Bug: 12295
Change-Id: I875308a16b11023a691d34057c7f8561a15aa598
Reviewed-on: https://code.wireshark.org/review/14649
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the possibility to filter on the negotiated WebSocket
protocol from the upgrade response as well as on a specific TCP port
Bug: 12298
Change-Id: I8e0b785cec0b8c71ec558b74ac07c81194268b38
Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
Reviewed-on: https://code.wireshark.org/review/14645
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The code sets up a conversation, then proceeds getting it
and using it. It must be there, so assert that it is before
dereferencing it.
Change-Id: I5384b9b773a5f4e86f649612ee4f4929a503c523
Reviewed-on: https://code.wireshark.org/review/14641
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds options that control depth of MPTCP analysis, notably:
- if mptcp_relative_seq is enabled, can display relative MPTCP sequence
numbers
- if mapping analysis is allowed, can tell in which packets the DSS
mappings covering this data was sent
- if intersubflow checks are enabled, it can check for retransmissions
over other subflows
Change-Id: I82b934513c9f16affb60c066a1fbcca234ffc999
Reviewed-on: https://code.wireshark.org/review/12316
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d1807e631991d4115ca33d351e85c36272c209b
Reviewed-on: https://code.wireshark.org/review/14523
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The CAT025 type of ASTERIX messages is "CNS/ATM Ground System Status Report".
Change-Id: Icf39d595cef8663357a487b799bf32e738236757
Reviewed-on: https://code.wireshark.org/review/14590
Tested-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2d0aae95c41f527c4a1e0327bf6c3950204458e1
Reviewed-on: https://code.wireshark.org/review/14637
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12285
Change-Id: I103dff37b34f922ac5c3071c49b7dfe55b059717
Reviewed-on: https://code.wireshark.org/review/14634
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Old code didn't decode response specific fields, so all
packets where shown as invalid.
Bug: 12294
Change-Id: Id3bca825925ef3c20da1bb98dfb50961989fd585
Reviewed-on: https://code.wireshark.org/review/14529
Reviewed-by: Michael Mann <mmann78@netscape.net>
if a packet is not successful ( after resend )
the data section has to be skipped GEV 2.0 spec [CR-203st]/[CR-204st]
Bug: 12281
Change-Id: I9465000fb3e25f1e00f419cc7ccae29bd32a56b1
Reviewed-on: https://code.wireshark.org/review/14555
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12287
Change-Id: I9aecf83ef6f166fc30c275d1e50e0268b1b59ad5
Reviewed-on: https://code.wireshark.org/review/14618
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
* CSCT: Signed cert timestamp (RFC6962) of leaf cert
Change-Id: I487090830ea8fa1d7597fbd7eef9e801f5e1fb65
Reviewed-on: https://code.wireshark.org/review/14626
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I32e718a8ef94b514fd2907651e2f9bd92d8119ef
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Reviewed-on: https://code.wireshark.org/review/14627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Expert Infos can be a little overwhelming in large traces. This
preference will allow any user to enable the PI_NOTE declared
expert infos to be shown only when they are really necessary.
Fix a bug with SCM UDID validity detection as well
Change-Id: I2d197684157f1ea748bfbcc6fa2dfdb348722223
Reviewed-on: https://code.wireshark.org/review/14625
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: If44d33e739bc02425aea437e34ea8531b4223691
Reviewed-on: https://code.wireshark.org/review/14617
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8cfad1cdbb3843fa65931d8a22beba1b6bdf57c8
Reviewed-on: https://code.wireshark.org/review/14620
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise it will end up in the source distribution tarball.
Change-Id: Ieeafd5dbaebe3930c3769bfcbce538da5d36b7d3
Reviewed-on: https://code.wireshark.org/review/14624
Reviewed-by: João Valverde <j@v6e.pt>
Add SOCKET_LIBS and NSL_LIBS to global LIBS variables on platforms
where it is required.
Make configure checks for getaddrinfo/gethostname unconditional,
that is handled with #ifdefs if necessary.
Change-Id: Ia874038454fb9cf3bdbf8e6fd829f319e331837e
Reviewed-on: https://code.wireshark.org/review/14560
Reviewed-by: João Valverde <j@v6e.pt>
Add organization extension management message TLV according to SMPTE
(Society of Motion Picture and Television Engineers) ST 2059-2 to
Precision Time Protocol (PTP).
Bug: 12264
Change-Id: I487ef2bacbccdb61c813d923830242f9526fd2cf
Reviewed-on: https://code.wireshark.org/review/14559
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If client and server have the flag set then compression starts
after the greeting,login,ok.
This comments makes it possible to decode packets which
use the compressed protocol but don't have an compressed
payload.
Ping-Bug: 10342
Change-Id: I710f655c86feb9770556d1ffa69edd728e0374c3
Reviewed-on: https://code.wireshark.org/review/14603
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This takes away much of the pain (and merge conflicts) of micro-managing every
sub-folder file.
Change-Id: I7d7bb1173511ec9312ca4a97c6a59a26b0b194f4
Reviewed-on: https://code.wireshark.org/review/14595
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This copied and stripped code has this variable which does
not change. Remove this constant variable and the conditional
statements related.
Change-Id: I0741ef0ef8b8d1cbd52fc521bc6a91ad06c8b597
Reviewed-on: https://code.wireshark.org/review/14594
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The TCP dissector failed to recognize spurious retransmissions when the last ack
exactly equaled the retransmitted packet's sequence number plus the len. This is
standard TCP behavior so this feature was broken in most cases.
Bug: 12282
Change-Id: I90196cc79e786f92fd0d7be32816aad1d69d5718
Reviewed-on: https://code.wireshark.org/review/14592
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
nothing to do with IP protocol 97 called EoIP. Instead it is a GRE encapsulation
with Ethertype 0x6400. It sets the GRE version to 1 but doesn't use a sequence
number (in violation of RFC2637). Welcome to the real world.
Change-Id: I3d916f8fc134ef14bcaf0b946a10f7170a9f6a75
Reviewed-on: https://code.wireshark.org/review/14596
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Change-Id: I4b4a5e6ca0b10068075767e6eec95c97d32034a1
Reviewed-on: https://code.wireshark.org/review/14561
Reviewed-by: Daniël van Eeden <wireshark@myname.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The copied function retained features from its parent,
which cannot be reached. Might as well remove them and
replace with proper assert.
Change-Id: I63838d6011420d6c4473b127da52e7f304376172
Reviewed-on: https://code.wireshark.org/review/14531
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Base it on the DEC specification, not on whatever the Linux DECNET
people managed to reverse-engineer.
Change-Id: I60586f52e35f9f61e4aed93f315bfaceebe68cce
Reviewed-on: https://code.wireshark.org/review/14579
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add pkg-config 0.29.1 macros to our distribution. This makes the
aclocal-flags script obsolete, since we are already not using GLib
autoconf macros.
ACLOCAL_AMFLAGS need only be defined on the top-level Makefile.am.
Change-Id: Idd868dcfeb8f279517970d0f96d9d53e3a7e4d5c
Reviewed-on: https://code.wireshark.org/review/14568
Reviewed-by: João Valverde <j@v6e.pt>
They use proto_tree_add_uint_format() function to build an interpreted value, so they should not apply the byte bitmask
Change-Id: I29f70f567d41a8a44a34f3f0bc477fbc04b11b29
Reviewed-on: https://code.wireshark.org/review/14553
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Fixup for 7a1d3f67ac.
Change-Id: Idb8d68a3cc114545f24738cead4968804d831346
Reviewed-on: https://code.wireshark.org/review/14548
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I901ebc2128c92ef758b6b400cc8d86488a2115cb
Reviewed-on: https://code.wireshark.org/review/14537
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This saves many dissectors the need to find the data dissector and store a handle to it.
There were also some that were finding it, but not using it.
For others this was the only reason for their handoff function, so it could be eliminated.
Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b
Reviewed-on: https://code.wireshark.org/review/14530
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A regression was introduced at f4580ac9ed where an additional
hash table was introduced to store TLS Session Tickets separately
from Session IDs. However, the New Session Ticket dissector was
still storing the the Session Ticket in the ID table, causing lookups
to fail.
Change-Id: Iff49202f50afb8cb6ef62c774f6155682b8e48a6
Reviewed-on: https://code.wireshark.org/review/14499
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As well as in the rest of network protocols, in RTPS we have senders
and receivers of data. The atomic unit is not the host address (IP)
or the host address and port (UDP) but the guidPrefix. The guidPrefix
represents a single DomainParticipant, that very likely will be an
application. I have added filters to be able to differentiate from
source of information and destination of information. Before, the
only filter available was rtps.guidPrefix
Change-Id: I810d8b043796119c6e381bdbcb6061e0525ea272
Reviewed-on: https://code.wireshark.org/review/14466
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The PKTC dissector calls the Kerberos dissector assuming certain application values. Because different application values can have different "private" data, corruption can occur.
