Do some renaming.
Change-Id: If8fa85370014f9618df38d97048dd1c52a4c389f
Reviewed-on: https://code.wireshark.org/review/28918
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's just a hack for "raw BER data" files, giving them a file name that
includes the OID to use for the syntax. For RFC 7468 files, the syntax
is determined from the label in the pre-encapsulation boundary.
Change-Id: Ia656f20f123d2c6a85041f83714a3a1cfefb70b1
Reviewed-on: https://code.wireshark.org/review/28916
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only put otherwise-undissectable BER data under that item.
That removes an extra layer that needs to be opened up.
Change-Id: I6b025a782ff7199c84bad46160c7c286e79b0580
Reviewed-on: https://code.wireshark.org/review/28915
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit introduces dissection of the different parts of the command,
showing of the command direction and origin entity, generic dissection of
'unsupported' commands, detailed dissection of several 'supported'
commands and aggregated commands dissection.
Most of the code has been taken from BT-HFP (A protocol of AT commands
over bluetooth).
Change-Id: I3516ec9c28581df8ef9c0c37f9b6ee9ec0c55938
Reviewed-on: https://code.wireshark.org/review/28699
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the Wiretap code just do a heuristic test to see if the file looks
like a RFC 7468 file and just had the entire blob of raw file data to
the caller, with an encapsulation type of WTAP_ENCAP_RFC7468.
Have a file-rfc7468.c dissector that processes the lines of the file,
displaying all of them. Have it extract the label from the
pre-encapsulation boundary line, and, after it's decoded the
base64-encoded data lines into a blob of data, try handing the tvbuff
with the blob to dissectors that have registered in the
"pem.preeb_label" dissector table with the appropriate label value, and
hand it to the raw BER dissector only if that fails.
This allows some files to have the content dissected as more than just a
raw blob of BER-encoded data.
Change-Id: I98db9f0beb86e5694fb8e886005a2df4fc96ba71
Reviewed-on: https://code.wireshark.org/review/28914
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit ba202ef362.
Creating endpoints, and corresponding conversations, for protocols atop which TCP or UDP runs can potentially cause attempts to look up the conversation to find the conversation for that protocol rather than for TCP/UDP, which can confuse protocols running atop TCP or UDP.
Change-Id: I3ca522e54e67cc4f996d0ee841c6bb40ee6a9976
Reviewed-on: https://code.wireshark.org/review/28912
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add conversation_new_pinfo(), which uses the endpoint if present, and
have find_or_create_conversation() use it rather than
conversation_new().
Remove find_or_create_conversation_by_id() - it's no longer needed.
Bug: 15018
Change-Id: Ib13e539751af0f071aede4ee0ed751d0cb72ba3f
Reviewed-on: https://code.wireshark.org/review/28908
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That isn't working, because it depends on the notion that for every
"endpoint type" there's a "port type" for the packet_info structure;
that's not true for ISDN channels.
The whole point of "use the packet_info structure when trying to find a
conversation and create it if it doesn't exist" is to use address
information *already filled in by somebody for use by other dissectors*;
we don't do that with the ISDN channel number, because there's no *need*
to do so.
So just add a new find_or_create_conversation_by_id() routine, which
passes the packet_info structure to get the frame number, and explicitly
passes the endpoint type and ID. Use that in the ISDN dissector.
Bug: 15018
Change-Id: Id0e997254b0eaf7cbc9261a2adff639ecbf083c0
Reviewed-on: https://code.wireshark.org/review/28904
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For various attempted matches, print what we're matching against.
Change-Id: Ib915aa9bc6e6e1ea6cc7a273f261db2a4952c0c4
Reviewed-on: https://code.wireshark.org/review/28900
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not initializing it also means that we'll get an error from compilers
with sufficiently good dataflow analysis if we use it in, or before, the
call itself, which is a Good Thing as we *shouldn't* use it before we
know it.
Change-Id: I99aa3fedd2a04f5bb6e60e0f6f8b0a3682263351
Reviewed-on: https://code.wireshark.org/review/28888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I'm not sure why this compiled in all of the test environments. (Ubuntu and Windows, plus Buildbot.)
Change-Id: I15d281010f3f463f3929aff8918ade8b71cffff7
Reviewed-on: https://code.wireshark.org/review/28887
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Similar to the TCAP transaction IDs - hf_tcap_tid, hf_tcap_dtid and hf_tcap_otid.
Change-Id: Idf55c894f5c0e60844c03b7de89b56f632d0ed36
Reviewed-on: https://code.wireshark.org/review/28885
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow forward timestamp deltas up to 1 year, up from 7 days.
Surprisingly this was overly restrictive in some real cases.
Change-Id: I8a4bd1ca791b978aa5d2be40f7f8dd8e23db8837
Reviewed-on: https://code.wireshark.org/review/28882
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the SCTP association contains a single DATA/SACK chunk in direction
the max and min TSN values are equal and as a result the Y axis range is
(maxTSN, maxTSN) or (0, 0) and the dots for the TSN are not visible
To fix this always set the Y axis maximum to maxTSN + 1 similar to the X
axis maximum of max_secs + 1
Also removed one unused local variable
Change-Id: Id38eb4dbd13a8ebbba98d4df00f3707331bd1464
Reviewed-on: https://code.wireshark.org/review/28862
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the capture does not contains SCTP INIT and INAT_ACK packets the
startArwnd value is 0 (not set) and as a result the Y axis range is
(0,0) and the dots are not visible
Change-Id: Iafb1981e62f28fe09b106138836c866d0dbebb27
Reviewed-on: https://code.wireshark.org/review/28861
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The channel and the mode are easier to read as a decimal
number.
