Python only creates the default argument once and reuses it for
further invocations. Instead, of mutating the default list,
set the default argument to be None and then create a
list, if needed. For more info, see
https://docs.python-guide.org/writing/gotchas/
This makes it easier to read logs where both the master
and slave initiate control procedures at the same time.
Retransmitted packets are not part of the request/response
tracing.
In order to perform the analysis, direction information must
be available.
The matching is implemented by storing control procedure contexts
for each direction for each connection object as each direction
may initiate its own procedure.
Limitations:
- When there is a control procedure violation where a device
initiates a new procedure before the previous is complete,
only the first procedure is traced.
It would be possible to create more advanced tracing by
storing a list of contexts per frame.
However, as this is anyways a specification violation, this
adds unnecessary complexity.
- Control procedures involving an instant are marked as completed
when the last frame is sent even though the control procedure
is completed when the instant is reached.
This is the best possible approach when the event counter is
not available.
Due to this limitation, we are not able to detect the control
procedure violation where a device initiates a new procedure
before the instant is reached.
The following control procedure violations are detected:
- Starting a control procedure before the previous is complete.
Control procedure violations where a new procedure is started
before the instant is reached is currently not detected.
That requires knowing the event counter.
- Control procedure packets that are not valid responses to an
existing ongoing control procedure.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
extcap_register_preferences is only called with the -G option
(to dump information) and extcap preferences are not loading,
loading it unconditionally avoids this, as it is done in the
GUI startup.
./tools/check_typed_item_calls.py --commits 1 | tee item_calls_check.txt
Examining:
epan/dissectors/packet-vnc.c
epan/dissectors/packet-vnc.c:1289 proto_tree_add_item called for hf_vnc_tight_tunnel_type - item type is FT_UINT8 but call has len 16
epan/dissectors/packet-vnc.c:1532 proto_tree_add_item called for hf_vnc_vencrypt_auth_type - item type is FT_UINT8 but call has len 4
epan/dissectors/packet-vnc.c:1545 proto_tree_add_item called for hf_vnc_vencrypt_auth_type - item type is FT_UINT8 but call has len 4
3 issues found
As explained here:
https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#tight-security-type
The capability consists of a code, a 4 byte vendor string and an 8 byte signature string
Try to fix
run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_pmk_r1'
run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_kdf'
run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_prf'
run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_pmk_r0'
run/libwireshark.so.0.0.0: undefined reference to `dot11decrypt_derive_ft_ptk'
This patch allows each configured parameter to be filtered and
therefore to be used in io graphs as well.
Fixes#17122
Be aware that this patch changes the format of:
- SOMEIP_parameter_list
- SOMEIP_parameter_arrays
- SOMEIP_parameter_structs
- SOMEIP_parameter_unions
Specification:
https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#vencrypt
Has been tested with tigervncserver / xtigervncviewer
with several security types and combinations:
/usr/bin/tigervncserver -SecurityTypes VncAuth
/usr/bin/tigervncserver -SecurityTypes TLSVnc
/usr/bin/tigervncserver -SecurityTypes X509Plain
/usr/bin/tigervncserver -SecurityTypes TLSVnc,VncAuth
IEEE 1733 uses a 32bit 802.1AS (gPTP) timestamp in RTCP. In order
to correlate these timestamps to the timestamps in 802.1AS the
following translation is needed:
ts_32 = (ts_s * 10^9 + ts_ns ) mod 2^32
This patch adds suport for this 32bit timestamp in order to allow
analysis of AVB with IEEE 1733 (RTP/RTCP).
Add event counter and event counter valid variables to the btle context.
This information has to come from the capture context, and the information
is useful to provide context information around LL control procedures with
instant.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
They're not used outside a block, so move them inside the block. Also,
they're set before they're used, so don't initialize them when they're
declared.
This should squelch some unreadVariable warnings from cppcheck.
No version of ISO C I can find (from C90 to C18) says anything more
about __LINE__ than that it's an "integer constant", with no indication
whether it's signed or unsigned (or whether it's int or long or long
long), so we just cast it to "unsigned int" and print it with %u, as it
would make Absolutely No Sense if it were negative.
This should squelch some invalidPrintfArgType_uint warnings from
cppcheck.
They're not used outside a block, so move them inside the block. Also,
they're set before they're used, so don't initialize them when they're
declared.
This should squelch some unreadVariable warnings from cppcheck.
The Dot11DecryptRsna4WHandshake has grown unreasonably large. Refactor
the function and break out some functionality into smaller utility
functions to make it easier to understand.
Add partial support for decrypting captures with connections
established using FT-EAP. To support deriving keys for FT-EAP
the MSK is needed. This change adds MSK as a valid IEEE 802.11
protocol input key type preference as well.
Note that FT-EAP support comes with the following imitations:
- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.
To increase readability of IEs used with Fast BSS Transition
dissect FTE and MDE fields with flags and subtrees.
- FT element count is part of MIC control element.
- FT over DS is part of FT capability and Policy field.
- Resource Request Protocol Capability is part of FT
capability and Policy field.
- Dissect FT subelements with a separate subtree.
Change-Id: Id9bea07234c3314991a75781c59321faa600a0f6
Add partial support for decrypting captures with connections
established using FT BSS Transition (IEEE 802.11r).
FT BSS Transition decryption comes with the following limitations:
- Only FT-PSK is supported.
- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.
Break out the PRF and KDF functionality from the PMK to PTK
derivation functions and make them separate utility functions
implemented as defined in the IEEE 802.11 standard.
This change is done in preparation for supporting additional
AKMS where the key derivation functions can be reused to derive
other type of keys.
Do not use FT_IPV6 as an interface identifier could be wrongly identified
as an IPv4-Compatible IPv6 Address format by inet_ntop() and displayed
as such.
Do not use FT_IPV6 as an interface identifier could be wrongly identified
as an IPv4-Compatible IPv6 Address format by inet_ntop() and displayed
as such.
They're not used outside a block, so move them inside the block. Also,
they're set before they're used, so don't initialize them when they're
declared.
This should squelch some unreadVariable warnings from cppcheck.
In dump_dfilter_macro_t(), if the dfilter_macro_t pointer is null, just
give up after printing the message that indicates that.
This should squelch several nullPointerRedundantCheck warnings from
cppcheck.
They're not used outside a block, so move them inside the block. Also,
they're set before they're used, so don't initialize them when they're
declared.
This should squelch some unreadVariable warnings from cppcheck.
Fix indentation of a line of code while we're at it.