Do not try to recover from truncated tvbs for fragment_add_seq-like
functions:
- If it is the first block and the dissector requested frag_data_len
number of bytes, we should not lie and pretend that we are fully
reassembled.
- For other blocks, returning NULL as no reassembly was possible makes
sense. But other fragments in the list should not be cleared as there
may be partial fragments which were returned before.
It seems that this special behavior was introduced in
b2c11b5e13 (freeing fragments and
returning NULL as an optimization when fragments are deemed not needed
anymore) and faeb2c2ee1 (for returning
fd_head for the first fragment, "so the first fragment gets dissected as
fragmented packet").
Now in theory unused fragments could stick around, but that also
possible with the normal fragment_add functions.
Bug: 11799
Change-Id: I20829c54e1b2eee25a91fe4de51b19b1458c7789
Reviewed-on: https://code.wireshark.org/review/14082
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When deregister_dissector is called by Lua, the protocol was not
property removed from the dependent dissectors list. Fix this and also
duplicate the memory for keys and values since these strings might be
dynamically allocated.
Fixes a use-after-free after reloading Lua dissectors that use
DissectorTable:add() and opening a new/closing an existing capture file.
Change-Id: If2ae02f155e7ab8fc653c08003755897471f9be0
Reviewed-on: https://code.wireshark.org/review/14735
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf.
This shaves a small amount of time off of register_all_protocols on
Windows according to the Visual Studio profiler.
Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4
Reviewed-on: https://code.wireshark.org/review/14770
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
For Broadcast address use FT_ETHER with FF:FF:FF:FF:FF:FF address
instead of string address "Broadcast".
Change-Id: I638d3d6a1baa9c965dd0a9f548cedbd81af3ec5b
Reviewed-on: https://code.wireshark.org/review/14767
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.
The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.
ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.
Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.
ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.
Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.
Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.
Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.
Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add some comments as well.
Change-Id: I308aec7af187b917fbaa318712c82e3d9187cf1b
Reviewed-on: https://code.wireshark.org/review/14745
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 12300
Change-Id: I636c086d2dd9c950c35724d3e6b8dbf712e9e147
Reviewed-on: https://code.wireshark.org/review/14744
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a conversation starts with SSL (Client Hello) but gets a HTTP
response back, then the first SSL request should be preserved.
Bug: 12132
Change-Id: I3f9b5c8828bc5c6680945d7cf71740584dd463ab
Reviewed-on: https://code.wireshark.org/review/14726
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Restrict the list of possible (sub)elements to avoid deep recursion.
Bug: 11824
Bug: 12187
Change-Id: I12deb9956c6ba9b6113cf45da4ee919e33ff8567
Reviewed-on: https://code.wireshark.org/review/14114
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
luaL_error never returns, free memory before.
Change-Id: Ibcdbdb6afea5d2dab7be6a16c4c2536dcf14220a
Reviewed-on: https://code.wireshark.org/review/14734
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pass the reassembled fragment instead of the current record.
Bug: 11477
Change-Id: Id49fac8fa3f9e1b1904a75ab6c7512306f2071b0
Reviewed-on: https://code.wireshark.org/review/14727
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Using tvb_get_ptr to get a string is always dangerous in the face of
malformed packets. Instead using string functions allow for safe handling
of these.
Bug: 12242
Change-Id: I059c186032492aae9c90a69858ea3fc59e21313f
Reviewed-on: https://code.wireshark.org/review/14714
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I6037a02e6170d0ca8b978135f960213ed22bef97
Reviewed-on: https://code.wireshark.org/review/14710
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(The check to ensure the delayed field registration had been done was still
wrapped inside an if(tree) but a bunch of proto_add_*()'s had been pulled out
from under if(tree)'s thus causing some hf's to be used before registered.)
Also simplify the code to ensure the fields are registered since we're doing it
potentially many times per frame: do an integer comparison rather than looking
up an hf by name.
Add a note to the docs for proto_register_prefix() to make it clear that the
initializer routine may not be called before the dissector is asked to dissect
something.
Change-Id: I5dc1154638a290c3a94149184d56570c3abb836a
Reviewed-on: https://code.wireshark.org/review/14711
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Length calculations updating "remaining datagram size" for fragmented
6LoWPAN packets with NHC headers were incorrect if there was any elided
option padding.
The current header's unpadded length was subtracted from dgram_size,
when it should have been the padded length - the datagram size is
uncompressed IPv6.
This meant the final nhdr_list entry created to represent the remaining
payload would have its "reported" field too large. Most visible result
of this was that the IPv6 payload length written into the packet by
lowpan_reassemble_ipv6() was too large.
Error probably went unnoticed because the most typical 6LoWPAN options
don't need padding - the RPL option is 6 bytes, and the MPL option is 6
bytes if using 16-bit seeds, making the HbH extension header an aligned
8 bytes.
Bug: 12310
Change-Id: If94e9ca57f88c4ac41f002a689ce1da7097b5bd0
Reviewed-on: https://code.wireshark.org/review/14701
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have bin2hex() wmem_allocate the buffer, so it can be used the same way
that tvb_get_string_enc() is used.
Don't bother checking whether NIBBLE_2_ASCHEX() returns an ASCII hex
digit character or not - it returns either a value in the ASCII range of
'0' through '9' or in the range 'A' through 'F', all of which are ASCII
hex digits.
Fix get_bit() to set *length to 0 if the string we're returning is
empty.
Change-Id: Id331cfd0ab34d45892f98d228dc793a1e93d84e5
Reviewed-on: https://code.wireshark.org/review/14717
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I81a83638c2318ba0d806263dbf692cd19b30ce9b
Reviewed-on: https://code.wireshark.org/review/14707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I852aa09bff6a37ef03b5f55bdf8933ed181da2d0
Reviewed-on: https://code.wireshark.org/review/14705
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use tvb_reported_length_remaining in dissect_spoolss_uint16uni. Make
sure our offset always increments in dissect_spoolss_keybuffer.
Change-Id: I7017c9685bb2fa27161d80a03b8fca4ef630e793
Reviewed-on: https://code.wireshark.org/review/14687
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
packet-tcp.c:2155: warning: Value stored to 'relseq' during its initialization is never read
packet-tcp.c:3511: warning: Value stored to 'assignedMetaId' is never read
packet-tcp.c:3514: warning: Value stored to 'assignedMetaId' is never read
Change-Id: I68d8088fc54da5ad52361510d43b893e58bf419f
Reviewed-on: https://code.wireshark.org/review/14695
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Matthieu Coudron <matthieu.coudron@lip6.fr>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In case of a segmented SDO transfer, the transfer complete response can
contain additional data that should not be evaluated by the dissector.
Change-Id: I7016eb88b93aac8c318e703fe60a90c3adbf9eeb
Reviewed-on: https://code.wireshark.org/review/14692
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Fix mismatching emacs and vi modelines.
