Packets from Heart Rate Service can contain
multiple rr interval values. They are appended
at the end of the packet. Before this patch
Wireshark recognized only the first value.
Make wireshark properly recognize them and decode
properly.
Change-Id: I3f3d8db4e0a941a690cd6a14dda84503e166f6e7
Reviewed-on: https://code.wireshark.org/review/14910
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Limit the the protocol tree to 500 levels. This keeps us from running
out of stack space in proto_tree_traverse_{pre,post}_order.
Bug: 12268
Change-Id: I60f6b4487bf51a4d43da0429819a8a20fbdb313a
Reviewed-on: https://code.wireshark.org/review/14887
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
These strings were pulled from the TVB using tvb_get_string_enc() (as ASCII)
so any non-printable characters have already been replaced with the unicode
replacement character. So display the strings as Unicode, not ASCII.
Bug: 10681
Change-Id: I64cf51aafcca921c6f9257a2ebd577c599f20883
Reviewed-on: https://code.wireshark.org/review/14899
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
>>> CID 1358479: Control flow issues (NESTING_INDENT_MISMATCH)
>>> This statement is indented to column 13, as if it were nested within the preceding parent statement, but it is
So indentation level was reduced.
Change-Id: I4d069c11647e247ef2a8b42fec3b909a77846725
Reviewed-on: https://code.wireshark.org/review/14901
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
It should be displayed with the STR_UNICODE field display parameter
Bug: 12337
Change-Id: I6204909977218f5e19b5eb309595be1d6666ac9a
Reviewed-on: https://code.wireshark.org/review/14896
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Replace some function calls with their non-deprecated equivalents so
that we can remove _CRT_NONSTDC_NO_DEPRECATE from CMakeLists.txt and
config.nmake.
Leave _CRT_SECURE_NO_DEPRECATE in place. Removing it failed with 145
warnings and 72 errors.
Note that we could probably improve startup performance by using wmem
in diam_dict.*.
Change-Id: I6e130003de838aebedbdd1aa78c50de8a339ddcb
Reviewed-on: https://code.wireshark.org/review/14883
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
capabilities to draft-ietf-pce-stateful-sync-optimizations-04
Change-Id: I602e6395939e6f870782f2d1a867d2663e4b15e2
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/14892
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Initially use SCTP port 80, which has been assigned by IANA
for HTTP/SCTP.
Change-Id: I0f153371b68a15485f8c43e77cbffee8055775b4
Reviewed-on: https://code.wireshark.org/review/14895
Petri-Dish: Michael Tüxen <tuexen@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
The MS docs say that StringCchPrintf() is safer.
Change-Id: Id3669ff75f2acb2218a8ef74cf0562e4ac3abb1e
Reviewed-on: https://code.wireshark.org/review/14880
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bluetooth BR/EDR RF dissector is pseudoheader with some
useful information to decode Bluetooth air packets.
This implements LINKTYPE_BLUETOOTH_BREDR_BB assigned
by tcpdump group.
Change-Id: I751d1f5d9c15650d93e6e8b2cc94294eb48c73de
Reviewed-on: https://code.wireshark.org/review/14760
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This open call is Linux-specific (so there's no harm in using open() rather
than ws_open()) but this will keep checkAPIs happy.
Change-Id: I5695c1bd3b1a4af320ef0acfa1a8162c1d9f14e1
Reviewed-on: https://code.wireshark.org/review/14879
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reset wslua_dfilter and remove the Field tap_listener when
reloading plugins.
Check for tap listeners in rescan_packets() after ws_epan_new()
because Lua may register the Lua field tap when adding Fields.
Bug: 12328
Change-Id: Ibbd8339033132c6f3b61d7e9c9ced9ed2b9affec
Reviewed-on: https://code.wireshark.org/review/14871
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The R22 version of the ZigBee PRO Core Spec adds a Link Power Delta
command which is added by this update.
Change-Id: Ib07cf81ef30b243be3b5e82bf9bef7459ee0c806
Reviewed-on: https://code.wireshark.org/review/14830
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The current wslua code does not properly handle out of memory
conditions. Since recovering from OOM is difficult in many places, just
abort the program (which is done by g_realloc).
Change-Id: Idae68d08c90c82ba5df18a28cc1e507d61d20e78
Reviewed-on: https://code.wireshark.org/review/14786
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use ex_opt_get_nth instead of ex_opt_get_next to avoid consuming the
parameters. This ensures that lua scripts via the "-Xlua_script"
parameter are also reloaded.
Change-Id: I316726cdf99f7ee3d738d3632a7f639ea8596f96
Reviewed-on: https://code.wireshark.org/review/14870
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Remove HTML_VIEWER compile-time setting.
If xdg-open doesn't exist use user web browser preference as fallback.
Change-Id: I3b4a4a1a36b0192d75f2c97595f37d0d88a0941e
Reviewed-on: https://code.wireshark.org/review/14805
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
This fixes the wsutil dependency on libwireshark.
