TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For optional tags that act as a boolean, their presence is sufficient
and not need to set a value after them.
Change-Id: I3b4a6bbbdacf1a008e8df90a20c4eede4b0db1bd
Reviewed-on: https://code.wireshark.org/review/27095
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If the calculated packet length in the header is bigger than the actual
packet length value from the header, reject the packet.
Change-Id: I86cb24c66ee0d6fd2ed6f9240d44c1adc5f0bf91
Reviewed-on: https://code.wireshark.org/review/27087
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It reads better, at least to me.
Change-Id: I4b11449ea32d77e95bfbc54029b7afed7ea17c64
Reviewed-on: https://code.wireshark.org/review/27081
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The radiotap HE-MU header is being completely reworked and likely expanded
in size. There are likely very few captures at the moment with such radiotap
headers. Rather than ripping the code out and seeing problems in the future
I have attempted to warn people who encounter such captures that they need
to upgrade. The standard will settle out soon.
Change-Id: I69eea20e2e65197a837a48706f9bcdddbbe42a63
Reviewed-on: https://code.wireshark.org/review/26995
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The command ID was passing the value of the cmd_id instead of the
encoding for the proto_tree_add_item. This caused an issue with the
color control cluster where it wasn't parsing the command ID properly.
Change-Id: Iee42031146e37bb96182f765e79de47f6e4b5a04
Reviewed-on: https://code.wireshark.org/review/27064
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This puts more distance between the caller and the underlying
library. At the moment we're using libjsmn, but other libraries
(like json-glib) could be used.
Change-Id: I1431424a998fc8188ad47b71d6d95afdc92a3f9e
Reviewed-on: https://code.wireshark.org/review/27055
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For a value_string_ext, the values must be in numerical order.
Change-Id: I43063b59a8c15d7d1fcdca07d4ae9fd89917427d
Reviewed-on: https://code.wireshark.org/review/27058
Reviewed-by: Guy Harris <guy@alum.mit.edu>
../epan/tvbuff.c: In function 'tvb_new_octet_aligned':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end_unquoted':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
Change-Id: Iba9fe31ac5fcf604d65bbf3bceef0c09004c1b6c
Reviewed-on: https://code.wireshark.org/review/27050
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Draft 11 swapped the Connection ID field with version in long packet.
CIDs are split into two and can now become up to 18 bytes. The column
will now display "DCID=1234" (or "SCID=1234" instead of "CID: 0x1234").
Recognize new short header flags, but maintain draft -10 dissection.
The VN and Long Header packet share much more common fields now, so pull
out some code from Long Header packets dissection.
Drop "LH", "SH" (can be inferred from other information) and
unabbreviate "VN" for columns.
Bug: 13881
Change-Id: Ifabd8f09f388f0c4c6afe78d939c1cff6b5f161b
Reviewed-on: https://code.wireshark.org/review/27009
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "contained length" to tvbuffs. For non-subset tvbuffs, that's the
same as the reported length. For a subset tvbuff, that's the amount of
the reported data that was actually present in the "contained data" of
the parent tvbuff.
This is unaffected by the *captured* length of any tvbuff; that differs
from the contained length only if the capture was cut short by a
snapshot length.
If a reference is within the reported data, but not within the contained
data, a ContainedBoundsError exception is thrown. This exception
represents a protocol error, rather than a reference past the captured
data in the packet; we treat it as such.
Change-Id: Ide87f81238eaeb89b3093f54a87bf7f715485af5
Reviewed-on: https://code.wireshark.org/review/27039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We no longer have TVBUFF_ values corresponding to different types of
tvbuff; we have, instead, a set of method pointers for the different
types. Refer to the types by name, rather than by TVBUFF_ value.
Expand the description of some fields in the tvbuff structure.
Change-Id: I38b5281df247ddd66b4e39abfc129053a012d241
Reviewed-on: https://code.wireshark.org/review/27036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
[packet-ber.c:2687]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-erf.c:2475]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-fmp.c:378]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-http2.c:2050]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-obd-ii.c:643]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-yami.c:244]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
Change-Id: Ie71f9f7c8f863d1e9c693bd56444f00bdad48042
Reviewed-on: https://code.wireshark.org/review/27019
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
JSON-GLIB depends on GObject. To avoid "undefined reference to
'g_object_unref'" with the gold linker, include gobject directly.
As the files are included with the GLib package, adjust FindGLIB2.cmake.
Change-Id: I007d30b89cc07d8746cee6b619832a722f086105
Fixes: v2.9.0rc0-201-g511c2e166a ("tshark: add -G elastic-mapping report.")
Reviewed-on: https://code.wireshark.org/review/27007
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the option length is >= 2, so that it's long enough to include the
code and length, always put it into the protocol tree, even if the
length is invalid. If the length is invalid, attach an expert info item
to the length field, rather than putting it into a top-level item of its
own.
Use a length of -1 for the top-level item for an option, rather than
what the length is supposed to be; that way, we don't throw an exception
if the option is too short - we just attach the aforementioned expert
info item to the length.
Change-Id: If2d987fa10739a7da28ca2c39515bfdf50da6ef9
Reviewed-on: https://code.wireshark.org/review/27018
Reviewed-by: Guy Harris <guy@alum.mit.edu>