Ensure the Kerberos application values match the preceding comments by checking the ber identifier before calling the Kerberos dissector.
Bug: 12206
Change-Id: I9b04837f93a56681cae3816278315cf01da17544
Reviewed-on: https://code.wireshark.org/review/14520
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissector and heuristic tables now setup protocol dependencies.
"Manual" dependencies in separate patch.
Ping-Bug: 1402
Change-Id: I8da1239306de8676dcb05f8807914376816fc44f
Reviewed-on: https://code.wireshark.org/review/14447
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf36ebd7ceb3f87ceb6a68774f5b2810f8cf7b58
Reviewed-on: https://code.wireshark.org/review/14527
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Removing setting up and decoding for a header field which
never can be used anyway.
Change-Id: Ieed7810dd654df944a5bd16a7b84d3367bf9fa14
Reviewed-on: https://code.wireshark.org/review/14524
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Saves some false positives for protocols using port 674.
Bug: 12265
Change-Id: I7cb8aa9318639db0822b05b8c5b6f6563d8d4afc
Reviewed-on: https://code.wireshark.org/review/14521
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
the two bytes are sent LSB first
all fields are defined relative to the entire 16bit value
Change-Id: Iaea2b98fcb1f57224fbbd1c4c58473a7f810055d
Reviewed-on: https://code.wireshark.org/review/14513
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
A vlans file in the personal preference directory add an option to resolve
VLAN IDs to a describing name.
Format of vlan file is
123\tName of VLAN
To enable the resolving the preference nameres.vlan_name must be set
to TRUE.
Bug: 11209
Change-Id: I3f00b4897aace89c03c57b68b6c4b6c8b7d4685a
Reviewed-on: https://code.wireshark.org/review/14471
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I45b48c1e89ff68b1d990cd7cff9dd180cf4a1f7f
Reviewed-on: https://code.wireshark.org/review/14505
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Catch errors like bug 12205 with an assertion.
Change-Id: I17381c92dfb22912e53eb20f6436adfa15d67e71
Reviewed-on: https://code.wireshark.org/review/14251
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
This will make it easier to determine protocol dependencies.
Some LLC OUI dissector tables didn't have an associated protocol, so they were left without one (-1 used)
Change-Id: I6339f16476510ef3f393d6fb5d8946419bfb4b7d
Reviewed-on: https://code.wireshark.org/review/14446
Reviewed-by: Michael Mann <mmann78@netscape.net>
Get rid of most tests of tree, so we always step through the packet.
Change-Id: I0b54aecd7e871d9d48fc03f387131f0f6034b42f
Reviewed-on: https://code.wireshark.org/review/14496
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't conditiionalize stuff that should always be done with a test of
whether the protocol tree is being constructed or not.
Don't add an extra bogus address field to CF-End frames.
Bug: 12266
Change-Id: I0840d63480f9d7d8ffa434d984082a4a46a00d12
Reviewed-on: https://code.wireshark.org/review/14493
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove a couple useless if(tree)'s while in there.
Change-Id: Ie8de360f4590806eab0a4704b410341918251586
Reviewed-on: https://code.wireshark.org/review/14488
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Always look and set the uinteger64 member of the union for FT_BOOLEAN
values.
Bug: 12236
Change-Id: I7b0166e564b9d6cbb80051a81714a4b4c5f740a2
Reviewed-on: https://code.wireshark.org/review/14481
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In case no descriptors are in the trace, payload packets can
only be identified, if a clearly identified STREAM or CONTROL packet sets
class/subclass of the conversation
Change-Id: I30be30df908ede468fadf56fdef20f9869ce6b56
Reviewed-on: https://code.wireshark.org/review/14467
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That seems to be where we're telling it to send its logs.
Change-Id: Ic15370bc1af858b82f0964fcc35189039061ccb7
Reviewed-on: https://code.wireshark.org/review/14476
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Split two media type strings with the properly placed comma.
Change-Id: Ia6026879b63b9f51c3f2e61d8709f43716f0c6e2
Reviewed-on: https://code.wireshark.org/review/14472
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the "Display enhanced Info column data" preference is set, ensure that:
1. For non-MSP packets, path information (class/symbol) is displayed in the Info column for Forward Open, Forward Close, regular Message Router Request/Response messages
2. For MSP packets, don't display the class/symbol in the Info column (it's too wordy)
This now relies on an extra boolean passed to dissect_cip_data() to handle #2 above. Previously, this relied on checking a proto_item* for NULL, which is not correct.
Change-Id: I7532660bcb23bd664c1f5532256755922c4937d1
Reviewed-on: https://code.wireshark.org/review/14458
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: Ice90bf9b14b440fdfe59d1639fc0674e326a9923
Reviewed-on: https://code.wireshark.org/review/14461
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Sort the list of PIDL dissectors while we're at it.
Change-Id: I1425046d6feaded7af94f4a852d8f0984bd0b736
Reviewed-on: https://code.wireshark.org/review/14460
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A dissector must never assume that it will, or won't, be called with a
protocol tree; it's up to the Wireshark/TShark/etc. core to decide
whether to do it, and it can change its behavior over time or even
change it from release to release.
Have dissect_epath() take an argument that explicitly indicates whether
to add the CIP class to the Info column, rather than assuming that you
do so only if the tree pointer passed to it is null.
Bug: 12257
Change-Id: Ide8a6fc21252880f849a8d0aa4659a675bb3ae04
Reviewed-on: https://code.wireshark.org/review/14456
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Rather than storing RADIUS calls in a map keyed by the ident and conversation
store a tree of calls (using the the same key). Store each (non-duplicate)
call (request) in the tree, keyed by frame number. When looking for a match
(or a duplicate) look for the most-recently-seen frame in the tree (i.e., the
most recent frame with the same ident + conversation). Only declare a request
a duplicate if the authenticator is identical (as per RFC 5080 section 2.2.2).
Only store things in the map/tree on the first pass.
Remove the 'request_ttl' preference: it's better to show the user when the
response came back even if it was "late." (This also allows duplicate request
detection inside of the TTL.)
When telling the user about a duplicate don't tell them the ident again: they
already know that. Tell them the frame number of the original.
Use the FT_FRAMENUM_REQUEST/FT_FRAMENUM_RESPONSE hints.
Move a couple structures from the header file to the C file: they're only used
in the RADIUS dissector anyway.
Bug: 4096
Change-Id: I0e8bc0d23cd6b219cecd82f5c4cd765d28a14d98
Reviewed-on: https://code.wireshark.org/review/14451
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This includes not making assumptions about the order in which a GHashTable or
wmem_map implementation provides the keys to the GEqualFunc function
(apparently the former's order is different than the latter).
Change-Id: Ifbcb0f4f2c38b2ce6e44bf66c7246575af6299fa
Reviewed-on: https://code.wireshark.org/review/14448
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add missing newline or remove extra newlines at the end of the file.
Trim trailing whitespace.
Change-Id: I73b7a4e20969bc13f72bf97e981fd5de89d8bb17
Reviewed-on: https://code.wireshark.org/review/14400
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The reason the notice in the INFO column disappeared when a display filter was
added is because the column operation was wrapped in an if(tree).
Change-Id: Ic8ff929d7ef601458b8650f8095f87282f9fde40
Reviewed-on: https://code.wireshark.org/review/14449
Reviewed-by: Michael Mann <mmann78@netscape.net>
Initial import of source code for the dissector of the ISO 8583-1
'financial transaction card originated messages - Interchange
message specification' standard.
Bug: 12244
Change-Id: I24804cab4a93131ec9afa307844ad62eb2e01089
Reviewed-on: https://code.wireshark.org/review/14311
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
A Proto may be only be registered with a heuristic dissector once,
because we check this in heur_dissector_add().
Change-Id: I524fa832b647d557f13aedcb870f7789058d2180
Reviewed-on: https://code.wireshark.org/review/14436
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
'scsi.blockdescs.no_of_blocks' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'scsi.naa.vendor_specific' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT32
Change-Id: Iaa512c02b99f0a103bb5015e92d900dae2932843
Reviewed-on: https://code.wireshark.org/review/14418
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'tds.done.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.doneinproc.donerowcount' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'tds.envchange.newvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
'tds.envchange.oldvalue' exists multiple times with NOT compatible types: FT_BYTES and FT_STRING
Change-Id: I87d713aaa722d7ab9e8d19955f3820e9040446c1
Reviewed-on: https://code.wireshark.org/review/14415
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's confusing to have 'pdus_tree' mean both the map of pdu_trees and the pdu
trees themselves.