Change-Id: Ic82e769ce39ad0a8c800d371cfa6bd300849fee1
Reviewed-on: https://code.wireshark.org/review/14859
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
GLib's v*printf routines are close to unreasonably slow on
Windows. Use the native CRT routines in wmem_strdup_vprintf and
wmem_strbuf_append_vprintf on that platform.
Change-Id: I5e94aa6fe47434e5a18f3a4d5b6b24ebe71499c1
Reviewed-on: https://code.wireshark.org/review/14868
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Having to define two macros for marking a function as never returning
seems a bit redundant. Merge the MSVC and GCC-like attributes into a
single WS_NORETURN.
Tested with Clang 3.7.1, GCC 4.4.7 and even GCC 4.1.2 using this small
program (-Wall -Wextra, the first two generate warnings for
uninitialized variables, the last one compiles without warnings):
#include <stdlib.h>
__attribute__((noreturn)) void foo() { exit(1); }
__attribute__((noreturn)) void bar();
void bar() { exit(1); }
int main() {
int j, i;
if (i) { bar(); return j; }
foo();
return j;
}
Change-Id: I7d19c15e61b8f8fa4936864407199c4109f8cc82
Reviewed-on: https://code.wireshark.org/review/14822
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Added the submessage and prepared the code paths so it is easy to add
more vendor-specific submessages (from any vendor)
Change-Id: I47aa35d64839cd04eb35f7f8fdd94ef1324570fb
Reviewed-on: https://code.wireshark.org/review/14864
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use wmem_strconcat and g_strconcat instead of wmem_strdup_printf and
g_strdup_printf when we register various protocols. This shows a fairly
significant speedup in the Visual Studio profiler.
Change-Id: I98709329513daa66ad3665925dc69149c43df884
Reviewed-on: https://code.wireshark.org/review/14855
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
1. Switched to common way to parse Get Attr All, using dissect_cip_get_attribute_all_rsp, for CCO (class version) and CIP Validator. This also fixed a missing attribute in the old CIP Validator code.
2. Add cip_string2 attribute implementation
3. For CIP Validator, set the protocol as "CIPS Validator", previously this was "CIPS Supervisor".
4. For classes with subdissectors, add the service to the Info column in the response.
Change-Id: Id9593ca39497261075df8146cf63ee9581462e2a
Reviewed-on: https://code.wireshark.org/review/14837
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Cast the value before multiplication to prevent overflow.
Change-Id: I673e9e3e869e326ba3d23c3a2100e274e9dc7566
Reviewed-on: https://code.wireshark.org/review/14823
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
if the first length byte is 0xff, the actual length is the last
two bytes interpreted as little endian
Change-Id: I098ce428888147ad9ca0a30c3ed451d1f89eace7
Reviewed-on: https://code.wireshark.org/review/14834
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
ZigBee has added new 802.15.4 Information Elements, defined in
Annex D.8 of ZigBee Specification R22. Specifically this is the
Enhanced Beacon Payload IE, TX Power, and Rejoin IEs.
Change-Id: Ic54b92c6d1f6437dc7888d10e9ae63453eb60e1d
Reviewed-on: https://code.wireshark.org/review/14547
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in the RFC1035 the TTL is a signed int.
https://tools.ietf.org/html/rfc1035#section-3.2.1
Change-Id: I07e57309f83f1877b1b4cb6a085bc3dabf053379
Reviewed-on: https://code.wireshark.org/review/14759
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
master-branch libpcap now generates a reentrant Flex scanner and
Bison/Berkeley YACC parser for capture filter expressions, so it
requires versions of Flex and Bison/Berkeley YACC that support that.
We might as well do the same. For libwiretap, it means we could
actually have multiple K12 text or Ascend/Lucent text files open at the
same time. For libwireshark, it might not be as useful, as we only read
configuration files at startup (which should only happen once, in one
thread) or on demand (in which case, if we ever support multiple threads
running libwireshark, we'd need a mutex to ensure that only one file
reads it), but it's still the right thing to do.
We also require a version of Flex that can write out a header file, so
we change the runlex script to generate the header file ourselves. This
means we require a version of Flex new enough to support --header-file.
Clean up some other stuff encountered in the process.
Change-Id: Id23078c6acea549a52fc687779bb55d715b55c16
Reviewed-on: https://code.wireshark.org/review/14719
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not try to recover from truncated tvbs for fragment_add_seq-like
functions:
- If it is the first block and the dissector requested frag_data_len
number of bytes, we should not lie and pretend that we are fully
reassembled.
- For other blocks, returning NULL as no reassembly was possible makes
sense. But other fragments in the list should not be cleared as there
may be partial fragments which were returned before.
It seems that this special behavior was introduced in
b2c11b5e13 (freeing fragments and
returning NULL as an optimization when fragments are deemed not needed
anymore) and faeb2c2ee1 (for returning
fd_head for the first fragment, "so the first fragment gets dissected as
fragmented packet").
Now in theory unused fragments could stick around, but that also
possible with the normal fragment_add functions.
