Commit Graph

79731 Commits

Author SHA1 Message Date
Martin Mathieson aa78bb8546 tools/check_spelling.py: Fix args handling 2021-01-25 12:25:54 +00:00
Moshe Kaplan 748d63712e rdps.py: Use string equality for comparing strings
In Python, `is` is meant for checking object equality,
not string equality. For more info, see
https://docs.python.org/3/reference/expressions.html#is
2021-01-25 11:32:12 +00:00
Moshe Kaplan 31546ad35d check_tfs.py: Avoid duplicating list entries
Avoid duplicating list entries and modifying a list during
iteration.
2021-01-25 11:14:22 +00:00
Moshe Kaplan e69a20f5c8 check_spelling.py: Avoid duplicating list entries
Avoid duplicating list entries and modifying a list during
iteration.
2021-01-25 10:54:31 +00:00
Moshe Kaplan 009ce4b331 check_typed_item_calls.py: Avoid duplicating list entries
Avoid duplicating list entries and modifying a list during
iteration.
2021-01-25 10:08:45 +00:00
Moshe Kaplan 9592d3fee9 check_typed_item_calls.py: Avoid mutating default arguments
Python only creates the default argument once and reuses it for
further invocations. Instead, of mutating the default list,
set the default argument to be None and then create a
list, if needed. For more info, see
https://docs.python-guide.org/writing/gotchas/
2021-01-25 09:27:59 +00:00
Moshe Kaplan 5693ca8d50 packet-someip.c: Fix copy-paste error
Fixes Coverity 1472261
2021-01-24 19:56:30 +00:00
Rubin Gerritsen 0dab2494ca Bluetooth: Match control procedure requests with responses
This makes it easier to read logs where both the master
and slave initiate control procedures at the same time.
Retransmitted packets are not part of the request/response
tracing.

In order to perform the analysis, direction information must
be available.

The matching is implemented by storing control procedure contexts
for each direction for each connection object as each direction
may initiate its own procedure.

Limitations:
- When there is a control procedure violation where a device
  initiates a new procedure before the previous is complete,
  only the first procedure is traced.
  It would be possible to create more advanced tracing by
  storing a list of contexts per frame.
  However, as this is anyways a specification violation, this
  adds unnecessary complexity.
- Control procedures involving an instant are marked as completed
  when the last frame is sent even though the control procedure
  is completed when the instant is reached.
  This is the best possible approach when the event counter is
  not available.
  Due to this limitation, we are not able to detect the control
  procedure violation where a device initiates a new procedure
  before the instant is reached.

The following control procedure violations are detected:
- Starting a control procedure before the previous is complete.
  Control procedure violations where a new procedure is started
  before the instant is reached is currently not detected.
  That requires knowing the event counter.
- Control procedure packets that are not valid responses to an
  existing ongoing control procedure.

Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
2021-01-24 14:12:20 +01:00
Gerald Combs d50d075f88 [Automatic update for 2021-01-24]
Update manuf, services enterprise numbers, translations, and other items.
2021-01-24 09:48:31 +00:00
Fulko Hew bc530a355d Added dissector for TP-Link SmartHome protocol 2021-01-24 08:48:06 +00:00
Jim Young a7ad6c271f tshark: Fix typo in comment from ascci to ascii 2021-01-23 23:50:36 -05:00
Enrique Giraldo 506f1c650f tshark: Unconditionally call extcap_register_preferences
extcap_register_preferences is only called with the -G option
(to dump information) and extcap preferences are not loading,
loading it unconditionally avoids this, as it is done in the
GUI startup.
2021-01-24 02:32:22 +00:00
Stijn Last 9ba1053237 packet-vnc: resolve issues reported by check_typed_item_calls.py
./tools/check_typed_item_calls.py --commits 1 | tee item_calls_check.txt
Examining:
epan/dissectors/packet-vnc.c

epan/dissectors/packet-vnc.c:1289 proto_tree_add_item called for hf_vnc_tight_tunnel_type  -  item type is FT_UINT8 but call has len 16
epan/dissectors/packet-vnc.c:1532 proto_tree_add_item called for hf_vnc_vencrypt_auth_type  -  item type is FT_UINT8 but call has len 4
epan/dissectors/packet-vnc.c:1545 proto_tree_add_item called for hf_vnc_vencrypt_auth_type  -  item type is FT_UINT8 but call has len 4
3 issues found

As explained here:
https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#tight-security-type