Change-Id: I5cab8c5b7692746a5fa731c977cef903ad19a6f6
Reviewed-on: https://code.wireshark.org/review/14688
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
As explained by Guy, we should use new_slots[i] and not new_slots[k]
Bug: 12278
Change-Id: Ifae44f9d5948bed5c4ee0442510724016e307dee
Reviewed-on: https://code.wireshark.org/review/14678
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a ConversationAction and ColorizeAction classes which respectively
handle conversation filtering and colorization.
Move conversation menu initialization to initConversationMenus and call
it once at startup. This keeps us from leaking quite a bit of memory
each time we select a packet or proto tree item.
Bug: 12044
Change-Id: I32e8cedaba08a419d5da6a7a9db31c910909f450
Reviewed-on: https://code.wireshark.org/review/14516
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
git/epan/dissectors/packet-a21.c:478:25: error: 'item' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
proto_item_append_text(item, "%s", val_to_str_const(event_id, a21_event_vals, "Unknown"));
^
Added manual change id because file-jpeg.c forced the use of commit -n
Change-Id: Iffff53d6253758c8454d9583f0a11f317c8390cb
Reviewed-on: https://code.wireshark.org/review/14666
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Bug: 12295
Change-Id: I875308a16b11023a691d34057c7f8561a15aa598
Reviewed-on: https://code.wireshark.org/review/14649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the possibility to filter on the negotiated WebSocket
protocol from the upgrade response as well as on a specific TCP port
Bug: 12298
Change-Id: I8e0b785cec0b8c71ec558b74ac07c81194268b38
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-on: https://code.wireshark.org/review/14645
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The code sets up a conversation, then proceeds getting it
and using it. It must be there, so assert that it is before
dereferencing it.
Change-Id: I5384b9b773a5f4e86f649612ee4f4929a503c523
Reviewed-on: https://code.wireshark.org/review/14641
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds options that control depth of MPTCP analysis, notably:
- if mptcp_relative_seq is enabled, can display relative MPTCP sequence
numbers
- if mapping analysis is allowed, can tell in which packets the DSS
mappings covering this data was sent
- if intersubflow checks are enabled, it can check for retransmissions
over other subflows
Change-Id: I82b934513c9f16affb60c066a1fbcca234ffc999
Reviewed-on: https://code.wireshark.org/review/12316
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d1807e631991d4115ca33d351e85c36272c209b
Reviewed-on: https://code.wireshark.org/review/14523
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The CAT025 type of ASTERIX messages is "CNS/ATM Ground System Status Report".
Change-Id: Icf39d595cef8663357a487b799bf32e738236757
Reviewed-on: https://code.wireshark.org/review/14590
Tested-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d0aae95c41f527c4a1e0327bf6c3950204458e1
Reviewed-on: https://code.wireshark.org/review/14637
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12285
Change-Id: I103dff37b34f922ac5c3071c49b7dfe55b059717
Reviewed-on: https://code.wireshark.org/review/14634
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Old code didn't decode response specific fields, so all
packets where shown as invalid.
Bug: 12294
Change-Id: Id3bca825925ef3c20da1bb98dfb50961989fd585
Reviewed-on: https://code.wireshark.org/review/14529
Reviewed-by: Michael Mann <mmann78@netscape.net>
if a packet is not successful ( after resend )
the data section has to be skipped GEV 2.0 spec [CR-203st]/[CR-204st]
Bug: 12281
Change-Id: I9465000fb3e25f1e00f419cc7ccae29bd32a56b1
Reviewed-on: https://code.wireshark.org/review/14555
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12287
Change-Id: I9aecf83ef6f166fc30c275d1e50e0268b1b59ad5
Reviewed-on: https://code.wireshark.org/review/14618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* CSCT: Signed cert timestamp (RFC6962) of leaf cert
Change-Id: I487090830ea8fa1d7597fbd7eef9e801f5e1fb65
Reviewed-on: https://code.wireshark.org/review/14626
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I32e718a8ef94b514fd2907651e2f9bd92d8119ef
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-on: https://code.wireshark.org/review/14627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Expert Infos can be a little overwhelming in large traces. This
preference will allow any user to enable the PI_NOTE declared
expert infos to be shown only when they are really necessary.
Fix a bug with SCM UDID validity detection as well
Change-Id: I2d197684157f1ea748bfbcc6fa2dfdb348722223
Reviewed-on: https://code.wireshark.org/review/14625
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: If44d33e739bc02425aea437e34ea8531b4223691
Reviewed-on: https://code.wireshark.org/review/14617
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8cfad1cdbb3843fa65931d8a22beba1b6bdf57c8
Reviewed-on: https://code.wireshark.org/review/14620
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it will end up in the source distribution tarball.
Change-Id: Ieeafd5dbaebe3930c3769bfcbce538da5d36b7d3
Reviewed-on: https://code.wireshark.org/review/14624
Reviewed-by: João Valverde <j@v6e.pt>
Add SOCKET_LIBS and NSL_LIBS to global LIBS variables on platforms
where it is required.
Make configure checks for getaddrinfo/gethostname unconditional,
that is handled with #ifdefs if necessary.
Change-Id: Ia874038454fb9cf3bdbf8e6fd829f319e331837e
Reviewed-on: https://code.wireshark.org/review/14560
Reviewed-by: João Valverde <j@v6e.pt>
Add organization extension management message TLV according to SMPTE
(Society of Motion Picture and Television Engineers) ST 2059-2 to
Precision Time Protocol (PTP).
Bug: 12264
Change-Id: I487ef2bacbccdb61c813d923830242f9526fd2cf
Reviewed-on: https://code.wireshark.org/review/14559
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If client and server have the flag set then compression starts
after the greeting,login,ok.
This comments makes it possible to decode packets which
use the compressed protocol but don't have an compressed
payload.
Ping-Bug: 10342
Change-Id: I710f655c86feb9770556d1ffa69edd728e0374c3
Reviewed-on: https://code.wireshark.org/review/14603
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This takes away much of the pain (and merge conflicts) of micro-managing every
sub-folder file.
Change-Id: I7d7bb1173511ec9312ca4a97c6a59a26b0b194f4
Reviewed-on: https://code.wireshark.org/review/14595
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This copied and stripped code has this variable which does
not change. Remove this constant variable and the conditional
statements related.
Change-Id: I0741ef0ef8b8d1cbd52fc521bc6a91ad06c8b597
Reviewed-on: https://code.wireshark.org/review/14594
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The TCP dissector failed to recognize spurious retransmissions when the last ack
exactly equaled the retransmitted packet's sequence number plus the len. This is
standard TCP behavior so this feature was broken in most cases.
Bug: 12282
Change-Id: I90196cc79e786f92fd0d7be32816aad1d69d5718
Reviewed-on: https://code.wireshark.org/review/14592
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
nothing to do with IP protocol 97 called EoIP. Instead it is a GRE encapsulation
with Ethertype 0x6400. It sets the GRE version to 1 but doesn't use a sequence
number (in violation of RFC2637). Welcome to the real world.