Change-Id: Ie875798eb140b60a1309ddc0c0bf885b48c0407c
Reviewed-on: https://code.wireshark.org/review/14413
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Make full use of our proper implementation of this macro by
giving it the pointer as is.
Change-Id: I0bbe73d19cc3f578b94ea2d4d904d6fa87b20b48
Reviewed-on: https://code.wireshark.org/review/14391
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Remove "Object" from CIP class names. It was already removed from some of the objects, the string "Object" is implied for all objects, and it helps reduce wordiness in the Info column.
2. Don't display Class/Symbol name in the Info column when it's inside a MSP.
3. Enable enhanced Info column by default now that some of the additional wordiness was removed by the above points.
4. Put single quotes around the symbol name in the Info column. This makes it more obvious that something is a symbol instead of an actual class name from the spec, and would prevent ambiguity if the symbol name was something like "Identity".
5. Print the CIP service for both requests/responses in CIP Safety processing. This was already added to normal CIP.
6. Display Class/Symbol and service on the Service Packet in the MSP tree. This makes it easier to find without expanding every MSP item.
Change-Id: I7197dd4bf3dad6d7bdba247d3d7ab76cca52c785
Reviewed-on: https://code.wireshark.org/review/14325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: D. Ulis <daulis0@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <mmann78@netscape.net>
Now GATT dissectors need to have opcode to properly dissect attribute
or return expert info if possible (wrong usage).
Change-Id: Ife79bbf0682967a8bef8efadd8b242aa147315a7
Reviewed-on: https://code.wireshark.org/review/14314
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Bluetooth Specifications specify properties of every characteristics
(read, write, indicate, notify, write without response, signed write etc.)
Check it and add expert info about invalid usage if detected use of wrong
opcode with the characteristic.
Change-Id: I98ad8280b9ee65b4015a021e732ea748cc9e7a83
Reviewed-on: https://code.wireshark.org/review/14313
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
When additional path index are in use there must be more remaining data bytes.
Therefore we return only 1 when the len is greater 1.
Bug has been reported by Garri.
Bug: 12240
Change-Id: Ia24311dcedc450e4208df875bc254c9744dec5dd
Reviewed-on: https://code.wireshark.org/review/14396
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol spec states that unused bits in the last byte in a
7bit string shall be null.
Change-Id: I6fa2e0af6462c87279c19e23a98bf624e46bc9c1
Reviewed-on: https://code.wireshark.org/review/14387
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Set ENABLE_CHECK_FILTER to 1 for get list of display filter with conflict...
Ping-Bug:2402
Change-Id: I8d56b1573120d1a29d437aae1088be242e15e9a3
Reviewed-on: https://code.wireshark.org/review/13644
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Handling of PAN IDs in 802.15.4 has changed dramatically in
802.15.4-2015, particularly with respect to the new Frame Version
2 (0b10) frames. This update streamlines the logic in an attempt
to follow the spec as closely as possible. In doing so it fixes
some logical errors in the previous version
Change-Id: I1a2f112bbcdeb24a605167578201494823485c47
Reviewed-on: https://code.wireshark.org/review/14167
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix mapi/nspi/rfc dissector
Don't forget when regenerate to go on mapi/nspi/rfc and use make for regenerate
Change-Id: I74b98bf84e7786f51d4f693379186b289913ca1b
Reviewed-on: https://code.wireshark.org/review/11476
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In URB setup, wInterface is always displayed disregarding the actual
bmRequestType. Show instead: wInterface if recipient is an interface,
WEndpoint if recipient is an endpoint and wIndex when recipient is device
or other.
Change-Id: I6883dc22d80267276f9d171f39695e86e93aae83
Reviewed-on: https://code.wireshark.org/review/14283
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To quote Icf0831717de10fc615971fa1cf75af2f1ea2d03d:
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Ic829541c696e0ddbc45cc109009319859c799066
Reviewed-on: https://code.wireshark.org/review/14340
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
the version indicates IPv6.
This handles a case of Linux cooked capture with ethertype set as IPv4 for
IPv6 packets.
Change-Id: Ie79f1a631980a224a7b51963f9174e75ffb69a47
Reviewed-on: https://code.wireshark.org/review/14321
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Count vendor commands once
2. Fill Event column in case of Command Status/Command Complete
types while displaying command
3. Add missing Status from Connect Complete event
4. Add missing Command Complete events opcodes
Change-Id: Ie5a0e373f92f62fcb890cef7ab54762df3bb8a35
Reviewed-on: https://code.wireshark.org/review/14315
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Due to RFC5444 <msg-size> is a 16-bit unsigned integer field.
Bug was reported by Matthias Tafelmeier
Bug: 12227
Change-Id: I6d041015b386be7a8e02a87d0fe29e2670b1ab6e
Reviewed-on: https://code.wireshark.org/review/14320
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Before, the parameter ids were handled incorrectly. A vendor specific
parameter definition was used for all the vendors. This is wrong for
ids starting at 0x8000. This commits aims to fix that problem and
make easier the addition of new parameters or vendors.
Change-Id: I0d40aa8cbfa44d5bb2928075001fe39e6f14abc2
Reviewed-on: https://code.wireshark.org/review/14007
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix Typo and change session id to decimal.
Fix ENC_NA
Change-Id: I72bded27ee79a1f5b91202767ac750c82ac029d3
Reviewed-on: https://code.wireshark.org/review/14304
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use pkg-config if a zlib.pc file is available.
Remove the now redundant AC_TRY_LINK_FUNC test (there are no linker flags
for GTK+ here).
Change-Id: I7de744749eba7231ae0097b975144b76ffcf1bdb
Reviewed-on: https://code.wireshark.org/review/14263
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Presumably the intent is to have the two dissectors share the tables in
question; if so, it's best done by defining the tables in one and only
one C file and declaring it in a header file included by both C files -
that 1) ensures the declaration and definition stay in sync and 2) keeps
the OS X build from failing.
Change-Id: Id2e7e5b7270c7109ffb091b2e16a631b83dde212
Reviewed-on: https://code.wireshark.org/review/14309
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Issue reported by Ted Wards
Bug:12223
Change-Id: I38adba8ee3d48788afce20d969d708c7635c8703
Reviewed-on: https://code.wireshark.org/review/14302
Reviewed-by: Michael Mann <mmann78@netscape.net>
Issue reported by Dávid Major
Change-Id: I4dfd6f853205386bc6dbb15357b2b9e5d5b8ea0e
Reviewed-on: https://code.wireshark.org/review/14297
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I69c949821395e3272cbb5bc7c7a142b5482f9d52
Reviewed-on: https://code.wireshark.org/review/14219
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This commit adds additional AVPs from RFC 5515 to L2TP.
Bug: 12208
Change-Id: I389342d05375a41ae834197978e9babab9b7b674
Reviewed-on: https://code.wireshark.org/review/14290
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Get rid of unnecessary assignment while we're at it.
Change-Id: I46dd0b3d64d7e38553ea243b79f71a58cda68653
Reviewed-on: https://code.wireshark.org/review/14299
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, do more formatting consistency cleanups, and show the
I format bit in hex as we do with the format bits in other formats.
Change-Id: I53842e948311aa0b332a60a413904901428b13f1
Reviewed-on: https://code.wireshark.org/review/14298
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Give all ett_ variables ett_llcgprs_ names.
Make function formatting a bit more consistent.
Show the format bits in hex for all formats.
Change-Id: I7e7127a22384688b973a683c93eff442a88fb3b5
Reviewed-on: https://code.wireshark.org/review/14295
Reviewed-by: Guy Harris <guy@alum.mit.edu>
First dissect the address field, then dissect the control field, then
dissect the FCS if present, then dissect the info field.
That makes the dissection more like the dissection of other protocols
with an FCS at the end, and means that we don't throw an exception too
early.
Remove the "MLT CHANGES" comments - if somebody cares who did what, they
can browse the commit history; it's not as if the version prior to those
changes was somehow the "pure" version and that we need to keep the
changes carefully demarcated.
Get rid of no-longer-necessary variable.
Change-Id: I249440971e64ecbb0959ebbea1b2897a2e12375a
Reviewed-on: https://code.wireshark.org/review/14293
Reviewed-by: Guy Harris <guy@alum.mit.edu>
rpc_call cannot be NULL at this point, so don't check for it,
especially not incorrectly.
