When dissecting USBIP packets, the transfer type is not known for every
packet like when dissecting usbmon captures. This patch lifs the
transfer type for the endpoint in the device descriptor and stores it in
the conversation. If the per-packet transfer type is unknown for a
transfer, it tries the one from the descriptor instead. This enables
bulk/iso payload dissectors to work on USBIP packets too.
Change-Id: If0a3e4f3b9598f586fa460d0d07032d22e203122
Reviewed-on: https://code.wireshark.org/review/28412
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Experiment with a generic way of adding values to the parent tree
Change-Id: I50dc44da3cafac79a0ac100121c83f8d0ff28457
Reviewed-on: https://code.wireshark.org/review/28395
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
If we know the information that belongs there, we should fill it in.
Otherwise, we should just pass a null pointer, meaning "we don't know
what this information is", and we should check for the null pointer and
not check the information in question.
Bug: 14894
Change-Id: I4f5249855330db65242d8b6eb6b5bda3af3a1925
Reviewed-on: https://code.wireshark.org/review/28404
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ibe10f172a9758afd5d38a78e2613f97b04d9c8ee
Reviewed-on: https://code.wireshark.org/review/28371
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See https://tools.ietf.org/html/rfc3118#section-5.2 (Authentication for
DHCP Messages) for more details.
Sample DHCPv4 authentication .pcap file can be found at,
https://wiki.wireshark.org/SampleCaptures
Without this patch, Wireshark shows "Expert Info (Error/Protocol):
length isn't >= 31" error message in the Authentication section of the
packet dissection.
Change-Id: I2af5c7d18f0497a131b1d2dc50ee6e4708c34e28
Signed-off-by: Dhiru Kholia <dhiru.kholia@gmail.com>
Reviewed-on: https://code.wireshark.org/review/28360
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fix in the computation of CRC + little change in the dissector - now it
shows the fields SMD and FRAG_COUNT in the tree correctly
Bug: 14610
Change-Id: I74982ff836f02803843f6b44a0955a4b20f48e43
Reviewed-on: https://code.wireshark.org/review/28286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Multi-configuration generators (such as Xcode or VS) append the current build configuration to most paths (eg. Debug/Release). Currently this results in inconsistent paths for the application bundle and the included command line tools. This commit sets the correct path information for multi-configuration generators for macOS application bundles. The standard Makefile behaviour is untouched.
One Windows specific configuration was changed, as it was conflicting with these changes. This needs to be checked before merging.
Additionally the wrapper scripts are omitted for Xcode, as the path to the binaries depends on the configuration chosen in Xcode. Therefore it is not viable to create these scripts in the cmake run.
Bug: 11816
Change-Id: Ib43d82eb04600a0e2f2b020afb44b579ffc7a7c9
Reviewed-on: https://code.wireshark.org/review/28291
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously HTTP message bodies following a HEAD request in the same conversation
were not desegmented, resulting in spurious "Continuation" messages and failure
to reassemble HTTP bodies. Fix this by properly taking the current HTTP message
type (request or response) into account.
Bug: 14793
Change-Id: I1ffb052468cf414b73243447138466aca47db3e6
Reviewed-on: https://code.wireshark.org/review/28312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The tests assume an IPv4 address; check for IPv4 addresses. They're
always 4 octets long, so no need to check the length.
Change the XXX comment to ask whether the check for an IPv4 address is
even necessary.
Change-Id: Ic55d2c208d5472ec995aa0c150b09a2118f04a76
Reviewed-on: https://code.wireshark.org/review/28353
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to RFC1035 there are limitations on the maximum length of DNS
names. The maximum length in the code was defined as 1025, this commit
changes it to 255. Also a new macro is introduced which holds the
minimum length of a DNS name.
Bug: 14041
Change-Id: Ic63b332b2a357e33728df183c05ab0e222faf13f
Reviewed-on: https://code.wireshark.org/review/28309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mesh frames that are originated at the host where traffic is captured
may have no QoS header, as it is typically added by the wlan firmware.
The dissector was using a bit on that header to indicate the presence of
a Mesh Control Header, and so locally originated mesh frames were
incorrectly dissected.
When QoS header is missing, look ahead into the next header to determine
if a mesh control header is present.
Tested on mesh traffic captured on a monitor interface on ath10k.
Bug: 14629
Change-Id: I64169f9dea79518c8af802f045168180861e9081
Reviewed-on: https://code.wireshark.org/review/27156
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Add dissection of commands:
- LE Periodic Advertising Create Sync
- LE Periodic Advertising Terminate Sync
- LE Add Device To Periodic Advertiser List
- LE Remove Device From Periodic Advertiser List
- LE Write RF Path Compensation
- LE Set Privacy Mode
Add dissection of command complete events:
- LE Read Periodic Advertiser List Size
- LE Read Transmit Power
- LE Read RF Path Compensation
Misc:
- Corrected identity address type decoding in privacy
related commands
- Corrected PHY decoding in LE Set Ext Scan Parameter
and LE Ext Create Connection commands
- Added decoding of missing LE scan filter policy values
- Units added for time parameters where missing
Change-Id: I8d3fa4571f511df2e128877078609c8d112821dd
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/28302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add new dissector table that allows for registration of CIP Class 0/1 I/O
against CIP Class that was used in the Forward Open. CIP Safety is still
a special case that gets checked before this table. The default handling is
generic CIP Class 0/1 I/O.
2. Changed most I/O items labelled "ENIP" to "CIP I/O". ENIP is a separate
protocol/layer, and all the I/O traffic is actually CIP. It was very
confusing explaining to people they had to look at the wrong protocol
layer in Wireshark before.
3. Add the generic Class 0/1 I/O as a separate tree layer. CIP Motion and
CIP Safety I/O were already doing this.
4. Update CIP conversation filtering naming to be more accurate.
5. Clean up some offset handling
Change-Id: I1c226fe1bd8974ed0e90640c875bef21f15f3095
Reviewed-on: https://code.wireshark.org/review/28290
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It doesn't necessarily produce an FT_BYTES value any more.
Change-Id: I7bad1e328394a829400bd139c48a9538c4892818
Reviewed-on: https://code.wireshark.org/review/28318
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have charconst_to_bytes() take the desired type as an argument, and pass
it to dfilter_fvalue_from_unparsed().
Bug: 14084
Change-Id: I11db417311b9681b18c4a3fca2862b35837194d7
Reviewed-on: https://code.wireshark.org/review/28315
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The value of a string in single quotes in dfilter must fit into one
byte. The parser correctly parsed the beginning of the string,
however it didn't check whether there are more characters to parse.
Bug: 14084
Change-Id: Ifa2d7a31052b2c1020d84c42637b9b7afc57d8c0
Reviewed-on: https://code.wireshark.org/review/28298
Reviewed-by: Guy Harris <guy@alum.mit.edu>