Change-Id: I3d916f8fc134ef14bcaf0b946a10f7170a9f6a75
Reviewed-on: https://code.wireshark.org/review/14596
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: I4b4a5e6ca0b10068075767e6eec95c97d32034a1
Reviewed-on: https://code.wireshark.org/review/14561
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The copied function retained features from its parent,
which cannot be reached. Might as well remove them and
replace with proper assert.
Change-Id: I63838d6011420d6c4473b127da52e7f304376172
Reviewed-on: https://code.wireshark.org/review/14531
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Base it on the DEC specification, not on whatever the Linux DECNET
people managed to reverse-engineer.
Change-Id: I60586f52e35f9f61e4aed93f315bfaceebe68cce
Reviewed-on: https://code.wireshark.org/review/14579
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add pkg-config 0.29.1 macros to our distribution. This makes the
aclocal-flags script obsolete, since we are already not using GLib
autoconf macros.
ACLOCAL_AMFLAGS need only be defined on the top-level Makefile.am.
Change-Id: Idd868dcfeb8f279517970d0f96d9d53e3a7e4d5c
Reviewed-on: https://code.wireshark.org/review/14568
Reviewed-by: João Valverde <j@v6e.pt>
They use proto_tree_add_uint_format() function to build an interpreted value, so they should not apply the byte bitmask
Change-Id: I29f70f567d41a8a44a34f3f0bc477fbc04b11b29
Reviewed-on: https://code.wireshark.org/review/14553
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Fixup for 7a1d3f67ac.
Change-Id: Idb8d68a3cc114545f24738cead4968804d831346
Reviewed-on: https://code.wireshark.org/review/14548
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I901ebc2128c92ef758b6b400cc8d86488a2115cb
Reviewed-on: https://code.wireshark.org/review/14537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A regression was introduced at f4580ac9ed where an additional
hash table was introduced to store TLS Session Tickets separately
from Session IDs. However, the New Session Ticket dissector was
still storing the the Session Ticket in the ID table, causing lookups
to fail.
Change-Id: Iff49202f50afb8cb6ef62c774f6155682b8e48a6
Reviewed-on: https://code.wireshark.org/review/14499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As well as in the rest of network protocols, in RTPS we have senders
and receivers of data. The atomic unit is not the host address (IP)
or the host address and port (UDP) but the guidPrefix. The guidPrefix
represents a single DomainParticipant, that very likely will be an
application. I have added filters to be able to differentiate from
source of information and destination of information. Before, the
only filter available was rtps.guidPrefix
Change-Id: I810d8b043796119c6e381bdbcb6061e0525ea272
Reviewed-on: https://code.wireshark.org/review/14466
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The PKTC dissector calls the Kerberos dissector assuming certain application values. Because different application values can have different "private" data, corruption can occur.
Ensure the Kerberos application values match the preceding comments by checking the ber identifier before calling the Kerberos dissector.
Bug: 12206
Change-Id: I9b04837f93a56681cae3816278315cf01da17544
Reviewed-on: https://code.wireshark.org/review/14520
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf36ebd7ceb3f87ceb6a68774f5b2810f8cf7b58
Reviewed-on: https://code.wireshark.org/review/14527
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Removing setting up and decoding for a header field which
never can be used anyway.
Change-Id: Ieed7810dd654df944a5bd16a7b84d3367bf9fa14
Reviewed-on: https://code.wireshark.org/review/14524
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Saves some false positives for protocols using port 674.
Bug: 12265
Change-Id: I7cb8aa9318639db0822b05b8c5b6f6563d8d4afc
Reviewed-on: https://code.wireshark.org/review/14521
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the two bytes are sent LSB first
all fields are defined relative to the entire 16bit value
Change-Id: Iaea2b98fcb1f57224fbbd1c4c58473a7f810055d
Reviewed-on: https://code.wireshark.org/review/14513
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
A vlans file in the personal preference directory add an option to resolve
VLAN IDs to a describing name.
Format of vlan file is
123\tName of VLAN
To enable the resolving the preference nameres.vlan_name must be set
to TRUE.
Bug: 11209
Change-Id: I3f00b4897aace89c03c57b68b6c4b6c8b7d4685a
Reviewed-on: https://code.wireshark.org/review/14471
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I45b48c1e89ff68b1d990cd7cff9dd180cf4a1f7f
Reviewed-on: https://code.wireshark.org/review/14505
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Catch errors like bug 12205 with an assertion.
Change-Id: I17381c92dfb22912e53eb20f6436adfa15d67e71
Reviewed-on: https://code.wireshark.org/review/14251
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of most tests of tree, so we always step through the packet.
Change-Id: I0b54aecd7e871d9d48fc03f387131f0f6034b42f
Reviewed-on: https://code.wireshark.org/review/14496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't conditiionalize stuff that should always be done with a test of
whether the protocol tree is being constructed or not.
Don't add an extra bogus address field to CF-End frames.
Bug: 12266
Change-Id: I0840d63480f9d7d8ffa434d984082a4a46a00d12
Reviewed-on: https://code.wireshark.org/review/14493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove a couple useless if(tree)'s while in there.
Change-Id: Ie8de360f4590806eab0a4704b410341918251586
Reviewed-on: https://code.wireshark.org/review/14488
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Always look and set the uinteger64 member of the union for FT_BOOLEAN
values.
Bug: 12236
Change-Id: I7b0166e564b9d6cbb80051a81714a4b4c5f740a2
Reviewed-on: https://code.wireshark.org/review/14481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In case no descriptors are in the trace, payload packets can
only be identified, if a clearly identified STREAM or CONTROL packet sets
class/subclass of the conversation
Change-Id: I30be30df908ede468fadf56fdef20f9869ce6b56
Reviewed-on: https://code.wireshark.org/review/14467
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That seems to be where we're telling it to send its logs.
Change-Id: Ic15370bc1af858b82f0964fcc35189039061ccb7
Reviewed-on: https://code.wireshark.org/review/14476
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Split two media type strings with the properly placed comma.
Change-Id: Ia6026879b63b9f51c3f2e61d8709f43716f0c6e2
Reviewed-on: https://code.wireshark.org/review/14472
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the "Display enhanced Info column data" preference is set, ensure that:
1. For non-MSP packets, path information (class/symbol) is displayed in the Info column for Forward Open, Forward Close, regular Message Router Request/Response messages
2. For MSP packets, don't display the class/symbol in the Info column (it's too wordy)
This now relies on an extra boolean passed to dissect_cip_data() to handle #2 above. Previously, this relied on checking a proto_item* for NULL, which is not correct.
Change-Id: I7532660bcb23bd664c1f5532256755922c4937d1
Reviewed-on: https://code.wireshark.org/review/14458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: Ice90bf9b14b440fdfe59d1639fc0674e326a9923
Reviewed-on: https://code.wireshark.org/review/14461
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: I1425046d6feaded7af94f4a852d8f0984bd0b736
Reviewed-on: https://code.wireshark.org/review/14460
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A dissector must never assume that it will, or won't, be called with a
protocol tree; it's up to the Wireshark/TShark/etc. core to decide
whether to do it, and it can change its behavior over time or even
change it from release to release.