Change-Id: I90fcb064ce479d71edf3b4cb0ebea9a5ab623119
Reviewed-on: https://code.wireshark.org/review/14268
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't fall through and re-dissect the control byte of an S frame as if
it were a UI frame.
Change-Id: I17cf12f920bf066f87f70be5efe78dc531beb3f9
Reviewed-on: https://code.wireshark.org/review/14284
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Leave the job of computing the captured length up to the tvbuff code.
Change-Id: If88e813ba7dee3516baf958b9fead26374d915ad
Reviewed-on: https://code.wireshark.org/review/14276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"llc_data_length" is what's left of "length" after the CRC is removed;
'llc_data_captured_length" is what's left of "captured_length" after the
CRC is removed.
Change-Id: I9371a5d3004632d684093b2650fa0bf8fc1f9bde
Reviewed-on: https://code.wireshark.org/review/14275
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before, the function get_rtitcp_pdu_len didn't take into account
the case where the CRC is sent (header_length is increased by 8).
This has been fixed.
Change-Id: I3eb22ec2aadc7406ccdcfcc8a5beaa98b48ed143
Reviewed-on: https://code.wireshark.org/review/14265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Smaller epan/CMakeLists.txt is easier to work with and this structure
is well suited to CMake. It should make it easier to manage and configure
each epan module differently if necessary.
Change-Id: Ia649db3b7dcd405aa43dbdba3288699d5e375229
Reviewed-on: https://code.wireshark.org/review/14068
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Since the MDS trailer is smaller anyway, no need to copy that code.
Change-Id: Ie3931cda3ef2386526cd81daee535d106e522875
Reviewed-on: https://code.wireshark.org/review/14253
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Minimal support has been added for the MLME Payload IE and the Enhanced Beacon
Filter Sub-IE. Dissection of Payload IEs and Sub-IEs is supported making it
easy to add dissection for specific applications once this is known.
Change-Id: I3a4f237e17413ec3e7bbfd32ded0625fc97da11b
Reviewed-on: https://code.wireshark.org/review/13999
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Lightweight M2M is a protocol on top of CoAP that is used for
device management. The specification contains a custom payload
format - a simple type, length, value binary encoding.
This patch adds support for dissecting this payload format.
While not yet officially registered, the main open source
implementation of the lwm2m protocol - eclipse's leshan - uses this
content type 1542 for its messages.
Bug: 12110
Change-Id: Ib022d1f485c706f1d69ceec7200790448d080965
Reviewed-on: https://code.wireshark.org/review/13835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
mapi&nspi dissectors skipped on purpose since they the output is
malformed. This was already the case before the samba sync.
Change-Id: Ib3b78459e3506c755aaa219433ac6b5865482f01
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-on: https://code.wireshark.org/review/13968
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If we aren't changing the resolved name, it's not new.
This prevents us from perpetually "resolving" the address. If we have
ARP packets that cause us to map a MAC address to a host name, based on
the ARP packet saying the MAC address corresponds to a given resolved IP
address, then each time we dissect the packet, the address will be
"resolved" - and each time we have new resolved addresses as a result of
that, we'll redissect the displayed packets so that they show the
resolved address, and we'll forever be redissecting.
Change-Id: I445e92f407d52a4ed5986721ffcc472f86e99431
Reviewed-on: https://code.wireshark.org/review/14236
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Section 6.2.67 in IEEE 1278.1-2012 defines PDU Status bit field in
the PDU Header. The bit meaning varies with the PDU type. This
change provides full parsing and presentation for all fields and
PDU types.
Bug: 12043
Change-Id: I8f4ef6606ff59a1ef0ed97630c4832b2b6a4dff7
Reviewed-on: https://code.wireshark.org/review/14232
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
don't access the class-specific conversation structure before we know
that the packet is a U3V packet
the USB dissector should fill interfaceClass and interfaceSubclass with
correct values - if it doesn't that's another bug to be fixed
Bug:12194
Change-Id: Ic9e73e7cb05c8887fee794e4735936caad1b7f49
Reviewed-on: https://code.wireshark.org/review/14224
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added tcp.analysis.push_bytes_sent to see how many bytes sent since the last PSH flag. Can be useful when analyzing application behavior and performance and bytes_in_flight gets altered by ACKs
Change-Id: I8c6348de43cdb1545169d3a04773885d2411eb00
Reviewed-on: https://code.wireshark.org/review/9822
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
in wslua_init(), our lua instance L is set to NULL if
disable_lua is true in init.lua
make sure that we leave wslua_init() in this case
if we don't, we crash in lua_pop(L,1); with L==NULL
Program received signal SIGSEGV, Segmentation fault.
0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0
(gdb) bt
#0 0x00007fffefb41a73 in lua_settop () from /usr/lib/x86_64-linux-gnu/liblua5.1.so.0
#1 0x00007ffff4fb50e4 in wslua_init (cb=cb@entry=0x516f40 <splash_update(register_action_e, char const*, void*)>,
client_data=client_data@entry=0x0) at init_wslua.c:900
[...]
Bug:12196
Change-Id: Ic338c4edcb897c0eaa9b6755bbb6c9991ec6ed02
Reviewed-on: https://code.wireshark.org/review/14228
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
... and the copy of it that I just made :-(
bInterfaceProtocol should be bInterfaceSubClass
Change-Id: Ic25f28cad7305986cb79ddea5110b1e739e57101
Reviewed-on: https://code.wireshark.org/review/14223
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
check for the minimum lenght before dereferencing data
add a NULL check for usb_conv_info
Change-Id: I91014d5929f57cc9eed2bfc7adef9f89541ece45
Reviewed-on: https://code.wireshark.org/review/14221
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I68b7fa0b5d7fae86289807d7ef01a2141dcb8ff6
Reviewed-on: https://code.wireshark.org/review/14059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug:12165
Change-Id: I341d4387227a41af826a2867b48a53eff7e1e62a
Reviewed-on: https://code.wireshark.org/review/14200
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie6c6f71e413463f93924c1a47b908a1c97d94407
Reviewed-on: https://code.wireshark.org/review/14209
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I493491f4e93556ccff95abe69cc2ecce1f9f28b2
Reviewed-on: https://code.wireshark.org/review/14207
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If you apply tcp.flags.str as a column you end up with a Wall Of
Asterisks. Use Unicode MIDDLE DOT as a placeholder instead.
Change-Id: I3e2bebd2a951cc516399e965ace6bf87501adc9e
Reviewed-on: https://code.wireshark.org/review/13855
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12180
Change-Id: If089ad49a27de2a681490ef75aaa9a7b7e5ad922
Reviewed-on: https://code.wireshark.org/review/14184
Reviewed-by: Michael Mann <mmann78@netscape.net>
Try to improve address API and also fix some constness warnings
by not overloading the 'data' pointer to store malloc'ed buffers
(use private pointer for that instead).
Second try, now passing test suite.
Change-Id: Idc101cd866b6d4f13500c9d59da5c7a38847fb7f
Reviewed-on: https://code.wireshark.org/review/13946
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
When the HTTP request is transmitted to a Proxy the URI is already
a "full URI".
Bug was reported by Thomas Baudelet.
Bug: 12176
Change-Id: I83f6bdef6fa96233792c6bbe54caad38df0f5fb6
Reviewed-on: https://code.wireshark.org/review/14142
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Always decode Call ID (and payload length) when Version is Enhanced GRE (and no ACK flag)
Issue reported by Duncan Salerno
Bug:12149
Change-Id: I2f61dd6851e26cc93174f96e05c0055fc45be4e2
Reviewed-on: https://code.wireshark.org/review/14088
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(qsort() is your friend.)
Change-Id: I71ab5fea0c8c0f548d737f5d5d1b7523b8a668ea
Reviewed-on: https://code.wireshark.org/review/14137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-flexray.c: In function ‘dissect_flexray’:
packet-flexray.c:245:6: error: ‘flexray_frame_tree’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
expert_add_info(pinfo, flexray_frame_tree, &ei_flexray_frame_payload);
^
cc1: all warnings being treated as errors
Change-Id: Iadcae49e7d958823ae7066906892f6c1ae85169b
Reviewed-on: https://code.wireshark.org/review/14124
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for the USB3 Vision machine vision camera protocol.
* Descriptors
* Bootstrap registers
* Control (GenCP)
* Stream data
A sample capture (usb_u3v_sample.pcapng) has been uploaded to
https://wiki.wireshark.org/SampleCapture
USB3 Vision a standard developed under the sponsorship
of the AIA for the benefit of the machine vision industry.
