Editcap accepts '-' for stdin or stdout, document that. Also change
an incorrect statement that claims that the '-v' flag writes to
standard output; it writes to standard error.
If we're running in the Logwolf configuration namespace, look for
extcaps in a directory named "extlog". This paves the way for adding
log-specific capture utilities.
InfiniBand and RDMA over Converged Ethernet (RoCE) are handled by the
infiniband dissector. Register DRBD as a dissector for infiniband
payloads.
Not yet implemented:
* Dissection of data payloads. For P_DATA and similar packets, the data
payload is transmitted over multiple packets. Only the first packet
containing the DRBD header is dissected.
* Dissection of the InfiniBand Immediate Data. DRBD uses this for
sequence numbers and for indicating which stream the packet belongs
to.
* Any attempt to associate packets into conversations. This could be
achieved when the connection packets have been captured, but would be
very difficult otherwise.
* An association with infiniband.cm.req.serviceid.dport. When using
RoCE, this is the port that the user specifies for the connection, so
it would be useful to associate it with the DRBD conversation and show
it. Otherwise it is tricky to identify DRBD connections.
RFC 8781 shows in section 4 that the prefix field of the PREF64 option
header is always 96 bits (or 12 bytes), regardless of the prefix length
code that only specifies which parts of the prefix are significant. The
option itself thus always has a fixed length. Even if they are not used
in the significant part of the prefix itself, the unused bits are still
part of the prefix field of the PREF64 option and the offset must be
adapted accordingly.
The previous implementation would fail to correctly parse any PREF64
option with a PLC other than 0 (i.e. the full 96 bits) due to the unused
remaining bits in the option not being consumed.
Closes#18033.
Instead of saying a leading colon will make any token a literal
value, say it is part of the syntax of bytes arrays. This is
useful to write bytes without a separator, and other potentially
ambiguous formats.
The restriction in meaning to bytes and simple numeric values
should make the rules for handling a leading colon (specifically
ommiting it or not) saner without much loss of functionality.
When retrying fvalue_from_literal() we were leaking the error
message string.
Refactor the code to avoid the retry. This assumes the only
valid use of a leading ':' with a literal is for an IPv6 address.
Bytes with leading ':' are supported but the colon is skipped,
so the parser doesn't see it.
Fixes df0fc8b517.
Rework the out of order dissection to store the out of order
segments and add them to reassemblies only after the gaps are filled.
This allows reassembly of contiguous segments to be dissected when
they can, instead of having to wait for all segment gaps to be
filled. In cases where a segment has an erroneous later sequence number,
this prevents reassembly from being completely halted.
It is now guaranteed that when the subdissector is called that the
segment from the current frame is either the first segment of the
MSP or has bytes that were requested from the last call of the
subdissector. This makes it easier to split MSPs in a later commit.
MSPs now always have the first segment with the sequence number,
so MSP_FLAGS_MISSING_FIRST_SEGMENT and first_frame_with_seq are
obsolete and can be removed later.
This fixes a long standing TODO in the out of order test in
suite_dissection.py
Dissection is more consistent between the first pass and later
passes, though there is more to be done.
FragmentBoundsErrors aren't malformed, but add an expert warning
at the PI_NOTE level to hint to users that they may want to turn
on reassembly preferences.
Fix parsing of some IPv6 addresses and add tests.
Also pass tokens as unparsed unless the user was specfic about
the semantic type. For example the IPv4 address 1.1.1.1 is also a
valid field, but 1.1.1.1/128 is not (because of the slash). However
choose not to enforce the distinction in the lexical scanner and pass
everything as unparsed unless the meaning is explicit in the syntax
with leading dot, colon, or between angle branckets.
RTP dialogs can stay opened, therefore calls of its functions are
protected by locks. There was issue that same mutex was used during
construction of the dialog and calling functions. It created possible
deadlock.
Change separates lock used for dialog creation and lock for function calls.
When function call lock is locked, new calls are ignored and warning is
printed to STDERR. Showing a dialog with warning looks too intrusive to me.
Fixes#18025
PDUs on TCP streams can fail to be reassembled for a variety of reasons,
most of which can be determined by the TCP dissector before calling
a subdissector. However, individual subdissectors can have their own
preference indicating not to desegment, and this cannot be handled until
the subdissector calls tcp_dissect_pdus(). Fix#18027.
Restores support for filters such as "mac-lte", that was broken
in 330d408328.
This means we are not able to support arithmetic expressions with binary
minus without spaces.
$ dftest 'tcp.port == 1-2'
dftest: "1-2" is not a valid number.
The format and meaning of the bits in the Capability information field
has been different than what was implemented since at least 802.11-2016.
Defined in 9.4.1.4 Capability Information field.