278241aee0b7782025bc7bfd9bf93d
Reviewed-on: https://code.wireshark.org/review/29118
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Target Wake Time has been added 11ah but is enhanced in 11ax.
Start to implement the parsing of TWT elements based on
ieee80211ax/D3.0
Since TWT is defined in 11ah, it uses the S1G (sub 1 Giga Hertz)
Action Frame Category. Add the boiler plate code to parse those.
An S1G Action frame can have different actions, add them all,
but only parse TWT teardown for now, the other TWT actions will
come later.
Ping-Bug: 15009
Change-Id: Id645a666d06658dbdc6cb460c79b38a65ad2ae81
Reviewed-on: https://code.wireshark.org/review/28829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Based on an idea from David M. Lloyd, let subdissectors register
themselves with the HTTP dissector based on the Upgrade header instead
of the other way round.
Tested with SSTP (bug 82390), WebSocket (bug 13889), HTTP2 PRI without
Upgrade (bug 11331), h2c (from HTTP2 wiki), spdy/3.1 (bug 12874).
Change-Id: I1425b7119d4d85e626032408504fc2c6b2f2eeb8
Reviewed-on: https://code.wireshark.org/review/29112
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
After a HTTP upgrade, some data may already follow the headers. Be sure
to dissect this. Tested with a SSTP capture (bug 8239), HTTP proxy
capture (bug 15043), no regressions were found. WebSocket traffic from
the attached bug is now properly dissected.
Bug: 13889
Change-Id: Icc32871b4ebb2520769cb17505517d9d11543684
Reviewed-on: https://code.wireshark.org/review/29111
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The very first message after a 200 OK response to a CONNECT request
likely originates from the client. So assume that this destination is
actually the server.
This reduces the probability of address and port collisions. Previously
the proxy port (e.g. 3128) and server port (443) identified each
conversation, now it will use the client and server port instead.
Bug: 15043
Change-Id: Ib73f370334873efd773ac6b49e2db57146bc20b0
Fixes: v2.9.0rc0-1420-g2f126db3fe ("HTTP: set correct server port for tunnels")
Reviewed-on: https://code.wireshark.org/review/29110
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The SSTP capture from bug 8239 failed to be recognized as SSTP. Its
large Content-Length was parsed as -1 which triggered reassembly due to
tvb_bytes_exist returning FALSE for negative lengths.
Test:
# Expect 'SSTP_DUPLEX_POST /' in the output of:
tshark -r sstp.pcapng -ossl.keys_list:localhost,443,http,sstp.pem, -Y frame.number==174 -Px
Change-Id: I40afaff8554f34f24e09bab184121ced59045954
Fixes: v2.9.0rc0-531-gd80acae40d ("tvbuff: make tvb_bytes_exist fail with negative values")
Reviewed-on: https://code.wireshark.org/review/29109
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
capture_opts_add_iface_opt(), when called in a program acting as a
capture child, will fetch the description for the interface, and will
also generate a "display name" for the interface.
In the process, we clean up capture_opts_add_iface_opt() a bit,
combining duplicate code.
We rename console_display_name to just display_name, as it may also be
used in the title bar of Wireshark when capturing.
Change-Id: Ifd18955bb3cb41df4c0ed4362d4854068c825b96
Reviewed-on: https://code.wireshark.org/review/29117
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's only used there, so move it there.
Change-Id: I68472150e020ba94166782e3e4c08cba94c0f9ee
Reviewed-on: https://code.wireshark.org/review/29114
Reviewed-by: Guy Harris <guy@alum.mit.edu>
remove a space before comma
Change-Id: Ib8ca547d054aa1672557044efc35e865923ffce5
Reviewed-on: https://code.wireshark.org/review/29053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't put identical code in both arms of a conditional - move it out of
the conditional.
Doing that with one line of code means that the conditional is now
*itself* duplicated in both arms of a conditional, so move it out, too.
Change-Id: I07c1d00e7d0053684aa2ef74b460eb008b145015
Reviewed-on: https://code.wireshark.org/review/29093
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rename some of the columns - IFTREE_COL_NAME is the interface name,
IFTREE_COL_DESCRIPTION is the description/friendly name, and a new
IFTREE_COL_DISPLAY_NAME column is the display name (which may include
both the description and the interface name). Rename
IFTREE_COL_INTERFACE_COMMENT to just IFTREE_COL_COMMENT - there's no
*other* type of comment, and "IF" is short for "interface".
In the interface frame, use IFTREE_COL_DISPLAY_NAME, as that's the only
column that shows both and thus has something for all interfaces.
In the "Manage interfaces" dialog, put the description before the
interface name, as it was in earlier versions.
Change-Id: If0d959dcd4ca99913c941df00621da3c478233f6
Reviewed-on: https://code.wireshark.org/review/29090
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't show the display name, as that may include either the interface
name, which is already in another column, or the column comment, which
is also already in another column.
Change-Id: I12f81d9e4579b82267062bb5e4e745925ed382b7
Reviewed-on: https://code.wireshark.org/review/29087
Reviewed-by: Guy Harris <guy@alum.mit.edu>