Bug: 11799
Change-Id: I20829c54e1b2eee25a91fe4de51b19b1458c7789
Reviewed-on: https://code.wireshark.org/review/14082
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When deregister_dissector is called by Lua, the protocol was not
property removed from the dependent dissectors list. Fix this and also
duplicate the memory for keys and values since these strings might be
dynamically allocated.
Fixes a use-after-free after reloading Lua dissectors that use
DissectorTable:add() and opening a new/closing an existing capture file.
Change-Id: If2ae02f155e7ab8fc653c08003755897471f9be0
Reviewed-on: https://code.wireshark.org/review/14735
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf.
This shaves a small amount of time off of register_all_protocols on
Windows according to the Visual Studio profiler.
Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4
Reviewed-on: https://code.wireshark.org/review/14770
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For Broadcast address use FT_ETHER with FF:FF:FF:FF:FF:FF address
instead of string address "Broadcast".
Change-Id: I638d3d6a1baa9c965dd0a9f548cedbd81af3ec5b
Reviewed-on: https://code.wireshark.org/review/14767
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add some comments as well.
Change-Id: I308aec7af187b917fbaa318712c82e3d9187cf1b
Reviewed-on: https://code.wireshark.org/review/14745
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 12300
Change-Id: I636c086d2dd9c950c35724d3e6b8dbf712e9e147
Reviewed-on: https://code.wireshark.org/review/14744
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a conversation starts with SSL (Client Hello) but gets a HTTP
response back, then the first SSL request should be preserved.
Bug: 12132
Change-Id: I3f9b5c8828bc5c6680945d7cf71740584dd463ab
Reviewed-on: https://code.wireshark.org/review/14726
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Restrict the list of possible (sub)elements to avoid deep recursion.
Bug: 11824
Bug: 12187
Change-Id: I12deb9956c6ba9b6113cf45da4ee919e33ff8567
Reviewed-on: https://code.wireshark.org/review/14114
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
luaL_error never returns, free memory before.
Change-Id: Ibcdbdb6afea5d2dab7be6a16c4c2536dcf14220a
Reviewed-on: https://code.wireshark.org/review/14734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pass the reassembled fragment instead of the current record.
Bug: 11477
Change-Id: Id49fac8fa3f9e1b1904a75ab6c7512306f2071b0
Reviewed-on: https://code.wireshark.org/review/14727
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Using tvb_get_ptr to get a string is always dangerous in the face of
malformed packets. Instead using string functions allow for safe handling
of these.
Bug: 12242
Change-Id: I059c186032492aae9c90a69858ea3fc59e21313f
Reviewed-on: https://code.wireshark.org/review/14714
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I6037a02e6170d0ca8b978135f960213ed22bef97
Reviewed-on: https://code.wireshark.org/review/14710
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(The check to ensure the delayed field registration had been done was still
wrapped inside an if(tree) but a bunch of proto_add_*()'s had been pulled out
from under if(tree)'s thus causing some hf's to be used before registered.)
Also simplify the code to ensure the fields are registered since we're doing it
potentially many times per frame: do an integer comparison rather than looking
up an hf by name.
Add a note to the docs for proto_register_prefix() to make it clear that the
initializer routine may not be called before the dissector is asked to dissect
something.
Change-Id: I5dc1154638a290c3a94149184d56570c3abb836a
Reviewed-on: https://code.wireshark.org/review/14711
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Length calculations updating "remaining datagram size" for fragmented
6LoWPAN packets with NHC headers were incorrect if there was any elided
option padding.
The current header's unpadded length was subtracted from dgram_size,
when it should have been the padded length - the datagram size is
uncompressed IPv6.
This meant the final nhdr_list entry created to represent the remaining
payload would have its "reported" field too large. Most visible result
of this was that the IPv6 payload length written into the packet by
lowpan_reassemble_ipv6() was too large.
Error probably went unnoticed because the most typical 6LoWPAN options
don't need padding - the RPL option is 6 bytes, and the MPL option is 6
bytes if using 16-bit seeds, making the HbH extension header an aligned
8 bytes.
Bug: 12310
Change-Id: If94e9ca57f88c4ac41f002a689ce1da7097b5bd0
Reviewed-on: https://code.wireshark.org/review/14701
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have bin2hex() wmem_allocate the buffer, so it can be used the same way
that tvb_get_string_enc() is used.
Don't bother checking whether NIBBLE_2_ASCHEX() returns an ASCII hex
digit character or not - it returns either a value in the ASCII range of
'0' through '9' or in the range 'A' through 'F', all of which are ASCII
hex digits.
Fix get_bit() to set *length to 0 if the string we're returning is
empty.
Change-Id: Id331cfd0ab34d45892f98d228dc793a1e93d84e5
Reviewed-on: https://code.wireshark.org/review/14717
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I81a83638c2318ba0d806263dbf692cd19b30ce9b
Reviewed-on: https://code.wireshark.org/review/14707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I852aa09bff6a37ef03b5f55bdf8933ed181da2d0
Reviewed-on: https://code.wireshark.org/review/14705
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make
sure our offset always increments in dissect_spoolss_keybuffer.
Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793
Reviewed-on: https://code.wireshark.org/review/14687
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-tcp.c:2155: warning: Value stored to 'relseq' during its initialization is never read
packet-tcp.c:3511: warning: Value stored to 'assignedMetaId' is never read
packet-tcp.c:3514: warning: Value stored to 'assignedMetaId' is never read
Change-Id: I68d8088fc54da5ad52361510d43b893e58bf419f
Reviewed-on: https://code.wireshark.org/review/14695
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Matthieu Coudron <matthieu.coudron@lip6.fr>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In case of a segmented SDO transfer, the transfer complete response can
contain additional data that should not be evaluated by the dissector.
Change-Id: I7016eb88b93aac8c318e703fe60a90c3adbf9eeb
Reviewed-on: https://code.wireshark.org/review/14692
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Fix mismatching emacs and vi modelines.
Change-Id: I5cab8c5b7692746a5fa731c977cef903ad19a6f6
Reviewed-on: https://code.wireshark.org/review/14688
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
As explained by Guy, we should use new_slots[i] and not new_slots[k]
Bug: 12278
Change-Id: Ifae44f9d5948bed5c4ee0442510724016e307dee
Reviewed-on: https://code.wireshark.org/review/14678
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a ConversationAction and ColorizeAction classes which respectively
handle conversation filtering and colorization.
Move conversation menu initialization to initConversationMenus and call
it once at startup. This keeps us from leaking quite a bit of memory
each time we select a packet or proto tree item.
Bug: 12044
Change-Id: I32e8cedaba08a419d5da6a7a9db31c910909f450
Reviewed-on: https://code.wireshark.org/review/14516
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
git/epan/dissectors/packet-a21.c:478:25: error: 'item' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
proto_item_append_text(item, "%s", val_to_str_const(event_id, a21_event_vals, "Unknown"));
^
Added manual change id because file-jpeg.c forced the use of commit -n
Change-Id: Iffff53d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14666
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Bug: 12295
Change-Id: I875308a16b11023a691d34057c7f8561a15aa598
Reviewed-on: https://code.wireshark.org/review/14649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the possibility to filter on the negotiated WebSocket
protocol from the upgrade response as well as on a specific TCP port
Bug: 12298
Change-Id: I8e0b785cec0b8c71ec558b74ac07c81194268b38
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-on: https://code.wireshark.org/review/14645
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The code sets up a conversation, then proceeds getting it
and using it. It must be there, so assert that it is before
dereferencing it.
Change-Id: I5384b9b773a5f4e86f649612ee4f4929a503c523
Reviewed-on: https://code.wireshark.org/review/14641
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds options that control depth of MPTCP analysis, notably:
- if mptcp_relative_seq is enabled, can display relative MPTCP sequence
numbers
- if mapping analysis is allowed, can tell in which packets the DSS
mappings covering this data was sent
- if intersubflow checks are enabled, it can check for retransmissions
over other subflows
Change-Id: I82b934513c9f16affb60c066a1fbcca234ffc999
Reviewed-on: https://code.wireshark.org/review/12316
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d1807e631991d4115ca33d351e85c36272c209b
Reviewed-on: https://code.wireshark.org/review/14523
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The CAT025 type of ASTERIX messages is "CNS/ATM Ground System Status Report".
Change-Id: Icf39d595cef8663357a487b799bf32e738236757
Reviewed-on: https://code.wireshark.org/review/14590
Tested-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d0aae95c41f527c4a1e0327bf6c3950204458e1
Reviewed-on: https://code.wireshark.org/review/14637
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12285
Change-Id: I103dff37b34f922ac5c3071c49b7dfe55b059717
Reviewed-on: https://code.wireshark.org/review/14634
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Old code didn't decode response specific fields, so all
packets where shown as invalid.
Bug: 12294
Change-Id: Id3bca825925ef3c20da1bb98dfb50961989fd585
Reviewed-on: https://code.wireshark.org/review/14529
Reviewed-by: Michael Mann <mmann78@netscape.net>
if a packet is not successful ( after resend )
the data section has to be skipped GEV 2.0 spec [CR-203st]/[CR-204st]
Bug: 12281
Change-Id: I9465000fb3e25f1e00f419cc7ccae29bd32a56b1
Reviewed-on: https://code.wireshark.org/review/14555
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12287
Change-Id: I9aecf83ef6f166fc30c275d1e50e0268b1b59ad5
Reviewed-on: https://code.wireshark.org/review/14618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* CSCT: Signed cert timestamp (RFC6962) of leaf cert
Change-Id: I487090830ea8fa1d7597fbd7eef9e801f5e1fb65
Reviewed-on: https://code.wireshark.org/review/14626
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I32e718a8ef94b514fd2907651e2f9bd92d8119ef
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-on: https://code.wireshark.org/review/14627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Expert Infos can be a little overwhelming in large traces. This
preference will allow any user to enable the PI_NOTE declared
expert infos to be shown only when they are really necessary.
