Added an expert field warning the user if a PI bitmap was not found for a PCH frame.
Change-Id: Id9d0461f6528b767da0058eba844617e5bbb1d6e
Reviewed-on: https://code.wireshark.org/review/21972
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
1. Call "main" dissector from heuristic dissector so tcp_dissect_pdus
can be used.
2. Let tcp_dissect_pdus do its job and be the "loop logic"
3. Column API simplification
4. Use proto_tree_add_item_ret_uint
Change-Id: Ic53fd6b20daa8153cdf22f8aadf53dbdd24334bf
Reviewed-on: https://code.wireshark.org/review/21958
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Loading PEM and PKCS#11 keys was being done in static functions
in packet-ssl-utils.c. These were moved to wsutil, with prototypes
in a new <wsutil/rsa.h> header. This adds gnutls as optional
dependency to wsutil.
The RSA decryption helper was also moved and is now provided in
<wsutil/wsgcrypt.h>.
This allows more dissectors to access this functionality.
Change-Id: I6cfbbf5203f2881c82bad721747834ccd76e2033
Reviewed-on: https://code.wireshark.org/review/21941
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
XTEA is a 64-bit block Feistel cipher with a 128-bit key and a suggested
64 rounds. It's used by the MMORPG Tibia for encrypting game server traffic.
Usual XTEA treats the blocks as big-endian. Tibia treats them as little
endian, therefore both versions are provided.
Change-Id: I9ad0c8e066f848b20772ce4e1d3df19deff307b8
Reviewed-on: https://code.wireshark.org/review/21942
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
taken from the timing analysis done in the wlan_radio dissector. QT only.
The timeline background is light gray, white for packets displayed in the packetlist,
and blue for the currently selected packet. Packets are coloured according to the
colouring rules foreground colour. The timeline can be zoomed with controls on the
toolbar.
At higher zoom levels the duration (NAV) field is plotted as a horizontal line to the
right of a packet.
The height of a packet in the timeline is proportional to the RSSI.
The bottom half of the packet is only shown if it matches the display filter.
Todo:
Auto detect TSF timing reference point (start/end of packet)
Add a scrollbar
Add a ruler showing time
Improve handling of focus.
Do not display NAV for packets with bad FCS.
Show related packets graphically
Different Y axis modes
- bandwidth/channel use display
- different transmitters per line
- background color from coloring rules
Live capture support
Change-Id: Ic31fffb0d6854966361ade7abb5c0be50db9a247
Reviewed-on: https://code.wireshark.org/review/20043
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use WTAP_MAX_PACKET_SIZE_STANDARD, set to 256KB, for everything except
for D-Bus captures. Use WTAP_MAX_PACKET_SIZE_DBUS, set to 128MB, for
them, because that's the largest possible D-Bus message size. See
https://bugs.freedesktop.org/show_bug.cgi?id=100220
for an example of the problems caused by limiting the snapshot length to
256KB for D-Bus.
Have a snapshot length of 0 in a capture_file structure mean "there is
no snapshot length for the file"; we don't need the has_snap field in
that case, a value of 0 mean "no, we don't have a snapshot length".
In dumpcap, start out with a pipe buffer size of 2KB, and grow it as
necessary. When checking for a too-big packet from a pipe, check
against the appropriate maximum - 128MB for DLT_DBUS, 256KB for
everything else.
Change-Id: Ib2ce7a0cf37b971fbc0318024fd011e18add8b20
Reviewed-on: https://code.wireshark.org/review/21952
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bring some modernity to this dissector and use tcp_dissect_pdus. Also an excuse to
remove the conversation_set_dissector in the heuristic dissector which was generating
some false positives because the heuristic isn't that strong.
Bug: 12882
Change-Id: Ibb04fd4fbc819acd1dc96d6259b047c897ec2de6
Reviewed-on: https://code.wireshark.org/review/19125
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a TCP segment is small enough, dissectors that have a only a length
check determining if it's their packet or not before calling tcp_dissect_pdus
will throw out packets that are probably destined for them.
Change-Id: I78034307b56aa537943191a6887166577936a6a3
Reviewed-on: https://code.wireshark.org/review/21950
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a simple dissection function for DCE/RPC that just calls tcp_dissect_pdus
and doesn't do any heuristics checks. This can be used to handle cases
where TCP PDU is too small for DCE/RPC heuristics checks and user
knows the data is DCE/RPC and can set it through Decode As.
Bug: 6392
Change-Id: I9e4960282ea64d20499f7d5a330f48f30a092b30
Reviewed-on: https://code.wireshark.org/review/21951
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We were allocating it every time we called cap_pipe_dispatch() (or,
prior to I0256daae8478f1100fdde96a16a404465ec200b3, in
capture_loop_dispatch()) and freeing it before the routine in question
returned.
However, we were treating that buffer as if it persisted from call to
call, which worked *only* if freeing and re-allocating the buffer meant
that we'd get back the same buffer with its previous contents intact.
That is *not* guaranteed to work.
Instead, allocate the buffer when we open the capture pipe, and free it
when we close the capture pipe.
Change-Id: Ic785b1f47b71b55aba426db3b1e868186c265263
Reviewed-on: https://code.wireshark.org/review/21948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's not much point in having a switch-case block with only a default
statement ;-)
Change-Id: Iaacd87bb2995783b98e5395b3654a1c8f32c473a
Reviewed-on: https://code.wireshark.org/review/21938
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In this case, we can simply replace the exception with an expert info
and exit the loop.