U3V stands for USB3 Vision (TM) Protocol
Change-Id: If1206df7974c6a91cf18f59ddecf9d38b9827934
Reviewed-on: https://code.wireshark.org/review/14008
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Expert info for cip_short_string,cip_string
2. Combine dissect_cip_multiple_service_packet_req/dissect_cip_multiple_service_packet_rsp. The formats are the same, and this ensures that all expert info checks are applied to both.
3. Remove some copy-paste in dissect_cip_generic_data
Change-Id: I433990bf4389bee78d414cab8547bd2bb39498c7
Reviewed-on: https://code.wireshark.org/review/14105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change fixes a leak in packet-diameter that loads a dictionary
but doesn't free all the data. Found by valgrind.
==30481== 36,656 (960 direct, 35,696 indirect) bytes in 24 blocks are definitely lost in loss record 3,417 of 3,421
==30481== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30481== by 0xA7FE610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA81422D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA7CDC44: g_array_sized_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0x6863743: dictionary_load (packet-diameter.c:1980)
==30481== by 0x6863743: proto_register_diameter (packet-diameter.c:2344)
==30481== by 0x71C4BA4: register_all_protocols (register.c:323)
==30481== by 0x65EEFA7: proto_init (proto.c:521)
==30481== by 0x65CD621: epan_init (epan.c:126)
==30481== by 0x115330: main (tshark.c:1220)
Change-Id: I3c0d19e1accab415355aa0f50c598f0c83356985
Reviewed-on: https://code.wireshark.org/review/13821
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:10501
Change-Id: I8d77c41537f1bfed9b5fbc585119496ec73c06eb
Reviewed-on: https://code.wireshark.org/review/14123
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: I661cadd8beea9585885e48c03a8b52561d1df778
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14113
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fixes regression introduced by f5340b2
g_hash_table_remove will call free on object, thus there is no need for explicit g_free,
as is causes a double-free:
*** Error in `/usr/sbin/wireshark-gtk': double free or corruption (fasttop): 0x0000555556e6bf50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77da5)[0x7fffef80ada5]
/lib64/libc.so.6(+0x804fa)[0x7fffef8134fa]
/lib64/libc.so.6(cfree+0x4c)[0x7fffef816cac]
/lib64/libglib-2.0.so.0(g_free+0xe)[0x7ffff09665ee]
/lib64/libglib-2.0.so.0(+0x388ba)[0x7ffff094f8ba]
/lib64/libwireshark.so.6(+0x1cfb46b)[0x7ffff49d646b]
/lib64/libwireshark.so.6(+0x1d03d99)[0x7ffff49ded99]
/lib64/libwireshark.so.6(+0x173b11f)[0x7ffff441611f]
/lib64/libwireshark.so.6(+0x173bba5)[0x7ffff4416ba5]
/lib64/libwireshark.so.6(call_dissector_with_data+0x26)[0x7ffff4419ad6]
.....
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: Ide47d1f9deb3e1b0d8adefd31fc6f3bf5cbaa010
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Documentation changes only (comments and docbook).
Update WSDG with the fragment_add_seq_check API that was introduced in
Wireshark 1.10.
Fix typos and clarify the many functions we have for adding reassembling
fragments.
Change-Id: I38715a8f58e9cf1fe3e34ee4b1a4ae339630282b
Reviewed-on: https://code.wireshark.org/review/14066
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'rsip.parameter.address' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sap.originating_source' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sflow_245.nexthop' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Idabe9adafac2e11f2e90a494e5fac1a341edca33
Reviewed-on: https://code.wireshark.org/review/14091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We just dissect it as raw bytes for now; ultimately, we need to process
it the same way we process data for other forms of USB capture.
This also catches the case where the frame length is bogusly large
(including so large that rounding it up to a multiple of 4 overflows).
Bug: 12153
Change-Id: I537974d548fdcda917d9fce8189eb2134bc17bb9
Reviewed-on: https://code.wireshark.org/review/14103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
BGP-LS is just a collector of IGP link state information. Some
fields are encoded "as-is" from the IGP, hence in order to dissect
them properly we must be aware of their origin, e.g. IS-IS or OSPF.
So, *before* dissecting LINK_STATE attributes we must get the
'Protocol-ID' field that is present in the MP_[UN]REACH_NLRI
attribute. The tricky thing is that there is no strict order for path
attributes on the wire, hence we have to keep track of 1) the
'Protocol-ID' from the MP_[UN]REACH_NLRI and 2) the offset/len of
the LINK_STATE attribute. We store them in per-packet proto_data and
once we got both we are ready for the LINK_STATE attribute dissection.
Change-Id: Ibe2b7f5c9039ad63a72f3f9fb8a9c33c0be44ed0
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13970
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This change makes wmem_array more similar to GArray by adding
two functions that mimic the first two params of g_array_new().
Change-Id: Iaec999cd2e44f79f44d766be5d39741b73602e5a
Reviewed-on: https://code.wireshark.org/review/13989
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Cache decoded header fields in order to conserve memory.
If we try to decompress more than 256 KB or find 200 or more headers
stop decompressing and add an expert item. Note that we might want to
make the maximum values configurable via preferences.
Bug:12077
Change-Id: Idf7cb1046c96cf87e1b53af6c56e19b4abad1dfb
Reviewed-on: https://code.wireshark.org/review/13746
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fixed several decoded fields that were poorly described in the original documentation
Change-Id: I688c5fd7e011d0dd49fb201ca294348d177bb4fa
Reviewed-on: https://code.wireshark.org/review/14067
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
'ieee17221.clock_source_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'ieee17221.stream_format' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'afp.unknown' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
'afp.toc_offset' exists multiple times with NOT compatible types: FT_NONE and FT_UINT64
'bootp.client_id.iaid' exists multiple times with NOT compatible types: FT_UINT32 and FT_STRING
'bthfp.chld.mode' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'canopen.pdo.data' exists multiple times with NOT compatible types: FT_STRINGZ and FT_BYTES
'canopen.sdo.data' exists multiple times with NOT compatible types: FT_UINT32 and FT_BYTES
'ceph.msg.' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'ceph.version' exists multiple times with NOT compatible types: FT_UINT16 and FT_UINT64
'cip.linkaddress' exists multiple times with NOT compatible types: FT_STRING and FT_UINT8
'dnp3.al.ana' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dnp3.al.anaout' exists multiple times with NOT compatible types: FT_FLOAT and FT_INT32
'dtls.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'ssl.handshake.cert_url.url_hash_len' exists multiple times with NOT compatible types: FT_STRING and FT_UINT16
'dvb-s2_gse.label' exists multiple times with NOT compatible types: FT_UINT24 and FT_ETHER
'fcdns.rply.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'fcdns.req.fc4type' exists multiple times with NOT compatible types: FT_NONE and FT_UINT8
'icmp.int_info.name' exists multiple times with NOT compatible types: FT_STRING and FT_BOOLEAN
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'icmpv6.ilnp.nb_locs' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'mausb.clear_transfers.status' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mikey.v' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_NONE
'mswsp.rangeboundry.ultype' exists multiple times with NOT compatible types: FT_STRING and FT_UINT32
'mswsp.arrayvector.address64' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_offset' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'nlm.lock.l_len' exists multiple times with NOT compatible types: FT_UINT32 and FT_UINT64
'pflog.saddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.daddr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pflog.saddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pflog.daddr' exists multiple times with NOT compatible types: FT_BYTES and FT_IPv6
'pgm.spm.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.src' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.nak.grp' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.poll.path' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv4 and FT_IPv6
'pgm.opts.ccdata.acker' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'pgm.opts.redirect.dlr' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Iaf694699d108a12db172da8dd9fbab211adb329d
Reviewed-on: https://code.wireshark.org/review/14070
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
'cigi.entity_control' exists multiple times with NOT compatible types: FT_FLOAT and FT_STRINGZ
'cigi.entity_control' exists multiple times with NOT compatible types: FT_STRINGZ and FT_FLOAT
'cigi.art_part_control.yaw_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.rate_control.part_id' exists multiple times with NOT compatible types: FT_UINT8 and FT_INT8
'cigi.view_control.yoff_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.zoff_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.roll_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.pitch_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.view_control.yaw_enable' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
'cigi.short_symbol_control.value1' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT32
'cigi.short_symbol_control.value2' exists multiple times with NOT compatible types: FT_FLOAT and FT_UINT32
Also replace some homemade true_false_string with some from tfs.h
Change-Id: Ied8dfb320abb6f3218304fd06c5481167f1169ec
Reviewed-on: https://code.wireshark.org/review/14069
Reviewed-by: Michael Mann <mmann78@netscape.net>
'bitcoin.addr.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.inv.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getdata.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.notfound.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getblocks.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.getheaders.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.input_count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.in.script_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.output_count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.tx.out.script_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.block.num_transactions' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.headers.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.merkleblock.flags.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.merkleblock.hashes.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.string.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'bitcoin.data.count' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'dcerpc.referent_id' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'dmp.body.id' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'edonkey.start_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'edonkey.end_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.entry' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.phoff' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.shoff' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_vaddr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_paddr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_filesz' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_memsz' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.p_align' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_addr' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_offset' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_addralign' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.sh_entsize' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.symbol_table.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.symbol_table.size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.tag' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.value' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.pointer' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.ignored' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'elf.dynamic.unspecified' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'h248.contextId' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'hcrt.data32' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'wlan_mgt.fixed.psmp.stainfo.reserved' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'isakmp.tf.attr.life_duration' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'isakmp.ike.attr.life_duration' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'jxta.message.element.content.length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'rmt-lct.tsi' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'rmt-lct.toi' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'smb.alloc_size' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
'trmac.response_code' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT32
Change-Id: I903933e6448bac3d3374eef1a6a0bc4771c1a9f4
Reviewed-on: https://code.wireshark.org/review/14060
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie719e2f14c6eaf536035ab30dcb40e91c431c6e4
Reviewed-on: https://code.wireshark.org/review/14061
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If630e03f82add403cb978969a8ebbb6f0bbcbad0
Reviewed-on: https://code.wireshark.org/review/14064
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
when there's a decompression failure, we already flag up an expert info and exit
we can just delete the exception
in dissect_udvm_reference_operand_memory(), we return 0 on error and
let the caller do a check
Change-Id: I2cd301896794260457f57209e5efc0939b27b339
Reviewed-on: https://code.wireshark.org/review/14063
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Not all paths will access the tvb to have it throw a bounds error for large loop values.