Fix a bug with SCM UDID validity detection as well
Change-Id: I2d197684157f1ea748bfbcc6fa2dfdb348722223
Reviewed-on: https://code.wireshark.org/review/14625
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: If44d33e739bc02425aea437e34ea8531b4223691
Reviewed-on: https://code.wireshark.org/review/14617
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8cfad1cdbb3843fa65931d8a22beba1b6bdf57c8
Reviewed-on: https://code.wireshark.org/review/14620
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it will end up in the source distribution tarball.
Change-Id: Ieeafd5dbaebe3930c3769bfcbce538da5d36b7d3
Reviewed-on: https://code.wireshark.org/review/14624
Reviewed-by: João Valverde <j@v6e.pt>
Add SOCKET_LIBS and NSL_LIBS to global LIBS variables on platforms
where it is required.
Make configure checks for getaddrinfo/gethostname unconditional,
that is handled with #ifdefs if necessary.
Change-Id: Ia874038454fb9cf3bdbf8e6fd829f319e331837e
Reviewed-on: https://code.wireshark.org/review/14560
Reviewed-by: João Valverde <j@v6e.pt>
Add organization extension management message TLV according to SMPTE
(Society of Motion Picture and Television Engineers) ST 2059-2 to
Precision Time Protocol (PTP).
Bug: 12264
Change-Id: I487ef2bacbccdb61c813d923830242f9526fd2cf
Reviewed-on: https://code.wireshark.org/review/14559
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If client and server have the flag set then compression starts
after the greeting,login,ok.
This comments makes it possible to decode packets which
use the compressed protocol but don't have an compressed
payload.
Ping-Bug: 10342
Change-Id: I710f655c86feb9770556d1ffa69edd728e0374c3
Reviewed-on: https://code.wireshark.org/review/14603
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This takes away much of the pain (and merge conflicts) of micro-managing every
sub-folder file.
Change-Id: I7d7bb1173511ec9312ca4a97c6a59a26b0b194f4
Reviewed-on: https://code.wireshark.org/review/14595
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This copied and stripped code has this variable which does
not change. Remove this constant variable and the conditional
statements related.
Change-Id: I0741ef0ef8b8d1cbd52fc521bc6a91ad06c8b597
Reviewed-on: https://code.wireshark.org/review/14594
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The TCP dissector failed to recognize spurious retransmissions when the last ack
exactly equaled the retransmitted packet's sequence number plus the len. This is
standard TCP behavior so this feature was broken in most cases.
Bug: 12282
Change-Id: I90196cc79e786f92fd0d7be32816aad1d69d5718
Reviewed-on: https://code.wireshark.org/review/14592
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
nothing to do with IP protocol 97 called EoIP. Instead it is a GRE encapsulation
with Ethertype 0x6400. It sets the GRE version to 1 but doesn't use a sequence
number (in violation of RFC2637). Welcome to the real world.
Change-Id: I3d916f8fc134ef14bcaf0b946a10f7170a9f6a75
Reviewed-on: https://code.wireshark.org/review/14596
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: I4b4a5e6ca0b10068075767e6eec95c97d32034a1
Reviewed-on: https://code.wireshark.org/review/14561
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The copied function retained features from its parent,
which cannot be reached. Might as well remove them and
replace with proper assert.
Change-Id: I63838d6011420d6c4473b127da52e7f304376172
Reviewed-on: https://code.wireshark.org/review/14531
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Base it on the DEC specification, not on whatever the Linux DECNET
people managed to reverse-engineer.
Change-Id: I60586f52e35f9f61e4aed93f315bfaceebe68cce
Reviewed-on: https://code.wireshark.org/review/14579
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add pkg-config 0.29.1 macros to our distribution. This makes the
aclocal-flags script obsolete, since we are already not using GLib
autoconf macros.
ACLOCAL_AMFLAGS need only be defined on the top-level Makefile.am.
Change-Id: Idd868dcfeb8f279517970d0f96d9d53e3a7e4d5c
Reviewed-on: https://code.wireshark.org/review/14568
Reviewed-by: João Valverde <j@v6e.pt>
They use proto_tree_add_uint_format() function to build an interpreted value, so they should not apply the byte bitmask
Change-Id: I29f70f567d41a8a44a34f3f0bc477fbc04b11b29
Reviewed-on: https://code.wireshark.org/review/14553
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Fixup for 7a1d3f67ac.
Change-Id: Idb8d68a3cc114545f24738cead4968804d831346
Reviewed-on: https://code.wireshark.org/review/14548
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I901ebc2128c92ef758b6b400cc8d86488a2115cb
Reviewed-on: https://code.wireshark.org/review/14537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A regression was introduced at f4580ac9ed where an additional
hash table was introduced to store TLS Session Tickets separately
from Session IDs. However, the New Session Ticket dissector was
still storing the the Session Ticket in the ID table, causing lookups
to fail.