Have dissect_epath() take an argument that explicitly indicates whether
to add the CIP class to the Info column, rather than assuming that you
do so only if the tree pointer passed to it is null.
Bug: 12257
Change-Id: Ide8a6fc21252880f849a8d0aa4659a675bb3ae04
Reviewed-on: https://code.wireshark.org/review/14456
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rather than storing RADIUS calls in a map keyed by the ident and conversation
store a tree of calls (using the the same key). Store each (non-duplicate)
call (request) in the tree, keyed by frame number. When looking for a match
(or a duplicate) look for the most-recently-seen frame in the tree (i.e., the
most recent frame with the same ident + conversation). Only declare a request
a duplicate if the authenticator is identical (as per RFC 5080 section 2.2.2).
Only store things in the map/tree on the first pass.
Remove the 'request_ttl' preference: it's better to show the user when the
response came back even if it was "late." (This also allows duplicate request
detection inside of the TTL.)
When telling the user about a duplicate don't tell them the ident again: they
already know that. Tell them the frame number of the original.
Use the FT_FRAMENUM_REQUEST/FT_FRAMENUM_RESPONSE hints.
Move a couple structures from the header file to the C file: they're only used
in the RADIUS dissector anyway.
Bug: 4096
Change-Id: I0e8bc0d23cd6b219cecd82f5c4cd765d28a14d98
Reviewed-on: https://code.wireshark.org/review/14451
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This includes not making assumptions about the order in which a GHashTable or
wmem_map implementation provides the keys to the GEqualFunc function
(apparently the former's order is different than the latter).
Change-Id: Ifbcb0f4f2c38b2ce6e44bf66c7246575af6299fa
Reviewed-on: https://code.wireshark.org/review/14448
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add missing newline or remove extra newlines at the end of the file.
Trim trailing whitespace.
Change-Id: I73b7a4e20969bc13f72bf97e981fd5de89d8bb17
Reviewed-on: https://code.wireshark.org/review/14400
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The reason the notice in the INFO column disappeared when a display filter was
added is because the column operation was wrapped in an if(tree).
Change-Id: Ic8ff929d7ef601458b8650f8095f87282f9fde40
Reviewed-on: https://code.wireshark.org/review/14449
Reviewed-by: Michael Mann <mmann78@netscape.net>
Initial import of source code for the dissector of the ISO 8583-1
'financial transaction card originated messages - Interchange
message specification' standard.
Bug: 12244
Change-Id: I24804cab4a93131ec9afa307844ad62eb2e01089
Reviewed-on: https://code.wireshark.org/review/14311
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A Proto may be only be registered with a heuristic dissector once,
because we check this in heur_dissector_add().
Change-Id: I524fa832b647d557f13aedcb870f7789058d2180
Reviewed-on: https://code.wireshark.org/review/14436
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
'scsi.blockdescs.no_of_blocks' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'scsi.naa.vendor_specific' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT32
Change-Id: Iaa512c02b99f0a103bb5015e92d900dae2932843
Reviewed-on: https://code.wireshark.org/review/14418
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'tds.done.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneinproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.envchange.newvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
'tds.envchange.oldvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
Change-Id: I87d713aaa722d7ab9e8d19955f3820e9040446c1
Reviewed-on: https://code.wireshark.org/review/14415
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's confusing to have 'pdus_tree' mean both the map of pdu_trees and the pdu
trees themselves.
Change-Id: Ie875798eb140b60a1309ddc0c0bf885b48c0407c
Reviewed-on: https://code.wireshark.org/review/14413
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Make full use of our proper implementation of this macro by
giving it the pointer as is.
Change-Id: I0bbe73d19cc3f578b94ea2d4d904d6fa87b20b48
Reviewed-on: https://code.wireshark.org/review/14391
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove "Object" from CIP class names. It was already removed from some of the objects, the string "Object" is implied for all objects, and it helps reduce wordiness in the Info column.
2. Don't display Class/Symbol name in the Info column when it's inside a MSP.
3. Enable enhanced Info column by default now that some of the additional wordiness was removed by the above points.
4. Put single quotes around the symbol name in the Info column. This makes it more obvious that something is a symbol instead of an actual class name from the spec, and would prevent ambiguity if the symbol name was something like "Identity".
5. Print the CIP service for both requests/responses in CIP Safety processing. This was already added to normal CIP.
6. Display Class/Symbol and service on the Service Packet in the MSP tree. This makes it easier to find without expanding every MSP item.
Change-Id: I7197dd4bf3dad6d7bdba247d3d7ab76cca52c785
Reviewed-on: https://code.wireshark.org/review/14325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now GATT dissectors need to have opcode to properly dissect attribute
or return expert info if possible (wrong usage).
Change-Id: Ife79bbf0682967a8bef8efadd8b242aa147315a7
Reviewed-on: https://code.wireshark.org/review/14314
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Bluetooth Specifications specify properties of every characteristics
(read, write, indicate, notify, write without response, signed write etc.)
Check it and add expert info about invalid usage if detected use of wrong
opcode with the characteristic.
Change-Id: I98ad8280b9ee65b4015a021e732ea748cc9e7a83
Reviewed-on: https://code.wireshark.org/review/14313
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
When additional path index are in use there must be more remaining data bytes.
Therefore we return only 1 when the len is greater 1.
Bug has been reported by Garri.
Bug: 12240
Change-Id: Ia24311dcedc450e4208df875bc254c9744dec5dd
Reviewed-on: https://code.wireshark.org/review/14396
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol spec states that unused bits in the last byte in a
7bit string shall be null.
Change-Id: I6fa2e0af6462c87279c19e23a98bf624e46bc9c1
Reviewed-on: https://code.wireshark.org/review/14387
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Set ENABLE_CHECK_FILTER to 1 for get list of display filter with conflict...
Ping-Bug:2402
Change-Id: I8d56b1573120d1a29d437aae1088be242e15e9a3
Reviewed-on: https://code.wireshark.org/review/13644
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Handling of PAN IDs in 802.15.4 has changed dramatically in
802.15.4-2015, particularly with respect to the new Frame Version
2 (0b10) frames. This update streamlines the logic in an attempt
to follow the spec as closely as possible. In doing so it fixes
some logical errors in the previous version
Change-Id: I1a2f112bbcdeb24a605167578201494823485c47
Reviewed-on: https://code.wireshark.org/review/14167
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix mapi/nspi/rfc dissector
Don't forget when regenerate to go on mapi/nspi/rfc and use make for regenerate
Change-Id: I74b98bf84e7786f51d4f693379186b289913ca1b
Reviewed-on: https://code.wireshark.org/review/11476
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In URB setup, wInterface is always displayed disregarding the actual
bmRequestType. Show instead: wInterface if recipient is an interface,
WEndpoint if recipient is an endpoint and wIndex when recipient is device
or other.