Bug: 12151
Change-Id: I74a6d0d8ddece0f95027493a7d408cc54d94d25a
Reviewed-on: https://code.wireshark.org/review/14051
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
Nobody looks it up, so just register it in the wtap_encap table, as we
do with the 64-byte-header Linux USB dissector, the USBPCAP dissector,
and the FreeBSD USB dissector.
Change-Id: I5da098d799a63449f17a26924b3ba2de36536896
Reviewed-on: https://code.wireshark.org/review/14046
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Prevents a buffer overrun (read). Show expert info such that it can be
detected (in case the value is non-reserved in the future).
Bug: 11818
Change-Id: I6cd2f4c9deb5cb515a53743aa83193521b2331e8
Reviewed-on: https://code.wireshark.org/review/14040
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It is a typo on display field and fix also wrong comment...
Change-Id: Idb93641d6e4197b59e453e4ad629af4c0454c8d3
Reviewed-on: https://code.wireshark.org/review/14038
Reviewed-by: Michael Mann <mmann78@netscape.net>
checkhf don't like macro and for avoid warning/error, remove macro for declare hf
Change-Id: I5521b3176027ddc673e8f6c793ab4eb0d01cd8fd
Reviewed-on: https://code.wireshark.org/review/14018
Reviewed-by: Michael Mann <mmann78@netscape.net>
'mih.tlv_length' exists multiple times with NOT compatible types: FT_UINT64 and FT_UINT8
'mih.mihf_id' exists multiple times with NOT compatible types: FT_ETHER and FT_STRING
'mih.mihf_id' exists multiple times with NOT compatible types: FT_IPv4 and FT_ETHER
'mih.mihf_id' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Ib4be551920c7389100ece668e1af288a7d712725
Reviewed-on: https://code.wireshark.org/review/14027
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some only allow buffer overruns (read), others also buffer overflows
(write).
Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).
Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When a set is empty, only a terminator (ber_sequence_t with NULL func)
is present. In that case, do not try to find more values as that will
never succeed.
Bug: 12106
Change-Id: I26cd4ba84a9580e92d5921592a27c2af17c0bebf
Reviewed-on: https://code.wireshark.org/review/14028
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not read outside boundaries when tag is exactly 0xff.
tag = tvb_get_guint8(tvb, offset);
tdef = find_tlv_tag(tag);
...
return &nm_att_tlvdef_base.def[tag];
Bug: 11825
Change-Id: I42e624185abb2166aa0f8d0dbd71a2a86fc0b18e
Reviewed-on: https://code.wireshark.org/review/14030
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for dissecting the optional 4-byte expiry field in
sub-document API request packets. This is permitted for any
single-path mutation request; increasing the length of the extras
section from 3 to 7 bytes.
Change-Id: I0609dbc6f6a8e62028cd20a28609fc3016e44910
Reviewed-on: https://code.wireshark.org/review/14004
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fixes a buffer overrun in dissct_rsl_ipaccess_msg when the tag is
exactly 0xff:
tag = tvb_get_guint8(tvb, offset);
tdef = &rsl_att_tlvdef.def[tag];
Bug: 11829
Change-Id: I25a3c6948242a52f59431ce84c108b2e52008930
Reviewed-on: https://code.wireshark.org/review/14011
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
packet-per.c:959:6: warning: Access to field 'aligned' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1606:29: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:1612:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3156:41: warning: Access to field 'pinfo' results in a dereference of a null pointer (loaded from variable 'actx')
packet-ber.c:3182:24: warning: Access to field 'created_item' results in a dereference of a null pointer (loaded from variable 'actx')
Change-Id: Ibae00dc29a869701fe903a5b0c9944279aaa3df7
Reviewed-on: https://code.wireshark.org/review/13936
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
DLM3 minor version 1, introduced in mainline kernel commit 757a4271 from
October 2011, added some fields and a Need Slots flag to Recovery
Command Status packets.
Change-Id: Ib994223afeae6b8d6ddb75404ab2031c5a63185b
Reviewed-on: https://code.wireshark.org/review/13983
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It works the same regardless of what flavor of USB metadata there is,
and there's no good reason for any Bluetooth code to know, or care,
about particular flavors of USB metadata.
Add some comments while we're at it.
Change-Id: I6ea2063a015e424fc84a407231e80ef3e2a79c98
Reviewed-on: https://code.wireshark.org/review/14001
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not use the client-supplied session ticket for decryption when the
session is not resumed as the cached key (associated with that ticket)
is invalid for this new session. SSL Session IDs are unaffected by this
issue as only the server-issued Session ID is considered.
This fixes decryption of a SSL capture which uses the keylog file for
decryption, but where the session tickets are invalid because the server
was restarted.
Additionally, the session and session tickets stores are split to avoid
exporting session tickets via File -> Export SSL Session keys. Session
tickets should only be used internally, the CLIENT_RANDOM identifier is
shorter and is the preferred method to link secrets.
Change-Id: If96d7a4e89389825478e67e9a65401ce0607aa66
Reviewed-on: https://code.wireshark.org/review/13994
Reviewed-by: Michael Mann <mmann78@netscape.net>
Coverity rightfully complains about inproper use of negative value.
maxlength special value '-1' should be handled appropriately.
Change-Id: Ie1818121e39fa668094d012980016444ca868e6e
Reviewed-on: https://code.wireshark.org/review/13978
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf98bcf617d4d6343aa233e42898cf5f26b08e33
Reviewed-on: https://code.wireshark.org/review/13974
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
IEEE has run out of Payload IE IDs so ZigBee and
future IEs must use Vendor OUIs.
Change-Id: I6eed4382d099364605649eb7577a5e2691e97dd3
Reviewed-on: https://code.wireshark.org/review/13971
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As discussed in https://www.wireshark.org/lists/wireshark-dev/201309/msg00182.html
VJ decompressor was removed from Wireshark 1.12 due to license incompatibility
Let's mark the corresponding preference as obsolete so that people do not think
it is still supported
Change-Id: I7030ef5f402a0c7e242e77a52baf18f450a95024
Ping-Bug: 12138
Reviewed-on: https://code.wireshark.org/review/13993
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This the result of updated 'PAN ID Compression field value for frame
version 0b10' table in IEEE spec which clarifies the interpretaion
of the PAN ID Compression bits for different combinations of Src
and Dst Addresses.
Change-Id: Ia70836b8571beae80a3f507be4f39736e13eb110
Reviewed-on: https://code.wireshark.org/review/13984
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
If you include something from the wiretap directory, always precede it
with wiretap/.
Fix some includes of files in the top-level directory to use a path
relative to the current directory, not relative to the wiretap
directory.
This makes it a bit clearer what's being included.