Change-Id: Iff49202f50afb8cb6ef62c774f6155682b8e48a6
Reviewed-on: https://code.wireshark.org/review/14499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As well as in the rest of network protocols, in RTPS we have senders
and receivers of data. The atomic unit is not the host address (IP)
or the host address and port (UDP) but the guidPrefix. The guidPrefix
represents a single DomainParticipant, that very likely will be an
application. I have added filters to be able to differentiate from
source of information and destination of information. Before, the
only filter available was rtps.guidPrefix
Change-Id: I810d8b043796119c6e381bdbcb6061e0525ea272
Reviewed-on: https://code.wireshark.org/review/14466
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The PKTC dissector calls the Kerberos dissector assuming certain application values. Because different application values can have different "private" data, corruption can occur.
Ensure the Kerberos application values match the preceding comments by checking the ber identifier before calling the Kerberos dissector.
Bug: 12206
Change-Id: I9b04837f93a56681cae3816278315cf01da17544
Reviewed-on: https://code.wireshark.org/review/14520
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf36ebd7ceb3f87ceb6a68774f5b2810f8cf7b58
Reviewed-on: https://code.wireshark.org/review/14527
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Removing setting up and decoding for a header field which
never can be used anyway.
Change-Id: Ieed7810dd654df944a5bd16a7b84d3367bf9fa14
Reviewed-on: https://code.wireshark.org/review/14524
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Saves some false positives for protocols using port 674.
Bug: 12265
Change-Id: I7cb8aa9318639db0822b05b8c5b6f6563d8d4afc
Reviewed-on: https://code.wireshark.org/review/14521
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the two bytes are sent LSB first
all fields are defined relative to the entire 16bit value
Change-Id: Iaea2b98fcb1f57224fbbd1c4c58473a7f810055d
Reviewed-on: https://code.wireshark.org/review/14513
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
A vlans file in the personal preference directory add an option to resolve
VLAN IDs to a describing name.
Format of vlan file is
123\tName of VLAN
To enable the resolving the preference nameres.vlan_name must be set
to TRUE.
Bug: 11209
Change-Id: I3f00b4897aace89c03c57b68b6c4b6c8b7d4685a
Reviewed-on: https://code.wireshark.org/review/14471
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I45b48c1e89ff68b1d990cd7cff9dd180cf4a1f7f
Reviewed-on: https://code.wireshark.org/review/14505
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Catch errors like bug 12205 with an assertion.
Change-Id: I17381c92dfb22912e53eb20f6436adfa15d67e71
Reviewed-on: https://code.wireshark.org/review/14251
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of most tests of tree, so we always step through the packet.
Change-Id: I0b54aecd7e871d9d48fc03f387131f0f6034b42f
Reviewed-on: https://code.wireshark.org/review/14496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't conditiionalize stuff that should always be done with a test of
whether the protocol tree is being constructed or not.
Don't add an extra bogus address field to CF-End frames.
Bug: 12266
Change-Id: I0840d63480f9d7d8ffa434d984082a4a46a00d12
Reviewed-on: https://code.wireshark.org/review/14493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove a couple useless if(tree)'s while in there.
Change-Id: Ie8de360f4590806eab0a4704b410341918251586
Reviewed-on: https://code.wireshark.org/review/14488
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Always look and set the uinteger64 member of the union for FT_BOOLEAN
values.
Bug: 12236
Change-Id: I7b0166e564b9d6cbb80051a81714a4b4c5f740a2
Reviewed-on: https://code.wireshark.org/review/14481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In case no descriptors are in the trace, payload packets can
only be identified, if a clearly identified STREAM or CONTROL packet sets
class/subclass of the conversation
Change-Id: I30be30df908ede468fadf56fdef20f9869ce6b56
Reviewed-on: https://code.wireshark.org/review/14467
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That seems to be where we're telling it to send its logs.
Change-Id: Ic15370bc1af858b82f0964fcc35189039061ccb7
Reviewed-on: https://code.wireshark.org/review/14476
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Split two media type strings with the properly placed comma.
Change-Id: Ia6026879b63b9f51c3f2e61d8709f43716f0c6e2
Reviewed-on: https://code.wireshark.org/review/14472
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the "Display enhanced Info column data" preference is set, ensure that:
1. For non-MSP packets, path information (class/symbol) is displayed in the Info column for Forward Open, Forward Close, regular Message Router Request/Response messages
2. For MSP packets, don't display the class/symbol in the Info column (it's too wordy)
This now relies on an extra boolean passed to dissect_cip_data() to handle #2 above. Previously, this relied on checking a proto_item* for NULL, which is not correct.
Change-Id: I7532660bcb23bd664c1f5532256755922c4937d1
Reviewed-on: https://code.wireshark.org/review/14458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: Ice90bf9b14b440fdfe59d1639fc0674e326a9923
Reviewed-on: https://code.wireshark.org/review/14461
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: I1425046d6feaded7af94f4a852d8f0984bd0b736
Reviewed-on: https://code.wireshark.org/review/14460
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A dissector must never assume that it will, or won't, be called with a
protocol tree; it's up to the Wireshark/TShark/etc. core to decide
whether to do it, and it can change its behavior over time or even
change it from release to release.