Change-Id: I6883dc22d80267276f9d171f39695e86e93aae83
Reviewed-on: https://code.wireshark.org/review/14283
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To quote Icf0831717de10fc615971fa1cf75af2f1ea2d03d:
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Ic829541c696e0ddbc45cc109009319859c799066
Reviewed-on: https://code.wireshark.org/review/14340
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
the version indicates IPv6.
This handles a case of Linux cooked capture with ethertype set as IPv4 for
IPv6 packets.
Change-Id: Ie79f1a631980a224a7b51963f9174e75ffb69a47
Reviewed-on: https://code.wireshark.org/review/14321
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Count vendor commands once
2. Fill Event column in case of Command Status/Command Complete
types while displaying command
3. Add missing Status from Connect Complete event
4. Add missing Command Complete events opcodes
Change-Id: Ie5a0e373f92f62fcb890cef7ab54762df3bb8a35
Reviewed-on: https://code.wireshark.org/review/14315
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Due to RFC5444 <msg-size> is a 16-bit unsigned integer field.
Bug was reported by Matthias Tafelmeier
Bug: 12227
Change-Id: I6d041015b386be7a8e02a87d0fe29e2670b1ab6e
Reviewed-on: https://code.wireshark.org/review/14320
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Before, the parameter ids were handled incorrectly. A vendor specific
parameter definition was used for all the vendors. This is wrong for
ids starting at 0x8000. This commits aims to fix that problem and
make easier the addition of new parameters or vendors.
Change-Id: I0d40aa8cbfa44d5bb2928075001fe39e6f14abc2
Reviewed-on: https://code.wireshark.org/review/14007
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix Typo and change session id to decimal.
Fix ENC_NA
Change-Id: I72bded27ee79a1f5b91202767ac750c82ac029d3
Reviewed-on: https://code.wireshark.org/review/14304
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use pkg-config if a zlib.pc file is available.
Remove the now redundant AC_TRY_LINK_FUNC test (there are no linker flags
for GTK+ here).
Change-Id: I7de744749eba7231ae0097b975144b76ffcf1bdb
Reviewed-on: https://code.wireshark.org/review/14263
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Presumably the intent is to have the two dissectors share the tables in
question; if so, it's best done by defining the tables in one and only
one C file and declaring it in a header file included by both C files -
that 1) ensures the declaration and definition stay in sync and 2) keeps
the OS X build from failing.
Change-Id: Id2e7e5b7270c7109ffb091b2e16a631b83dde212
Reviewed-on: https://code.wireshark.org/review/14309
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Issue reported by Ted Wards
Bug:12223
Change-Id: I38adba8ee3d48788afce20d969d708c7635c8703
Reviewed-on: https://code.wireshark.org/review/14302
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Dávid Major
Change-Id: I4dfd6f853205386bc6dbb15357b2b9e5d5b8ea0e
Reviewed-on: https://code.wireshark.org/review/14297
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This commit adds additional AVPs from RFC 5515 to L2TP.
Bug: 12208
Change-Id: I389342d05375a41ae834197978e9babab9b7b674
Reviewed-on: https://code.wireshark.org/review/14290
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Get rid of unnecessary assignment while we're at it.
Change-Id: I46dd0b3d64d7e38553ea243b79f71a58cda68653
Reviewed-on: https://code.wireshark.org/review/14299
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, do more formatting consistency cleanups, and show the
I format bit in hex as we do with the format bits in other formats.
Change-Id: I53842e948311aa0b332a60a413904901428b13f1
Reviewed-on: https://code.wireshark.org/review/14298
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give all ett_ variables ett_llcgprs_ names.
Make function formatting a bit more consistent.
Show the format bits in hex for all formats.
Change-Id: I7e7127a22384688b973a683c93eff442a88fb3b5
Reviewed-on: https://code.wireshark.org/review/14295
Reviewed-by: Guy Harris <guy@alum.mit.edu>
First dissect the address field, then dissect the control field, then
dissect the FCS if present, then dissect the info field.
That makes the dissection more like the dissection of other protocols
with an FCS at the end, and means that we don't throw an exception too
early.
Remove the "MLT CHANGES" comments - if somebody cares who did what, they
can browse the commit history; it's not as if the version prior to those
changes was somehow the "pure" version and that we need to keep the
changes carefully demarcated.
Get rid of no-longer-necessary variable.
Change-Id: I249440971e64ecbb0959ebbea1b2897a2e12375a
Reviewed-on: https://code.wireshark.org/review/14293
Reviewed-by: Guy Harris <guy@alum.mit.edu>
rpc_call cannot be NULL at this point, so don't check for it,
especially not incorrectly.
Change-Id: I90fcb064ce479d71edf3b4cb0ebea9a5ab623119
Reviewed-on: https://code.wireshark.org/review/14268
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't fall through and re-dissect the control byte of an S frame as if
it were a UI frame.
Change-Id: I17cf12f920bf066f87f70be5efe78dc531beb3f9
Reviewed-on: https://code.wireshark.org/review/14284
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Leave the job of computing the captured length up to the tvbuff code.
Change-Id: If88e813ba7dee3516baf958b9fead26374d915ad
Reviewed-on: https://code.wireshark.org/review/14276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"llc_data_length" is what's left of "length" after the CRC is removed;
'llc_data_captured_length" is what's left of "captured_length" after the
CRC is removed.
Change-Id: I9371a5d3004632d684093b2650fa0bf8fc1f9bde
Reviewed-on: https://code.wireshark.org/review/14275
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before, the function get_rtitcp_pdu_len didn't take into account
the case where the CRC is sent (header_length is increased by 8).
This has been fixed.
Change-Id: I3eb22ec2aadc7406ccdcfcc8a5beaa98b48ed143
Reviewed-on: https://code.wireshark.org/review/14265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Smaller epan/CMakeLists.txt is easier to work with and this structure
is well suited to CMake. It should make it easier to manage and configure
each epan module differently if necessary.
Change-Id: Ia649db3b7dcd405aa43dbdba3288699d5e375229
Reviewed-on: https://code.wireshark.org/review/14068
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Since the MDS trailer is smaller anyway, no need to copy that code.
Change-Id: Ie3931cda3ef2386526cd81daee535d106e522875
Reviewed-on: https://code.wireshark.org/review/14253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Minimal support has been added for the MLME Payload IE and the Enhanced Beacon
Filter Sub-IE. Dissection of Payload IEs and Sub-IEs is supported making it
easy to add dissection for specific applications once this is known.
Change-Id: I3a4f237e17413ec3e7bbfd32ded0625fc97da11b
Reviewed-on: https://code.wireshark.org/review/13999
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Lightweight M2M is a protocol on top of CoAP that is used for
device management. The specification contains a custom payload
format - a simple type, length, value binary encoding.
This patch adds support for dissecting this payload format.
While not yet officially registered, the main open source
implementation of the lwm2m protocol - eclipse's leshan - uses this
content type 1542 for its messages.
Bug: 12110
Change-Id: Ib022d1f485c706f1d69ceec7200790448d080965
Reviewed-on: https://code.wireshark.org/review/13835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
mapi&nspi dissectors skipped on purpose since they the output is
malformed. This was already the case before the samba sync.
