Allocate the root node in the same pool as the list itself, and make
that pool explicit so we can pass the pinfo scope instead of using the
global packet pool.
Fix support for IEEE 1722-2016 Annex J IP Encapsulation.
Dissect extra 4-octet encapsulation_sequence_num field that
is present when carried on UDP/IP. Perform rudimentary sequence
analysis with it. Fix#17389.
When written by hand, it’s difficult to have a fully functional
subdissector for a given command if the structures in it contain at lot
of fields and/or numerous level of sub-structures, making the definition
of all sub-structures mandatory before we have all sub-structures fully
defined before we can dissect anything.
This patch makes it easy not to defined some structure fields and let
the generic Thrift dissector handle them.
If you care only about some fields for your analysis or you have some
obsolete fields that may appear in your captures due to old client but
are no longer defined in the .thrift files, you can still write the sub-
dissector for your protocol just by omitting the obsolete field.
For example:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ &hf_tcustom_data_content, 3, TRUE, DE_THRIFT_T_STRUCT, &ett_tcustom_resource, { .members = tcustom_resource } },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
could become:
static const thrift_member_t tcustom_data[] = {
{ &hf_tcustom_data_id, 1, TRUE, DE_THRIFT_T_I64, TMFILL },
{ &hf_tcustom_data_name, 2, TRUE, DE_THRIFT_T_BINARY, TMUTF8 },
{ NULL, 3, TRUE, DE_THRIFT_T_GENERIC, TMFILL },
{ NULL, 0, FALSE, DE_THRIFT_T_STOP, TMFILL }
};
and avoid the need to define the extremely complex "resource" struct.
In this case, the structured data would be dissected by the generic
dissector while keeping the possibility for the user to filter on the
resource id or name.
wblock->internal is not initialized on pcapng_read_custom_block function
pcapng.c:3747:9: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
This patch adds support to SOME/IP to be dissected on top of DTLS. This
can be used via the Decode As feature of Wireshark.
This extends the existing support for DTLS.
Add an expert info for more protocol issues:
- Thrift protocol exceptions.
- Thrift application exceptions.
- Negative field id that are now prohibited in new interfaces.
- Out-of-order field ids (not prohibited but unusual).
packet-erldp.c:403:13: warning: Although the value stored to 'buf_ptr' is used in the enclosing expression, the value is never actually read from 'buf_ptr' [deadcode.DeadStores]
packet-erldp.c:922:9: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-erldp.c:928:7: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-json.c:365:7: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:371:7: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:383:8: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-json.c:389:8: warning: Value stored to 'is_valid_unicode_character' is never read [deadcode.DeadStores]
packet-rdp.c:1600:3: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-rdp.c:1614:3: warning: Value stored to 'offset' is never read [deadcode.DeadStores]
packet-thrift.c:1382:17: warning: Value stored to 'len_pi' is never read [deadcode.DeadStores]
packet-thrift.c:1388:9: warning: Value stored to 'len_pi' is never read [deadcode.DeadStores]
proto.c:6480:19: warning: Although the value stored to 'hf_str_val' is used in the enclosing expression, the value is never actually read from 'hf_str_val' [deadcode.DeadStores]
proto.c:6524:19: warning: Although the value stored to 'hf_str_val' is used in the enclosing expression, the value is never actually read from 'hf_str_val' [deadcode.DeadStores]
dpauxmon.c:290:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:432:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:437:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
dpauxmon.c:443:7: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err' [deadcode.DeadStores]
nettrace_3gpp_32_423.c:256:2: warning: Value stored to 'prev_pos' is never read [deadcode.DeadStores]
nettrace_3gpp_32_423.c:295:2: warning: Value stored to 'next_msg_pos' is never read [deadcode.DeadStores]
nettrace_3gpp_32_423.c:487:4: warning: Value stored to 'port_type_defined' is never read [deadcode.DeadStores]
display on CI build, the text output (and not xml)
store all cppcheck output files on cppcheck folder
(you need to launch cppcheck twice for generate txt and xml)
According to IEEE 802.15.4-2020 Section 7.3.5.1 Destination PAN ID field is
present when PAN ID Present bit is set. Therefore we should check for the bit.
Fixes: wireshark/wireshark#17496
The transport feedback definition, from
(https://datatracker.ietf.org/doc/html/draft-holmer-rmcat-transport-wide-cc-extensions-01#section-3.1)
has the third bit as the padding bit (as any RTCP feedback message). However,
the transport feedback dissector was consuming the padding (if present),
leaving the outer RTCP dissector with a padding bit set, but no padding to
analyze/show. That resulted in a "Malformed packet" error.
With this patch, any padding that is consumed in the transport feedback
dissection clears the outer padding bit set, leaving the RTCP dissector happy.
Evan Huus