The capability consists of a code, a 4 byte vendor string and an 8 byte signature string
2021-01-23 16:07:41 +00:00
Alex Nik b523ae8d74 added the description for Bluetooth devices windows 2021-01-23 07:45:00 +00:00
Vadim Yanitskiy 884158fd24 GSM A-bis/RSL: fix SRR bit dissection in L1 Information IE 2021-01-23 02:24:59 +01:00
Alex Nik c8115695fa description for the Bluetooth ATT server attributes menu 2021-01-22 22:25:35 +00:00
Gerald Combs c69553216e dot11decrypt: Try to fix builds with Libgcrypt < 1.6.0.
Try to fix

    run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_pmk_r1'
    run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_kdf'
    run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_prf'
    run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_pmk_r0'
    run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_ft_ptk'
2021-01-22 21:12:14 +00:00
Alex Nik 18013a8968 added the description for Bluetooth HCI Summary 2021-01-22 20:11:34 +00:00
Gerald Combs bb48a9da99 CMake: Fixup rpmbuild verbosity.
546dc0270c made things too quiet. Pass '-v' to rpmbuild if
CMAKE_VERBOSE_MAKEFILE is set. Don't pass '--quiet'.
2021-01-22 18:57:23 +00:00
Dr. Lars Völker c1527c5d22 SOME/IP: Adding support for filtering parameters
This patch allows each configured parameter to be filtered and
therefore to be used in io graphs as well.

Fixes #17122

Be aware that this patch changes the format of:
- SOMEIP_parameter_list
- SOMEIP_parameter_arrays
- SOMEIP_parameter_structs
- SOMEIP_parameter_unions
2021-01-22 15:11:20 +00:00
Alexis La Goutte 229148a168 ieee80211: Update Reduced Neighbor Report with 802.11ax (WiFi 6)
following tbtt length, there is some field (BSSID, Short SSID, BSS Parameters)
2021-01-22 14:50:26 +00:00
Alex Nik 483021004d added the DHCP statistics description
minor fixes
2021-01-22 14:44:37 +01:00
Stijn Last 9913b8647e packet-vnc: added support for VeNCrypt
Specification:
https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#vencrypt

Has been tested with tigervncserver / xtigervncviewer
with several security types and combinations:

/usr/bin/tigervncserver -SecurityTypes VncAuth
/usr/bin/tigervncserver -SecurityTypes TLSVnc
/usr/bin/tigervncserver -SecurityTypes X509Plain
/usr/bin/tigervncserver -SecurityTypes TLSVnc,VncAuth
2021-01-22 10:41:28 +00:00
Pascal Quantin 1b5df467b6 E1AP: use tcp_dissect_pdus() 2021-01-22 09:03:27 +00:00
Jason Cohen b297afee3e f5ethtrailer: fix low, legacy noise / FCS 0 start
This corrects 2 issues with the detection heuristic for f5ethtrailers
causing trailers to be missed.

Fixes #17171
Fixes #17172
2021-01-22 08:47:45 +00:00
Jaap Keuter d2a6ca780f WSDG: Add section on expert items 2021-01-22 07:36:28 +00:00
Jaap Keuter 13e04a2192 FC ELS: Fix address length of FCWWN address in logout message
Closes #17168
2021-01-21 20:23:58 +00:00
Anders Broman 4eb76c8ee8 E1AP: Dissect E1AP over TCP with a 4 byte length indication. 2021-01-21 16:08:10 +01:00
Dr. Lars Völker cb1bc50774 PTP: Adding support for 32bit timestamp
IEEE 1733 uses a 32bit 802.1AS (gPTP) timestamp in RTCP. In order
to correlate these timestamps to the timestamps in 802.1AS the
following translation is needed:
ts_32 = (ts_s * 10^9 + ts_ns ) mod 2^32

This patch adds suport for this 32bit timestamp in order to allow
analysis of AVB with IEEE 1733 (RTP/RTCP).
2021-01-21 08:34:52 +00:00
Dario Lombardo f7b0f9b2d4 tshark: prevent multiple -T.
Subsequent use of -T option infere to each other
creating strange option combinations. Multiple -T
are not supported, then prevent them.

Fix: #17139.
2021-01-21 07:57:37 +00:00
Joakim Andersson 8da6d6d1cc bluetooth: Add event counter and event counter valid to context
Add event counter and event counter valid variables to the btle context.
This information has to come from the capture context, and the information
is useful to provide context information around LL control procedures with
instant.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2021-01-21 07:22:47 +00:00
Guy Harris df53c21cab Move some variables inside the block where they're used.
They're not used outside a block, so move them inside the block.  Also,
they're set before they're used, so don't initialize them when they're
declared.

This should squelch some unreadVariable warnings from cppcheck.
2021-01-20 19:09:51 -08:00
Dr. Lars Völker 150d138a0d dot11crypt: Fixing bug that breaks build on Windows
Fixes: #17167
2021-01-20 22:15:32 +00:00
Guy Harris f9fc064255 Cast __LINE__ to unsigned int and print it with %u.
No version of ISO C I can find (from C90 to C18) says anything more
about __LINE__ than that it's an "integer constant", with no indication
whether it's signed or unsigned (or whether it's int or long or long
long), so we just cast it to "unsigned int" and print it with %u, as it
would make Absolutely No Sense if it were negative.