Change-Id: Ib3b78459e3506c755aaa219433ac6b5865482f01
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/13968
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If we aren't changing the resolved name, it's not new.
This prevents us from perpetually "resolving" the address. If we have
ARP packets that cause us to map a MAC address to a host name, based on
the ARP packet saying the MAC address corresponds to a given resolved IP
address, then each time we dissect the packet, the address will be
"resolved" - and each time we have new resolved addresses as a result of
that, we'll redissect the displayed packets so that they show the
resolved address, and we'll forever be redissecting.
Change-Id: I445e92f407d52a4ed5986721ffcc472f86e99431
Reviewed-on: https://code.wireshark.org/review/14236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Section 6.2.67 in IEEE 1278.1-2012 defines PDU Status bit field in
the PDU Header. The bit meaning varies with the PDU type. This
change provides full parsing and presentation for all fields and
PDU types.
Bug: 12043
Change-Id: I8f4ef6606ff59a1ef0ed97630c4832b2b6a4dff7
Reviewed-on: https://code.wireshark.org/review/14232
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
don't access the class-specific conversation structure before we know
that the packet is a U3V packet
the USB dissector should fill interfaceClass and interfaceSubclass with
correct values - if it doesn't that's another bug to be fixed
Bug:12194
Change-Id: Ic9e73e7cb05c8887fee794e4735936caad1b7f49
Reviewed-on: https://code.wireshark.org/review/14224
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added tcp.analysis.push_bytes_sent to see how many bytes sent since the last PSH flag. Can be useful when analyzing application behavior and performance and bytes_in_flight gets altered by ACKs
Change-Id: I8c6348de43cdb1545169d3a04773885d2411eb00
Reviewed-on: https://code.wireshark.org/review/9822
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
in wslua_init(), our lua instance L is set to NULL if
disable_lua is true in init.lua
make sure that we leave wslua_init() in this case
if we don't, we crash in lua_pop(L,1); with L==NULL
Program received signal SIGSEGV, Segmentation fault.
0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0
(gdb) bt
#0 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0
#1 0x00007ffff4fb50e4 in wslua_init (cb=cb@entry=0x516f40 <splash_update(register_action_e, char const*, void*)>,
client_data=client_data@entry=0x0) at init_wslua.c:900
[...]
Bug:12196
Change-Id: Ic338c4edcb897c0eaa9b6755bbb6c9991ec6ed02
Reviewed-on: https://code.wireshark.org/review/14228
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
... and the copy of it that I just made :-(
bInterfaceProtocol should be bInterfaceSubClass
Change-Id: Ic25f28cad7305986cb79ddea5110b1e739e57101
Reviewed-on: https://code.wireshark.org/review/14223
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
check for the minimum lenght before dereferencing data
add a NULL check for usb_conv_info
Change-Id: I91014d5929f57cc9eed2bfc7adef9f89541ece45
Reviewed-on: https://code.wireshark.org/review/14221
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I68b7fa0b5d7fae86289807d7ef01a2141dcb8ff6
Reviewed-on: https://code.wireshark.org/review/14059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug:12165
Change-Id: I341d4387227a41af826a2867b48a53eff7e1e62a
Reviewed-on: https://code.wireshark.org/review/14200
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie6c6f71e413463f93924c1a47b908a1c97d94407
Reviewed-on: https://code.wireshark.org/review/14209
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I493491f4e93556ccff95abe69cc2ecce1f9f28b2
Reviewed-on: https://code.wireshark.org/review/14207
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If you apply tcp.flags.str as a column you end up with a Wall Of
Asterisks. Use Unicode MIDDLE DOT as a placeholder instead.
Change-Id: I3e2bebd2a951cc516399e965ace6bf87501adc9e
Reviewed-on: https://code.wireshark.org/review/13855
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12180
Change-Id: If089ad49a27de2a681490ef75aaa9a7b7e5ad922
Reviewed-on: https://code.wireshark.org/review/14184
Reviewed-by: Michael Mann <mmann78@netscape.net>
Try to improve address API and also fix some constness warnings
by not overloading the 'data' pointer to store malloc'ed buffers
(use private pointer for that instead).
Second try, now passing test suite.
Change-Id: Idc101cd866b6d4f13500c9d59da5c7a38847fb7f
Reviewed-on: https://code.wireshark.org/review/13946
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
When the HTTP request is transmitted to a Proxy the URI is already
a "full URI".
Bug was reported by Thomas Baudelet.
Bug: 12176
Change-Id: I83f6bdef6fa96233792c6bbe54caad38df0f5fb6
Reviewed-on: https://code.wireshark.org/review/14142
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Always decode Call ID (and payload length) when Version is Enhanced GRE (and no ACK flag)
Issue reported by Duncan Salerno
Bug:12149
Change-Id: I2f61dd6851e26cc93174f96e05c0055fc45be4e2
Reviewed-on: https://code.wireshark.org/review/14088
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(qsort() is your friend.)
Change-Id: I71ab5fea0c8c0f548d737f5d5d1b7523b8a668ea
Reviewed-on: https://code.wireshark.org/review/14137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-flexray.c: In function ‘dissect_flexray’:
packet-flexray.c:245:6: error: ‘flexray_frame_tree’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
expert_add_info(pinfo, flexray_frame_tree, &ei_flexray_frame_payload);
^
cc1: all warnings being treated as errors
Change-Id: Iadcae49e7d958823ae7066906892f6c1ae85169b
Reviewed-on: https://code.wireshark.org/review/14124
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for the USB3 Vision machine vision camera protocol.
* Descriptors
* Bootstrap registers
* Control (GenCP)
* Stream data
A sample capture (usb_u3v_sample.pcapng) has been uploaded to
https://wiki.wireshark.org/SampleCapture
USB3 Vision a standard developed under the sponsorship
of the AIA for the benefit of the machine vision industry.
U3V stands for USB3 Vision (TM) Protocol
Change-Id: If1206df7974c6a91cf18f59ddecf9d38b9827934
Reviewed-on: https://code.wireshark.org/review/14008
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Expert info for cip_short_string,cip_string
2. Combine dissect_cip_multiple_service_packet_req/dissect_cip_multiple_service_packet_rsp. The formats are the same, and this ensures that all expert info checks are applied to both.
3. Remove some copy-paste in dissect_cip_generic_data
Change-Id: I433990bf4389bee78d414cab8547bd2bb39498c7
Reviewed-on: https://code.wireshark.org/review/14105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change fixes a leak in packet-diameter that loads a dictionary
but doesn't free all the data. Found by valgrind.