Change-Id: Ib99655a13c6006cf6c3112e9d4db6f47df9aff54
Reviewed-on: https://code.wireshark.org/review/13990
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
According to the EIGRP draft RFC (https://tools.ietf.org/html/draft-savage-eigrp-04#section-6.8.1), 2nd bit (0x2) in EIGRP classic bit field should be interpreted as Candidate Default (CD)
Reported by Garri
Bug:12136
Change-Id: I56dcbbc7db480e67962e2edfbd8d9c6b117f30ef
Reviewed-on: https://code.wireshark.org/review/13987
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change g_list into wmem_list to solve the leak. Leak found by valgrind.
==14755== 3,384 (504 direct, 2,880 indirect) bytes in 21 blocks are definitely lost in loss record 3,380 of 3,418
==14755== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14755== by 0xA806610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA81C22D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0xA7FD4F3: g_list_append (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==14755== by 0x67CD825: build_get_attr_all_table (packet-cip.c:5402)
==14755== by 0x67CD825: proto_register_cip (packet-cip.c:8067)
==14755== by 0x71C83F9: register_all_protocols (register.c:229)
==14755== by 0x65F14D7: proto_init (proto.c:521)
==14755== by 0x65CF961: epan_init (epan.c:126)
==14755== by 0x1153F0: main (tshark.c:1220)
Change-Id: I9c25ee5b5bf04b9afb8b0bf22bb6f3d7022bf4d3
Reviewed-on: https://code.wireshark.org/review/13969
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current code which dissects the idProduct (and to some extend the
idVendor) item for USB devices is overly complicated. A better method
to format the product string in the right way is using:
proto_tree_add_uint_format_value.
This gets rid of the additinal string and item manipulation altogether.
Change-Id: Iadd69b7dc284e62039402de53418f41460d88a5d
Reviewed-on: https://code.wireshark.org/review/13973
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
if the bit is set, it's an R(NAK) block
Change-Id: I0e44bd72d1c2a69a582792d08bf450e6ef2d163b
Reviewed-on: https://code.wireshark.org/review/13976
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The standard says that UDPv6 is the index 2. However, the dissector
contained the old implementation of RTI DDS (which had SHMEM = 2
and UDPv6 = 5). I have updated the dissector to be compliant with
the standard and indirectly be compliant with the new version of
RTI DDS which now implements the standard in this aspect.
Change-Id: Iaade0e457fda35362c04a7658d62242cf8868127
Reviewed-on: https://code.wireshark.org/review/13922
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. More Identity attributes
2. Port attributes
3. Set Attribute List request highlighted too much attribute data
4. TCP/IP object, Attr 5 needs padding
5. Switch most attributes to use wrappers instead of dissect_epath() directly.
6. Change new Volume 8 attributes to treat path size as words instead of bytes, when parsing size+EPATH formats.
Change-Id: I1b8c476475c6fbb9c7cdb99ec4a6c28934631a19
Reviewed-on: https://code.wireshark.org/review/13898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'const gpointer' is the same as 'void *const'. Replace with gconstpointer
where straightforward (assuming that was the intent) and use gpointer everywhere
else for clarity (that does not change *API* constness contract; it just means
a variable is not declared immutable inside the called funtion).
Change-Id: Iad2ef13205bfb4ff0056b2bce056353b58942267
Reviewed-on: https://code.wireshark.org/review/13945
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
TL and T0 are followed by TA(1), TB(1) and TC(1), in this order
Change-Id: I356da8bb475d55f36e5b9ff02d35fcf35c457223
Reviewed-on: https://code.wireshark.org/review/13961
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
use the same hf as for ATQB's FWI
Change-Id: I2c1db117688e16e91fc4072d9b6f4bba46f64fd6
Reviewed-on: https://code.wireshark.org/review/13960
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: If33cf41f46f2be9c66fc4a626af6a2c010fba7d3
Reviewed-on: https://code.wireshark.org/review/13931
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For 802.11n, if the GI length is present in the MCS field and is "short
GI", "gi_length" is equal to 1, not to 0, so set the "short GI" flag in
the generic radio information to "gi_length".
Bug: 12123
Change-Id: Ica2c5794698a643a6393f0468cdbfe025aa90074
Reviewed-on: https://code.wireshark.org/review/13950
Reviewed-by: Guy Harris <guy@alum.mit.edu>
From scan-build:
packet-lwm.c:466:33: warning: Assigned value is garbage or undefined
Change-Id: Ib9e1cfd3f9462d0bbb5a87ae4d323c333878323d
Reviewed-on: https://code.wireshark.org/review/13937
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
semcheck.c:986:24: warning: cast from function call of type 'sttype_id_t' to non-matching type 'int' [-Wbad-function-cast]
semcheck.c:986:5: warning: format '%p' expects argument of type 'void *', but argument 3 has type 'struct stnode_t *' [-Wformat=]
Change-Id: I83031251c83f6597eb7c31f35e02c5a95bd2dabb
Reviewed-on: https://code.wireshark.org/review/13930
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Have the Frame Relay dissector first check the fr.osinl table and then
the osinl.incl table, so that it finds Q.933 rather than Q.931 for an
NLPID of 0x08.
Change-Id: I1582482003c2ff96100f6c3e1eb77917ab04c9ee
Reviewed-on: https://code.wireshark.org/review/13929
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need for platform-specific system header boilerplate.
Change-Id: I5387a0005ddb0d7aab3c5b9f28d6282053c1b0fd
Reviewed-on: https://code.wireshark.org/review/13865
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
on my particular trace. This duplicates the value with the C/R-bit set. Needs
a proper fix eventually.
Small indentation fix.
Change-Id: I6bf7c560b5161994b8d90d7ae70724c03c6df73b
Reviewed-on: https://code.wireshark.org/review/13926
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
define a function to dissect the CRC depending on the card type
add a circuit for an activated card to keep track of the card type
define a new circuit type CT_ISO1443 for this purpose, the circuit ID is
always 0 as we support only a single active card
Change-Id: I7250f834301612ba50743258ca7bdbe0199de3ea
Reviewed-on: https://code.wireshark.org/review/13908
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I2f1455cf50d9a90a516194ed09d7f6d6932e3afe
Reviewed-on: https://code.wireshark.org/review/13912
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5866ea2d6a08a90799882b0c4626d0ed215069a8
error: ‘fake_lchid_macd_flow’ defined but not used [-Werror=unused-const-variable]
error: ‘hsdsch_macdflow_id_mac_content_map’ defined but not used [-Werror=unused-const-variable]
error: ‘hsdsch_macdflow_id_rlc_map’ defined but not used [-Werror=unused-const-variable]
Reviewed-on: https://code.wireshark.org/review/13871
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC5444 §5.4.1 specifies that for address block TLVs:
end-index := <num-addr>-1
when both thassingleindex and thasmultiindex = 0.
It was incorrectly initialized to <num-addr> when <num-addr>!=0
(i.e for address block TLVs).
Change-Id: I4a78f263ffb122c0d6c0b54b4e8d1d6d525353e0
Reviewed-on: https://code.wireshark.org/review/13911
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
with gcc-4.4.x
Change-Id: I823787dd7c4c92d74cd294e6e2d44b3574ae4d20
Reviewed-on: https://code.wireshark.org/review/13909
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12033
Change-Id: I04ad97933639b1c6192608d12a1fb72f4c3725e2
Reviewed-on: https://code.wireshark.org/review/13576
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adding this information is useful for custom dissectors so they can
add it to the display. When a lot of samples are sent in RTPS in
the same batch, it is very helpful to have the index in the display.
Change-Id: I0f158eeb9d5e9b4fcf67ef6e72dcfa655b9cc427
Reviewed-on: https://code.wireshark.org/review/13875
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use CoAP's token to match responses to requests in CoAP.
Change-Id: I13141e3490d54aa27aea7c94d8199dcc0166d493
Reviewed-on: https://code.wireshark.org/review/13859
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When building without --enable-extra-compiler-warnings then -Werror
is enabled by default and the test-programs make target fails
because of a -Wclobbered warning.
Change-Id: I6f01d76f2bf9351e2ed306f4cbdcf8b6ed200fea
Reviewed-on: https://code.wireshark.org/review/13869
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Register dissector as "mq" (for Export SSL PDU) and consolidate
different heuristics dissector functions into one (TCP vs. non-TCP).
Make it possible to select mq for SSL and add heuristics.