Have dissect_epath() take an argument that explicitly indicates whether
to add the CIP class to the Info column, rather than assuming that you
do so only if the tree pointer passed to it is null.
Bug: 12257
Change-Id: Ide8a6fc21252880f849a8d0aa4659a675bb3ae04
Reviewed-on: https://code.wireshark.org/review/14456
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rather than storing RADIUS calls in a map keyed by the ident and conversation
store a tree of calls (using the the same key). Store each (non-duplicate)
call (request) in the tree, keyed by frame number. When looking for a match
(or a duplicate) look for the most-recently-seen frame in the tree (i.e., the
most recent frame with the same ident + conversation). Only declare a request
a duplicate if the authenticator is identical (as per RFC 5080 section 2.2.2).
Only store things in the map/tree on the first pass.
Remove the 'request_ttl' preference: it's better to show the user when the
response came back even if it was "late." (This also allows duplicate request
detection inside of the TTL.)
When telling the user about a duplicate don't tell them the ident again: they
already know that. Tell them the frame number of the original.
Use the FT_FRAMENUM_REQUEST/FT_FRAMENUM_RESPONSE hints.
Move a couple structures from the header file to the C file: they're only used
in the RADIUS dissector anyway.
Bug: 4096
Change-Id: I0e8bc0d23cd6b219cecd82f5c4cd765d28a14d98
Reviewed-on: https://code.wireshark.org/review/14451
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This includes not making assumptions about the order in which a GHashTable or
wmem_map implementation provides the keys to the GEqualFunc function
(apparently the former's order is different than the latter).
Change-Id: Ifbcb0f4f2c38b2ce6e44bf66c7246575af6299fa
Reviewed-on: https://code.wireshark.org/review/14448
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add missing newline or remove extra newlines at the end of the file.
Trim trailing whitespace.
Change-Id: I73b7a4e20969bc13f72bf97e981fd5de89d8bb17
Reviewed-on: https://code.wireshark.org/review/14400
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The reason the notice in the INFO column disappeared when a display filter was
added is because the column operation was wrapped in an if(tree).
Change-Id: Ic8ff929d7ef601458b8650f8095f87282f9fde40
Reviewed-on: https://code.wireshark.org/review/14449
Reviewed-by: Michael Mann <mmann78@netscape.net>
Initial import of source code for the dissector of the ISO 8583-1
'financial transaction card originated messages - Interchange
message specification' standard.
Bug: 12244
Change-Id: I24804cab4a93131ec9afa307844ad62eb2e01089
Reviewed-on: https://code.wireshark.org/review/14311
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A Proto may be only be registered with a heuristic dissector once,
because we check this in heur_dissector_add().
Change-Id: I524fa832b647d557f13aedcb870f7789058d2180
Reviewed-on: https://code.wireshark.org/review/14436
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
'scsi.blockdescs.no_of_blocks' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'scsi.naa.vendor_specific' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT32
Change-Id: Iaa512c02b99f0a103bb5015e92d900dae2932843
Reviewed-on: https://code.wireshark.org/review/14418
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'tds.done.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneinproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.envchange.newvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
'tds.envchange.oldvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
Change-Id: I87d713aaa722d7ab9e8d19955f3820e9040446c1
Reviewed-on: https://code.wireshark.org/review/14415
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's confusing to have 'pdus_tree' mean both the map of pdu_trees and the pdu
trees themselves.
Change-Id: Ie875798eb140b60a1309ddc0c0bf885b48c0407c
Reviewed-on: https://code.wireshark.org/review/14413
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Make full use of our proper implementation of this macro by
giving it the pointer as is.
Change-Id: I0bbe73d19cc3f578b94ea2d4d904d6fa87b20b48
Reviewed-on: https://code.wireshark.org/review/14391
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove "Object" from CIP class names. It was already removed from some of the objects, the string "Object" is implied for all objects, and it helps reduce wordiness in the Info column.
2. Don't display Class/Symbol name in the Info column when it's inside a MSP.
3. Enable enhanced Info column by default now that some of the additional wordiness was removed by the above points.
4. Put single quotes around the symbol name in the Info column. This makes it more obvious that something is a symbol instead of an actual class name from the spec, and would prevent ambiguity if the symbol name was something like "Identity".
5. Print the CIP service for both requests/responses in CIP Safety processing. This was already added to normal CIP.
6. Display Class/Symbol and service on the Service Packet in the MSP tree. This makes it easier to find without expanding every MSP item.
Change-Id: I7197dd4bf3dad6d7bdba247d3d7ab76cca52c785
Reviewed-on: https://code.wireshark.org/review/14325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now GATT dissectors need to have opcode to properly dissect attribute
or return expert info if possible (wrong usage).