==30481== 36,656 (960 direct, 35,696 indirect) bytes in 24 blocks are definitely lost in loss record 3,417 of 3,421
==30481== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30481== by 0xA7FE610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA81422D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA7CDC44: g_array_sized_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0x6863743: dictionary_load (packet-diameter.c:1980)
==30481== by 0x6863743: proto_register_diameter (packet-diameter.c:2344)
==30481== by 0x71C4BA4: register_all_protocols (register.c:323)
==30481== by 0x65EEFA7: proto_init (proto.c:521)
==30481== by 0x65CD621: epan_init (epan.c:126)
==30481== by 0x115330: main (tshark.c:1220)
Change-Id: I3c0d19e1accab415355aa0f50c598f0c83356985
Reviewed-on: https://code.wireshark.org/review/13821
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:10501
Change-Id: I8d77c41537f1bfed9b5fbc585119496ec73c06eb
Reviewed-on: https://code.wireshark.org/review/14123
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: I661cadd8beea9585885e48c03a8b52561d1df778
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14113
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fixes regression introduced by f5340b2
g_hash_table_remove will call free on object, thus there is no need for explicit g_free,
as is causes a double-free:
*** Error in `/usr/sbin/wireshark-gtk': double free or corruption (fasttop): 0x0000555556e6bf50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77da5)[0x7fffef80ada5]
/lib64/libc.so.6(+0x804fa)[0x7fffef8134fa]
/lib64/libc.so.6(cfree+0x4c)[0x7fffef816cac]
/lib64/libglib-2.0.so.0(g_free+0xe)[0x7ffff09665ee]
/lib64/libglib-2.0.so.0(+0x388ba)[0x7ffff094f8ba]
/lib64/libwireshark.so.6(+0x1cfb46b)[0x7ffff49d646b]
/lib64/libwireshark.so.6(+0x1d03d99)[0x7ffff49ded99]
/lib64/libwireshark.so.6(+0x173b11f)[0x7ffff441611f]
/lib64/libwireshark.so.6(+0x173bba5)[0x7ffff4416ba5]
/lib64/libwireshark.so.6(call_dissector_with_data+0x26)[0x7ffff4419ad6]
.....
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: Ide47d1f9deb3e1b0d8adefd31fc6f3bf5cbaa010
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Documentation changes only (comments and docbook).
Update WSDG with the fragment_add_seq_check API that was introduced in
Wireshark 1.10.
Fix typos and clarify the many functions we have for adding reassembling
fragments.
Change-Id: I38715a8f58e9cf1fe3e34ee4b1a4ae339630282b
Reviewed-on: https://code.wireshark.org/review/14066
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'rsip.parameter.address' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sap.originating_source' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sflow_245.nexthop' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Idabe9adafac2e11f2e90a494e5fac1a341edca33
Reviewed-on: https://code.wireshark.org/review/14091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We just dissect it as raw bytes for now; ultimately, we need to process
it the same way we process data for other forms of USB capture.
This also catches the case where the frame length is bogusly large
(including so large that rounding it up to a multiple of 4 overflows).
Bug: 12153
Change-Id: I537974d548fdcda917d9fce8189eb2134bc17bb9
Reviewed-on: https://code.wireshark.org/review/14103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BGP-LS is just a collector of IGP link state information. Some
fields are encoded "as-is" from the IGP, hence in order to dissect
them properly we must be aware of their origin, e.g. IS-IS or OSPF.
So, *before* dissecting LINK_STATE attributes we must get the
'Protocol-ID' field that is present in the MP_[UN]REACH_NLRI
attribute. The tricky thing is that there is no strict order for path
attributes on the wire, hence we have to keep track of 1) the
'Protocol-ID' from the MP_[UN]REACH_NLRI and 2) the offset/len of
the LINK_STATE attribute. We store them in per-packet proto_data and
once we got both we are ready for the LINK_STATE attribute dissection.
Change-Id: Ibe2b7f5c9039ad63a72f3f9fb8a9c33c0be44ed0
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13970
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This change makes wmem_array more similar to GArray by adding
two functions that mimic the first two params of g_array_new().
Change-Id: Iaec999cd2e44f79f44d766be5d39741b73602e5a
Reviewed-on: https://code.wireshark.org/review/13989
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Cache decoded header fields in order to conserve memory.
If we try to decompress more than 256 KB or find 200 or more headers
stop decompressing and add an expert item. Note that we might want to
make the maximum values configurable via preferences.
Bug:12077
Change-Id: Idf7cb1046c96cf87e1b53af6c56e19b4abad1dfb
Reviewed-on: https://code.wireshark.org/review/13746
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fixed several decoded fields that were poorly described in the original documentation
Change-Id: I688c5fd7e011d0dd49fb201ca294348d177bb4fa
Reviewed-on: https://code.wireshark.org/review/14067
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
'ieee17221.clock_source_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'ieee17221.stream_format' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'afp.unknown' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
'afp.toc_offset' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'bootp.client_id.iaid' exists multiple times with NOT compatible types: FT_UINT32 and FT_STRING
'bthfp.chld.mode' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'canopen.pdo.data' exists multiple times with NOT compatible types: FT_STRINGZ and FT_BYTES
'canopen.sdo.data' exists multiple times with NOT compatible types: FT_UINT32 and FT_BYTES
'ceph.msg.' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'ceph.version' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'cip.linkaddress' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'dnp3.al.ana' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dnp3.al.anaout' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dtls.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'ssl.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'dvb-s2_gse.label' exists multiple times with NOT compatible types: FT_UINT24 and FT_ETHER
'fcdns.rply.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'fcdns.req.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'icmp.int_info.name' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'mausb.clear_transfers.status' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mikey.v' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mswsp.rangeboundry.ultype' exists multiple times with NOT compatible types: FT_STRING and FT_UINT32
'mswsp.arrayvector.address64' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_offset' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_len' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'pflog.saddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.daddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.saddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pflog.daddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pgm.spm.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.src' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.grp' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.poll.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.redirect.dlr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Iaf694699d108a12db172da8dd9fbab211adb329d
Reviewed-on: https://code.wireshark.org/review/14070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'cigi.entity_control' exists multiple times with NOT compatible types: FT_FLOAT and FT_STRINGZ
'cigi.entity_control' exists multiple times with NOT compatible types: FT_STRINGZ and FT_FLOAT
'cigi.art_part_control.yaw_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.rate_control.part_id' exists multiple times with NOT compatible types: FT_UINT8 and FT_INT8
'cigi.view_control.yoff_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.zoff_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.roll_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.pitch_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.yaw_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.short_symbol_control.value1' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT32
'cigi.short_symbol_control.value2' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT32
Also replace some homemade true_false_string with some from tfs.h
Change-Id: Ied8dfb320abb6f3218304fd06c5481167f1169ec
Reviewed-on: https://code.wireshark.org/review/14069
Reviewed-by: Michael Mann <mmann78@netscape.net>
'bitcoin.addr.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.inv.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getdata.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.notfound.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getblocks.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getheaders.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.input_count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.in.script_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.output_count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.out.script_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.block.num_transactions' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.headers.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.merkleblock.flags.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.merkleblock.hashes.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.string.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.data.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'dcerpc.referent_id' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'dmp.body.id' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'edonkey.start_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'edonkey.end_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.entry' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.phoff' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.shoff' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_vaddr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_paddr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_filesz' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_memsz' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_align' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_addr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_addralign' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_entsize' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.symbol_table.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.symbol_table.size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.tag' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.pointer' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.ignored' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.unspecified' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'h248.contextId' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'hcrt.data32' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'wlan_mgt.fixed.psmp.stainfo.reserved' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'isakmp.tf.attr.life_duration' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'isakmp.ike.attr.life_duration' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'jxta.message.element.content.length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'rmt-lct.tsi' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'rmt-lct.toi' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'smb.alloc_size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'trmac.response_code' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
Change-Id: I903933e6448bac3d3374eef1a6a0bc4771c1a9f4
Reviewed-on: https://code.wireshark.org/review/14060
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie719e2f14c6eaf536035ab30dcb40e91c431c6e4
Reviewed-on: https://code.wireshark.org/review/14061
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If630e03f82add403cb978969a8ebbb6f0bbcbad0
Reviewed-on: https://code.wireshark.org/review/14064
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
when there's a decompression failure, we already flag up an expert info and exit
we can just delete the exception
in dissect_udvm_reference_operand_memory(), we return 0 on error and
let the caller do a check
Change-Id: I2cd301896794260457f57209e5efc0939b27b339
Reviewed-on: https://code.wireshark.org/review/14063
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Not all paths will access the tvb to have it throw a bounds error for large loop values.