This should squelch some invalidPrintfArgType_uint warnings from
cppcheck.
2021-01-20 13:48:08 -08:00
Guy Harris d78d50d5a1 Move some variables inside the block where they're used.
They're not used outside a block, so move them inside the block.  Also,
they're set before they're used, so don't initialize them when they're
declared.

This should squelch some unreadVariable warnings from cppcheck.
2021-01-20 12:45:46 -08:00
Mikael Kanstrup 69aa20669c dot11decrypt: Refactor Dot11DecryptRsna4WHandshake function
The Dot11DecryptRsna4WHandshake has grown unreasonably large. Refactor
the function and break out some functionality into smaller utility
functions to make it easier to understand.
2021-01-20 16:10:12 +00:00
Mikael Kanstrup fbb9056d20 dot11decrypt: Add partial FT-EAP decryption support
Add partial support for decrypting captures with connections
established using FT-EAP. To support deriving keys for FT-EAP
the MSK is needed. This change adds MSK as a valid IEEE 802.11
protocol input key type preference as well.

Note that FT-EAP support comes with the following imitations:

- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.
2021-01-20 16:10:12 +00:00
Mikael Kanstrup 76932c250a ieee80211: Dissect FTE and MDE with flags and subtrees
To increase readability of IEs used with Fast BSS Transition
dissect FTE and MDE fields with flags and subtrees.

- FT element count is part of MIC control element.
- FT over DS is part of FT capability and Policy field.
- Resource Request Protocol Capability is part of FT
  capability and Policy field.
- Dissect FT subelements with a separate subtree.

Change-Id: Id9bea07234c3314991a75781c59321faa600a0f6
2021-01-20 16:10:12 +00:00
Mikael Kanstrup 2306cbddb9 dot11decrypt: Support decrypting FT initial mobility domain
Add partial support for decrypting captures with connections
established using FT BSS Transition (IEEE 802.11r).

FT BSS Transition decryption comes with the following limitations:

- Only FT-PSK is supported.
- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.
2021-01-20 16:10:12 +00:00
Mikael Kanstrup 75e90aa4e9 dot11decrypt: Create utility PRF and KDF derive functions
Break out the PRF and KDF functionality from the PMK to PTK
derivation functions and make them separate utility functions
implemented as defined in the IEEE 802.11 standard.

This change is done in preparation for supporting additional
AKMS where the key derivation functions can be reused to derive
other type of keys.
2021-01-20 16:10:12 +00:00
Mikael Kanstrup 8f8e87e384 dot11decrypt: Indentation using whitespace in dot11decrypt_util
Change from tab to whitespace in dot11decrypt_util source and header
files. Add modelines.
2021-01-20 16:10:12 +00:00
Pascal Quantin f64eddfd01 NAS 5GS: fix display of IPv6 interface identifier
Do not use FT_IPV6 as an interface identifier could be wrongly identified
as an IPv4-Compatible IPv6 Address format by inet_ntop() and displayed
as such.
2021-01-20 14:41:12 +01:00
Pascal Quantin b794e4798a NAS EPS: fix display of IPv6 interface identifier
Do not use FT_IPV6 as an interface identifier could be wrongly identified
as an IPv4-Compatible IPv6 Address format by inet_ntop() and displayed
as such.
2021-01-20 14:39:09 +01:00
Alexis La Goutte 3aa64fe819 ieee80211: Update Public Action
From 802.11-2016.pdf (Table 9-307)
2021-01-20 11:40:16 +00:00
Alexis La Goutte 476d2e81ff ieee80211: Add Reduced Neighbor Report (201)
From 802.11-2016.pdf

Close: #17096
2021-01-20 11:23:49 +00:00
Martin Mathieson 3019bc4efc MAC-LTE: Make main disection function static 2021-01-20 10:56:18 +00:00
Alexis La Goutte acf713313e ieee80211: Fix Environnement
When it is not outdoor or indoor environnement (only display hex value)

Close #16910
2021-01-20 10:28:07 +00:00
Guy Harris 5c71955270 Move some variables inside the block where they're used.
They're not used outside a block, so move them inside the block.  Also,
they're set before they're used, so don't initialize them when they're
declared.

This should squelch some unreadVariable warnings from cppcheck.
2021-01-20 01:34:17 -08:00
Guy Harris 05b9e53777 Don't dereference a known-to-be-null pointer.
In dump_dfilter_macro_t(), if the dfilter_macro_t pointer is null, just
give up after printing the message that indicates that.

This should squelch several nullPointerRedundantCheck warnings from
cppcheck.
2021-01-20 01:07:18 -08:00
Guy Harris 28d89773fb Move some variables inside the block where they're used.
They're not used outside a block, so move them inside the block.  Also,
they're set before they're used, so don't initialize them when they're
declared.

This should squelch some unreadVariable warnings from cppcheck.

Fix indentation of a line of code while we're at it.
2021-01-20 00:44:31 -08:00