Change-Id: I232e554af299140d7123b5e21d78372a35a7923b
Reviewed-on: https://code.wireshark.org/review/21936
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0c4346386846c03a67b83bebfce6da6323379180
Reviewed-on: https://code.wireshark.org/review/21937
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The buffer is only used when reading from a pipe; no need to allocate it
when capturing from a pcap_t.
Doing it in cap_pipe_dispatch() makes it clearer when the buffer exists
and when it doesn't.
Change-Id: I0256daae8478f1100fdde96a16a404465ec200b3
Reviewed-on: https://code.wireshark.org/review/21930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Current layer number needs to be unconditionally saved after v2.3.0rc0-3740-ge1f84f985e,
which increased the number of dissectors that use current layer number to
determine Decode As value.
Change-Id: Ib82370af94ea00613a337890369e228cffa1ed81
Reviewed-on: https://code.wireshark.org/review/21928
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Either 1) it can be determined from the libwiretap encapsulation type,
in which case it's redundant information or 2) there *is* no pcap/pcapng
link-layer header type for that encapsulation type, in which case you
need to check for the attempt to determine it failing and handle that
failure appropriately.
Change-Id: Ie9557b513365c1fc8c6df74b9c8239e29aad46bc
Reviewed-on: https://code.wireshark.org/review/21924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just let libpcap pick the snapshot length; that way, for link-layer
types that need a really large snapshot length, such as D-Bus (which
requires 128MB for the largest messages), it can pick that, but can
otherwise pick something that doesn't require as much memory, e.g.
256KB.
For pcap_open_live() and pcap_open(), which don't have a way of saying
"give me what's appropriate", pick 256KB.
Change-Id: Idef5694f7dfa85eaf3a61d6ca7a17d263c417431
Reviewed-on: https://code.wireshark.org/review/21917
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"Additional update parameters" info element is not dissect in Paging Response message. See TS 44.018 9.1.25
Change-Id: Ia3aec7809be9b5e8318bb7e04326bc85f77d34bd
Reviewed-on: https://code.wireshark.org/review/21914
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I98c5dad4dba4a8e5eaa450bef977ca7c0b979734
Reviewed-on: https://code.wireshark.org/review/21867
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
EVS value was incorrectly typed from the non-extended type space.
Now it should display as unknown.
Ping-Bug: 13745
Change-Id: I67cfa29d3edcd56e49c1f4eded117a26594f0a14
Reviewed-on: https://code.wireshark.org/review/21911
Reviewed-by: Michael Mann <mmann78@netscape.net>
and fix also some typo
Change-Id: I7892e715af56ebd1abb3fb36110200e2e992e9b1
Reviewed-on: https://code.wireshark.org/review/21901
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
items exported by nProbe.
Change-Id: I476c970d1abb7e1776da01bbdbf74e255387c917
Reviewed-on: https://code.wireshark.org/review/21825
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Implements all seven AEAD_CHACHA20_POLY1305 cipher suites from RFC 7905
(for TLS 1.2) and the final missing one for TLS 1.3 (draft -20).
New test captures (created using OpenSSL_1_1_0-pre6-2528-g042597b0a)
also serve as tests for TLS 1.3 decryption support.
Change-Id: Ice6d639c9c7b7bc23a6ff5fb4832d02694abd8c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21902
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add missing offset increment for Header IEs with length (missing from
https://code.wireshark.org/review/21472).
Add missing increment so that the overall header tree spans all elements.
Change-Id: I91515a0b6b5fca8bcc95ea9e2cbc791bddf0500d
Reviewed-on: https://code.wireshark.org/review/21890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This may not be the only Netgear protocol, so make a distinction.
Change-Id: I68f460f44ac9345863468cfb407cec205a392d54
Reviewed-on: https://code.wireshark.org/review/21900
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Charlie Lenahan <clenahan@sonicbison.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I93de7ffdbd3c43494bc6a5dd1f44f6f45d6b54f8
Reviewed-on: https://code.wireshark.org/review/21617
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
oss-fuzz invokes the dissector without IP layer, so we can't assume
the IP address to be available when dissecting POWERLINK/UDP packets.
Same goes for the "Exported PDU" functionality.
Bug: 13756
Change-Id: I038f0445ada3f764dcc72f7bce1d02cfa49791fb
Reviewed-on: https://code.wireshark.org/review/21894
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When reviewing the code, the following issues were identified:
- otid/dtid on 3 bytes were not stored
- when receiving the first continue from dest, the TC_END hash entry was
created with the source tid / address instead of destination ones
- when receiving the first continue from src, the logic could prevent
the creation of the hash entry
Bug: 13739
Change-Id: If4ee70f0fa69f5ff74fdf75f3a741102baa0121a
Reviewed-on: https://code.wireshark.org/review/21780
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Store SslPacketInfo under the same key as used by p_get_proto_data and
pass this data to the Follow SSL tap.
Change-Id: If9b97d0e0e2a82562abe6cb9e61986744680066d
Fixes: v2.3.0rc0-3740-ge1f84f985e ("Fix Decode As for protocols that may use tunneling.")
Reviewed-on: https://code.wireshark.org/review/21893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>