Change-Id: Ife79bbf0682967a8bef8efadd8b242aa147315a7
Reviewed-on: https://code.wireshark.org/review/14314
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Bluetooth Specifications specify properties of every characteristics
(read, write, indicate, notify, write without response, signed write etc.)
Check it and add expert info about invalid usage if detected use of wrong
opcode with the characteristic.
Change-Id: I98ad8280b9ee65b4015a021e732ea748cc9e7a83
Reviewed-on: https://code.wireshark.org/review/14313
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
When additional path index are in use there must be more remaining data bytes.
Therefore we return only 1 when the len is greater 1.
Bug has been reported by Garri.
Bug: 12240
Change-Id: Ia24311dcedc450e4208df875bc254c9744dec5dd
Reviewed-on: https://code.wireshark.org/review/14396
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol spec states that unused bits in the last byte in a
7bit string shall be null.
Change-Id: I6fa2e0af6462c87279c19e23a98bf624e46bc9c1
Reviewed-on: https://code.wireshark.org/review/14387
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Set ENABLE_CHECK_FILTER to 1 for get list of display filter with conflict...
Ping-Bug:2402
Change-Id: I8d56b1573120d1a29d437aae1088be242e15e9a3
Reviewed-on: https://code.wireshark.org/review/13644
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Handling of PAN IDs in 802.15.4 has changed dramatically in
802.15.4-2015, particularly with respect to the new Frame Version
2 (0b10) frames. This update streamlines the logic in an attempt
to follow the spec as closely as possible. In doing so it fixes
some logical errors in the previous version
Change-Id: I1a2f112bbcdeb24a605167578201494823485c47
Reviewed-on: https://code.wireshark.org/review/14167
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix mapi/nspi/rfc dissector
Don't forget when regenerate to go on mapi/nspi/rfc and use make for regenerate
Change-Id: I74b98bf84e7786f51d4f693379186b289913ca1b
Reviewed-on: https://code.wireshark.org/review/11476
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In URB setup, wInterface is always displayed disregarding the actual
bmRequestType. Show instead: wInterface if recipient is an interface,
WEndpoint if recipient is an endpoint and wIndex when recipient is device
or other.
Change-Id: I6883dc22d80267276f9d171f39695e86e93aae83
Reviewed-on: https://code.wireshark.org/review/14283
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To quote Icf0831717de10fc615971fa1cf75af2f1ea2d03d:
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Ic829541c696e0ddbc45cc109009319859c799066
Reviewed-on: https://code.wireshark.org/review/14340
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
the version indicates IPv6.
This handles a case of Linux cooked capture with ethertype set as IPv4 for
IPv6 packets.
Change-Id: Ie79f1a631980a224a7b51963f9174e75ffb69a47
Reviewed-on: https://code.wireshark.org/review/14321
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Count vendor commands once
2. Fill Event column in case of Command Status/Command Complete
types while displaying command
3. Add missing Status from Connect Complete event
4. Add missing Command Complete events opcodes
Change-Id: Ie5a0e373f92f62fcb890cef7ab54762df3bb8a35
Reviewed-on: https://code.wireshark.org/review/14315
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Due to RFC5444 <msg-size> is a 16-bit unsigned integer field.
Bug was reported by Matthias Tafelmeier
Bug: 12227
Change-Id: I6d041015b386be7a8e02a87d0fe29e2670b1ab6e
Reviewed-on: https://code.wireshark.org/review/14320
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Before, the parameter ids were handled incorrectly. A vendor specific
parameter definition was used for all the vendors. This is wrong for
ids starting at 0x8000. This commits aims to fix that problem and
make easier the addition of new parameters or vendors.
Change-Id: I0d40aa8cbfa44d5bb2928075001fe39e6f14abc2
Reviewed-on: https://code.wireshark.org/review/14007
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix Typo and change session id to decimal.
Fix ENC_NA
Change-Id: I72bded27ee79a1f5b91202767ac750c82ac029d3
Reviewed-on: https://code.wireshark.org/review/14304
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use pkg-config if a zlib.pc file is available.
Remove the now redundant AC_TRY_LINK_FUNC test (there are no linker flags
for GTK+ here).
Change-Id: I7de744749eba7231ae0097b975144b76ffcf1bdb
Reviewed-on: https://code.wireshark.org/review/14263
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Presumably the intent is to have the two dissectors share the tables in
question; if so, it's best done by defining the tables in one and only
one C file and declaring it in a header file included by both C files -
that 1) ensures the declaration and definition stay in sync and 2) keeps
the OS X build from failing.
Change-Id: Id2e7e5b7270c7109ffb091b2e16a631b83dde212
Reviewed-on: https://code.wireshark.org/review/14309
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Issue reported by Ted Wards
Bug:12223
Change-Id: I38adba8ee3d48788afce20d969d708c7635c8703
Reviewed-on: https://code.wireshark.org/review/14302
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Dávid Major
Change-Id: I4dfd6f853205386bc6dbb15357b2b9e5d5b8ea0e
Reviewed-on: https://code.wireshark.org/review/14297
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
michal.orynicz