Bug: 12151
Change-Id: I74a6d0d8ddece0f95027493a7d408cc54d94d25a
Reviewed-on: https://code.wireshark.org/review/14051
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Nobody looks it up, so just register it in the wtap_encap table, as we
do with the 64-byte-header Linux USB dissector, the USBPCAP dissector,
and the FreeBSD USB dissector.
Change-Id: I5da098d799a63449f17a26924b3ba2de36536896
Reviewed-on: https://code.wireshark.org/review/14046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Prevents a buffer overrun (read). Show expert info such that it can be
detected (in case the value is non-reserved in the future).
Bug: 11818
Change-Id: I6cd2f4c9deb5cb515a53743aa83193521b2331e8
Reviewed-on: https://code.wireshark.org/review/14040
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It is a typo on display field and fix also wrong comment...
Change-Id: Idb93641d6e4197b59e453e4ad629af4c0454c8d3
Reviewed-on: https://code.wireshark.org/review/14038
Reviewed-by: Michael Mann <mmann78@netscape.net>
checkhf don't like macro and for avoid warning/error, remove macro for declare hf
Change-Id: I5521b3176027ddc673e8f6c793ab4eb0d01cd8fd
Reviewed-on: https://code.wireshark.org/review/14018
Reviewed-by: Michael Mann <mmann78@netscape.net>
'mih.tlv_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'mih.mihf_id' exists multiple times with NOT compatible types: FT_ETHER and FT_STRING
'mih.mihf_id' exists multiple times with NOT compatible types: FT_IPv4 and FT_ETHER
'mih.mihf_id' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Ib4be551920c7389100ece668e1af288a7d712725
Reviewed-on: https://code.wireshark.org/review/14027
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When a set is empty, only a terminator (ber_sequence_t with NULL func)
is present. In that case, do not try to find more values as that will
never succeed.
Bug: 12106
Change-Id: I26cd4ba84a9580e92d5921592a27c2af17c0bebf
Reviewed-on: https://code.wireshark.org/review/14028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not read outside boundaries when tag is exactly 0xff.
tag = tvb_get_guint8(tvb, offset);
tdef = find_tlv_tag(tag);
...
return &nm_att_tlvdef_base.def[tag];
Bug: 11825
Change-Id: I42e624185abb2166aa0f8d0dbd71a2a86fc0b18e
Reviewed-on: https://code.wireshark.org/review/14030
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for dissecting the optional 4-byte expiry field in
sub-document API request packets. This is permitted for any
single-path mutation request; increasing the length of the extras
section from 3 to 7 bytes.
Change-Id: I0609dbc6f6a8e62028cd20a28609fc3016e44910
Reviewed-on: https://code.wireshark.org/review/14004
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixes a buffer overrun in dissct_rsl_ipaccess_msg when the tag is
exactly 0xff:
tag = tvb_get_guint8(tvb, offset);
tdef = &rsl_att_tlvdef.def[tag];
Bug: 11829
Change-Id: I25a3c6948242a52f59431ce84c108b2e52008930
Reviewed-on: https://code.wireshark.org/review/14011
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
packet-per.c:959:6: warning: Access to field 'aligned' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1606:29: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1612:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3156:41: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3182:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
Change-Id: Ibae00dc29a869701fe903a5b0c9944279aaa3df7
Reviewed-on: https://code.wireshark.org/review/13936
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
DLM3 minor version 1, introduced in mainline kernel commit 757a4271 from
October 2011, added some fields and a Need Slots flag to Recovery
Command Status packets.
Change-Id: Ib994223afeae6b8d6ddb75404ab2031c5a63185b
Reviewed-on: https://code.wireshark.org/review/13983
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It works the same regardless of what flavor of USB metadata there is,
and there's no good reason for any Bluetooth code to know, or care,
about particular flavors of USB metadata.
Add some comments while we're at it.
Change-Id: I6ea2063a015e424fc84a407231e80ef3e2a79c98
Reviewed-on: https://code.wireshark.org/review/14001
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not use the client-supplied session ticket for decryption when the
session is not resumed as the cached key (associated with that ticket)
is invalid for this new session. SSL Session IDs are unaffected by this
issue as only the server-issued Session ID is considered.
This fixes decryption of a SSL capture which uses the keylog file for
decryption, but where the session tickets are invalid because the server
was restarted.
Additionally, the session and session tickets stores are split to avoid
exporting session tickets via File -> Export SSL Session keys. Session
tickets should only be used internally, the CLIENT_RANDOM identifier is
shorter and is the preferred method to link secrets.
Change-Id: If96d7a4e89389825478e67e9a65401ce0607aa66
Reviewed-on: https://code.wireshark.org/review/13994
Reviewed-by: Michael Mann <mmann78@netscape.net>
Coverity rightfully complains about inproper use of negative value.
maxlength special value '-1' should be handled appropriately.
Change-Id: Ie1818121e39fa668094d012980016444ca868e6e
Reviewed-on: https://code.wireshark.org/review/13978
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf98bcf617d4d6343aa233e42898cf5f26b08e33
Reviewed-on: https://code.wireshark.org/review/13974
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
IEEE has run out of Payload IE IDs so ZigBee and
future IEs must use Vendor OUIs.
Change-Id: I6eed4382d099364605649eb7577a5e2691e97dd3
Reviewed-on: https://code.wireshark.org/review/13971
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As discussed in https://www.wireshark.org/lists/wireshark-dev/201309/msg00182.html
VJ decompressor was removed from Wireshark 1.12 due to license incompatibility
Let's mark the corresponding preference as obsolete so that people do not think
it is still supported
Change-Id: I7030ef5f402a0c7e242e77a52baf18f450a95024
Ping-Bug: 12138
Reviewed-on: https://code.wireshark.org/review/13993
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>