Bug: 4652
Change-Id: Ib0812dc75dda3fe47f46a917f14399f4a92f5b76
Reviewed-on: https://code.wireshark.org/review/13856
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
b_inst_strlen = tvb_strsize(tipc_tvb, offset);
^~~~~~~~~~~~~
packet-tipc.c:1090:4: note: ...this ‘if’ clause, but it is not
if ((message_type == TIPCv2_RESET_MSG)
^~
Change-Id: I9a9f1e5e70ce183af30dd93242993bbddffdfd95
Reviewed-on: https://code.wireshark.org/review/13870
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The packet_num was left uninitialized after refactoring "Follow Stream".
Ping-Bug: 11988
Change-Id: Iaea2560c8417503de59ddb0337cd023bcbcbbfee
Reviewed-on: https://code.wireshark.org/review/13872
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
if length is set to 7 then the 20 *rightmost* bits of
the 'SID/Label/Index' field represent a MPLS label.
Change-Id: If196af244549b75a80de11c1d8e11507e9a6ce58
Signed-off-by: Francesco Fondelli <francesco.fondelli@gmail.com>
Reviewed-on: https://code.wireshark.org/review/13848
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
When a pref is renamed (e.g. from eth.qinq_ethertype to
vlan.qinq_ethertype), the latter module must be marked as changed.
Otherwise the pref has no effect as the vlan handoff routine is not
called.
For consistency, set the module for preferences migrated from smpp (the
gsm-sms-ud dissector does not have a handoff routine for these prefs,
so it has no functional effect for that dissector).
Undoes I89f4a2d125e18d113edec4bf35599f128249e913, fixes
I2a49dce93fdc7fab4ab3dc52dad90288c2d17434.
Change-Id: I255b49db23c7958f9fb2214c54f3f35386fa5e9a
Reviewed-on: https://code.wireshark.org/review/13851
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using code annotation to squelch detection by Coverity of use of macro
parameter comparison to NULL, which we use to allow for leaving out
strings if we don't have them.
In this particular case it's happening in macro expansion.
Change-Id: I5782c5891cab99860a9bae9519cf259359a09712
Reviewed-on: https://code.wireshark.org/review/13858
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Otherwise, they just look like TCP segments.
Change-Id: I2f7601316012811d64c903bf3b2ff4ac4c8f6ce2
Reviewed-on: https://code.wireshark.org/review/13864
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That leaves less room for getting it wrong.
Change-Id: Iea003fc102ccd14db2924b70fc685033ca34f291
Reviewed-on: https://code.wireshark.org/review/13863
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, get rid of an unnecessary argument passed to the
defragmentation routines - it's always equal to the rpc_defragment
preference variable, so just use that.
Bug: 11913
Change-Id: Ia3b14ca11ae4fb423bcba4debb7c62245d8aed43
Reviewed-on: https://code.wireshark.org/review/13860
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove left over code from adding att_family IPv6.
Change-Id: I5414eb68f7d25139cb56ea8c5ce6b335ec774df4
Reviewed-on: https://code.wireshark.org/review/13838
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a check for out-of-bounds before calling tvb_strsize() because
this will THROW an exception if not finding a terminating NUL.
Unhandled exceptions will mess up Lua luaL_error() handling and
will end up in a crash.
Change-Id: Ieafef59a3858656e0d8c79904828b631657b4cbc
Reviewed-on: https://code.wireshark.org/review/13842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change enum constants to a macro definition instead (even though not
all of them generate overflow warnings).
Change-Id: I276306055d5676b66020976d25665dc1dd7530ec
Reviewed-on: https://code.wireshark.org/review/13815
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The check against 0 isn't really necessary, as stbc_streams >= 0 and
ieee80211_ht_streams[info_n->mcs_index] >= 1, but, what the heck.
Make stbc_streams unsigned, as the value assigned to it is unsigned.
Bug: 12085
Change-Id: I98e0edb718f62ee07bbe56b9d15859c68b7d2e43
Reviewed-on: https://code.wireshark.org/review/13844
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On error in Dissector_call and DissectorTable_try we should not
terminate with WSLUA_ERROR because the error is already reported
in the tree with show_exception().
Change-Id: I60739f12cb8b16fe2270f47701286fd0dbf04c6f
Reviewed-on: https://code.wireshark.org/review/13819
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
For historiacal reasons OBEX protocol was implemented as
"Bluetooth OBEX", that means it is OBEX + Bluetooth related stuff.
However Bluetooth related stuff does not caused any issue right now,
so allow to use this dissector in non-Bluetooth cases.
Bug: 11724
Change-Id: Ic645308bc854602d009f254ebbfd1b703a4c6a25
Reviewed-on: https://code.wireshark.org/review/13740
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change fix a leak in the prefs subsystem when setting a preference as obsolete.
Found by valgrind.
==5779== 1 bytes in 1 blocks are definitely lost in loss record 7 of 3,421
==5779== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5779== by 0xA7FE610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==5779== by 0xA815B0E: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==5779== by 0x65E01DF: register_string_like_preference (prefs.c:1052)
==5779== by 0x65E054E: prefs_register_string_preference (prefs.c:1096)
==5779== by 0x688D010: proto_register_dtls (packet-dtls.c:1828)
==5779== by 0x71C4C34: register_all_protocols (register.c:350)
==5779== by 0x65EEFA7: proto_init (proto.c:521)
==5779== by 0x65CD621: epan_init (epan.c:126)
==5779== by 0x115330: main (tshark.c:1220)
Bug: 12096
Change-Id: I8f36114e2098b0255b4e774c6e0f35b64da6d366
Reviewed-on: https://code.wireshark.org/review/13798
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I1ccd9885746a6044f298d7d531a9bc009a70288e
Reviewed-on: https://code.wireshark.org/review/13802
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit 13ec77a9fc.
This commit introduces a segmentation fault for Lua code (uncovered by the test suite).
Change-Id: Ibc273d1915cda9632697b9f138f0ae104d3fb65e
Reviewed-on: https://code.wireshark.org/review/13813
Reviewed-by: João Valverde <j@v6e.pt>
Try to improve 'address' API (to be easier/safer) and also avoid
some constness warnings by not overloading the 'data' pointer to
store malloc'ed buffers (use private pointer for that instead).
Change-Id: I7456516b12c67620ceadac447907c12f5905bd49
Reviewed-on: https://code.wireshark.org/review/13463
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
The casts should be to gpointer but are unnecessary.
Change-Id: I27229750ec53138820cce30b6fcc083d3ae5bea1
Reviewed-on: https://code.wireshark.org/review/13810
Reviewed-by: João Valverde <j@v6e.pt>
It's also used as an array index, and it also is no guaranteed to be in
the proper range in all capture files, so bounds-check it.
Make the variable's type match that of the field in the radio metadata.
(It's never negative, so it's unsigned.)
This appears to be the last of the unchecked array references from bug
12085.
Bug: 12085
Change-Id: I3e5b821a9b70dfd520d01036f6f7d02008aca200
Reviewed-on: https://code.wireshark.org/review/13806
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The arrays have MAX_MCS_INDEX+1 entries; valid indices to from 0 to
MAX_MCX_INDEX.
Change-Id: Ibbd30d36cc16143482b34212b1c6ce8df9e555ab
Ping-Bug: 12085
Reviewed-on: https://code.wireshark.org/review/13805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The arrays have MAX_MCS_INDEX+1 entries; valid indices to from 0 to
MAX_MCX_INDEX.
Change-Id: Ib8b939e687a00505cab5e5f9b3b6dce34e9d0b47
Reviewed-on: https://code.wireshark.org/review/13803
Reviewed-by: Guy Harris <guy@alum.mit.edu>
if we just return the offset, there's no need to check for overflows
the caller continues dissection from the returned offset
if the offset is invalid, the core routines will throw an exception
if we call proto_item_set_end() with the calculated offset,
we can do the range check using tvb_ensure_bytes_exist()
Change-Id: I0e2a7b2a866596eda0d7ed4a948fbea8ed084845
Reviewed-on: https://code.wireshark.org/review/13792
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
LLRP defines fairly complex parameter nesting which we handle via recursion,
however this means a large crafted packet could cause very deep stacks and
potentially stack overflows. Limit our recursive depth to an arbitrary, which
should be more than enough for any legitimate packet (I hope).
Bug: 12048
Change-Id: I9ac31bddfa4ffd1a79809387d10d2261749b95e7
Reviewed-on: https://code.wireshark.org/review/13794
Reviewed-by: Evan Huus <eapache@gmail.com>
Fix space issues in some ASN.1 dissectors.
Change-Id: I4ceccfbe9a13c93fc91821d1bfe4b7d6bb39c435
Reviewed-on: https://code.wireshark.org/review/13791
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I0d9511ed9cb93446766d510b97fdefe56a86a826
Reviewed-on: https://code.wireshark.org/review/13787
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Pascal Quantin