Change-Id: Ia34901cb7e799ab1fbee3bd754b488f84c20274a
Reviewed-on: https://code.wireshark.org/review/28876
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Explain some of the magic numbers and other parts of the sparkline code.
Change-Id: Idfad30e773bd852ac021326467cf03ada91f6efc
Reviewed-on: https://code.wireshark.org/review/28874
Reviewed-by: Gerald Combs <gerald@wireshark.org>
MS DHCP Clients configured for the RRAS role make DHCP requests for
RAS pool IP's using a non-standard user class (option 77).
Add support for this, along with an expert info to indicate the
item is non-standard.
Change-Id: I2f18061c8635fde69cbf4c5d6d0548fadecc28cb
Reviewed-on: https://code.wireshark.org/review/28863
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
When ASAN memleak detection is enabled, any memory leak would result in
an exception and subsequently all features are marked as missing.
With the default profile, any Lua plugin or certain configurations could
cause a memory leak. To avoid such interference, set the configuration
path to a dummy location and warn whenever an error happens nonetheless.
Do not call setProgramPath() immediately, there is no "tshark" binary in
the current working directory anymore. Rely on test.py to set the path.
Change-Id: Idccc3d68eb6f6bb64d3a0b32897acecc65e0dfb6
Reviewed-on: https://code.wireshark.org/review/28867
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reverts commit 137d45f52c.
Don't. Make. The. Argument. To. Your. Extcap. Program. Specific.
Options. Optional. (Unless they're Boolean, in which case we never
pass an argument - we just pass the option if it's true and don't
pass it if it's false.)
Change-Id: I11e4ecaa196fd94c493d51e1f73e90267e1d9b1d
Reviewed-on: https://code.wireshark.org/review/28866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For options with optional arguments, the only syntax that's *guaranteed*
to be handled by getopt_long() is --option=argument, not --option
argument. The BSD/macOS version of getopt_long() only supports the
former, not the latter.
Change-Id: Icfaec9eda49f5a947961251ebd377d7c1684c823
Reviewed-on: https://code.wireshark.org/review/28865
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Quote the filename in case it contains spaces or other special chars.
Change-Id: I5ff901de0839551c06bc73b8bef631b64aff5199
Fixes: v2.9.0rc0-1078-gc20432285a ("git hooks: prevent first commit message line to exceed 80 chars.")
Reviewed-on: https://code.wireshark.org/review/28827
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The version argument to --extcap-version is optional, and some versions
of getopt_long() require, for a flag whose argument is optional, that
the argument be supplied as --flag=value, not --flag value.
Change-Id: I5e34132d8bb729b845ac75ff94d6d548c1c35a3d
Reviewed-on: https://code.wireshark.org/review/28864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is separate from the 802.11 preference, which only affects packets
where no file or packet metadata indicates whether there is an FCS (yes,
that is intentional behavior). This is specifically for radiotap, in
case some driver fails to set the FCS bit correctly (this is currently
an issue with Npcap, which currently assumes that the packet has an FCS
iff NDIS indicated the packet with the DOT11_RECV_FLAG_RAW_PACKET flag;
that doesn't appear to be a reliable indicator, and it's not clear there
*is* a reliable indicator, so Npcap might have to fall back on something
really gross like a quirks database for particular adapters).
Change-Id: Ia3b134d89004307442d42cfa5ed3cf8fb938235f
Ping-Bug: 15010
Reviewed-on: https://code.wireshark.org/review/28855
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Second byte, sw2, contains the amount of bytes in the response.
Change-Id: I237ef5978e81a2f13b821c5601177dac26829df1
Reviewed-on: https://code.wireshark.org/review/28850
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
While TS 51.011 defines '67 XX' as "Incorrect param P3", TS 102.221 specifies
a special case '67 00' which wasn't taken into account in the dissector
Change-Id: I2f17bd0035b3a9f4cdd625523eef06be416d451e
Reviewed-on: https://code.wireshark.org/review/28849
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If remove_tap_listener() doesn't find a tap listener with the specified
data, print a warning message and skip the "remove the tap listener"
steps.
This means that the internal free_tap_listener() won't be called with a
null listener; remove the now-unnecessary check (if anybody *does* call
it with a null pointer, that's a bug).
This prevents the crash in bug 15006, but that now produces a warning
message; it doesn't fix the underlying bug, it just changes the symptom.
Change-Id: Ia9a2bfa3d57b86eac0d6e0b0bad03a7b81e254e3
Ping-Bug: 15006
Reviewed-on: https://code.wireshark.org/review/28853
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There is no Error Code field
Bug: 14988
Change-Id: If6e8cf37d508c014b585bdb0cb4830ce7eb45588
Reviewed-on: https://code.wireshark.org/review/28797
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
'netlink-route.ifa_address' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
Change-Id: I3ba350cfc479a7733d48bc07b4102c8220126247
Reviewed-on: https://code.wireshark.org/review/28841
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Remove unused function parameters
2. Some tvb_get --> ret_uint
3. Move some variables to smaller scope. Better practice, and it's easier to see what variables need to persist outside of for loops.
4. Combine some scattered if (dimension == 1) blocks.
No functional changes.
Change-Id: Ifb2affb968356fcd7e980fd4ee046cf359252df4
Reviewed-on: https://code.wireshark.org/review/28845
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'oscore.opt.object_security_kid' exists multiple times with NOT compatible types: FT_BYTES and FT_BOOLEAN
Change-Id: Iba511c0804a8904a33deefecf75231ccdde938d2
Reviewed-on: https://code.wireshark.org/review/28840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Guy Harris