The normal response to Write Single Coil and Write Single Register is an
echo of the request and thus the Request/Response of these codes cannot
be classified based on the length alone.
When the mbrtu.tcp.port value is set to Modbus Slave listening port,
then the Query/Response is correctly classified as long as the Master
source port is different to the Slave listening port.
Bug: 15573
Change-Id: I5cb9f1edb4cdc8e8872196075c14c61ae69b5d15
Reviewed-on: https://code.wireshark.org/review/33077
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the heuristics, don't fetch fields unless we're sure they're
available in the captured packet data.
Change-Id: I56ca1675aee13fe1629f02903573a392459d4846
Reviewed-on: https://code.wireshark.org/review/33102
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Every SysEx Manufacturer can decide its own SysEx message format.
As there are quite a lot of registered SysEx Manufacturers, it is best
to not mix all the Manufacturer specific commands in one file.
During the extraction following have been changed:
* sysex.digitech prefix changed to sysex_digitech
* sysex.device_id changed to sysex_digitech.device_id as the MIDI
System Exclusive specification doesn't specify anything except the
(Extended) Manufacturer ID
* sysex.digitech.device_id renamed to sysex_digitech.received_device_id
as this field is part of the Who Am I command response
* Remove the PROTO_CHECKSUM_ZERO flag - the actual checksum is simply
XOR of all bytes. Prior this change the actual checksum byte was
XORed together with the checksummed data.
Change-Id: I225149f16a83b7629ce4bf9f6ca81c1d93dd856a
Reviewed-on: https://code.wireshark.org/review/33070
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add SysEx reassembled message information under the "USB Midi Event
Packet" not under the "USB Audio".
Ping-Bug: 15503
Change-Id: I2c9367b1dcce0026964e1b9cdeb2af3875b5e882
Reviewed-on: https://code.wireshark.org/review/33085
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector tries heuristic dissectors too. Preference was added
determining if heuristic dissectors should be tried first.
Change-Id: I47dbbb6a7ebe2dd0266ad7c081141ada00ecde4a
Reviewed-on: https://code.wireshark.org/review/33055
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DDP length is 10 bits long, not 2 bits long; it includes the bottom
2 bits of the first octet *and* all 8 bits of the second octet.
The checksum is at an offset of 2, not 0, from the beginning of the header.
Change-Id: I7e2b8eff4d023f80a894f1e1eec7b71d08510f7e
Reviewed-on: https://code.wireshark.org/review/33094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix suggested by Mark Hermeling.
Bug: 15750
Change-Id: I0d5e29e549acf797b234175f27aa6e49a5a45436
Reviewed-on: https://code.wireshark.org/review/33080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Try to recognize FRF.3.2/RFC 2427 frames that have a non-UI control field,
and Ethernet-directly-over-Frame-Relay frames, using heuristics; use a
heuristic to identify Cisco HDLC-over-Frame-Relay frames. All
heuristics involve checking the dissector tables for various protocol
discriminators (OSI NLPID, Ethernet type, Cisco HDLC type) to see
whether the value of the purported protocol discriminator has a
dissector.
Change-Id: I46d6ba2881674b102fb6983a43f0355e036f53d7
Reviewed-on: https://code.wireshark.org/review/33090
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-sysex.c contains UTF-8 characters which breaks builds that do not
have a UTF-8 locale. Reproduce with Python 3.6 or older using
LANG=C ninja epan/dissectors/dissectors.c
Change-Id: Iaa98756ee80384f415c58aef23560210e500df2f
Reviewed-on: https://code.wireshark.org/review/33087
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Format types differ quite a lot between USB Audio version 1 and 2 thus
it is good to clearly separate the dissection into separate functions.
So far only the format type 1 of version 2 USB Audio Audio Streaming is
dissected.
Ping-Bug: 15503
Change-Id: I40544c7efb05810e2281248d1d1d33951b3b42a9
Reviewed-on: https://code.wireshark.org/review/33065
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'zbee_zcl_se.drlc.report_event.signature_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I79bfd0178f46444a08f2350cddbc792ea480a173
Reviewed-on: https://code.wireshark.org/review/33075
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ic5a3653cb8bcc33e0be108c8b201567e7090f9f5
Reviewed-on: https://code.wireshark.org/review/33043
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I5326b87784817fb353329e2d686fe0515c32f6cb
Reviewed-on: https://code.wireshark.org/review/33038
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
The string type is the default in elasticsearch, then there is no
need to put those entries in the mapping report. This shortens a lot
the list.
Small indentation fix, while here.
Change-Id: If304d409a3ee2c30f24b5de4d90be522bbfae41e
Ping-Bug: 15719
Reviewed-on: https://code.wireshark.org/review/33053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show PDO version of PRes in the same way as we do it for PReq.
Change-Id: Ib433ade6cfedfcf74e9886bcfc8eba08dcddb588
Reviewed-on: https://code.wireshark.org/review/33062
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include undecoded data expert info for partially dissected Audio Streaming
descriptors.
Ping-Bug: 15503
Change-Id: I93f03dea42af11b3fd4ab684766c26335bc08e57
Reviewed-on: https://code.wireshark.org/review/33063
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Output Terminal descriptor only when the version is supported by
the dissectr (1 or 2).
Ping-Bug: 15503
Change-Id: Icc64f8288c9917b5b7c3dfd88fe8a6d591d64dcd
Reviewed-on: https://code.wireshark.org/review/33061
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Input Terminal descriptor only when the version is supported by
the dissector (1 or 2).
Ping-Bug: 15503
Change-Id: I98bc5d52c4b0a7849c48e2e7f9d9e36f5ef254cf
Reviewed-on: https://code.wireshark.org/review/33057
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I8443379d23a2946dd21c12e5e0bd5464ab73ca25
Reviewed-on: https://code.wireshark.org/review/31857
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The MQTT documentation states "The Payload contains the Application
Message that is being published. The content and format of the data
is application specific."
Bug: 15738
Change-Id: Ie9d603049821fd7fe73add675a95245d5f27e0b0
Reviewed-on: https://code.wireshark.org/review/33020
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It was a bad idea to bring back the border around inactive+selected packet
list items in g009283a6 because it will move the text some pixels down.
Revert this part because we now have support for customize the colors.
Remove the old "style_inactive_selected" handling because it has no effect.
Change-Id: I7599591a957a11d42964f7dc0981411cf3b28b4f
Reviewed-on: https://code.wireshark.org/review/32964
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
We only need to call WSAStartup and WSACleanup once, so do so. If we
encounter an error, report it using win32strerror.
Use win32strerror instead of FormatMessage in cap_open_socket.
Change-Id: I59868d6baecb1dfc98946dc68c2346b79436d2c7
Reviewed-on: https://code.wireshark.org/review/33044
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It prevents format checking; use "%s" as the format string.
Change-Id: Ic05ed64f4b2b6c243f072b0b306e0e06aa1eb3fd
Reviewed-on: https://code.wireshark.org/review/33041
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Generalise Audio Control subclass dissection to include undecoded data
expert info not only when the whole subtype is unknown, but also when
the descriptor was only partially dissected.
Ping-Bug: 15503
Change-Id: Id9d2d9c172e7c649a44290159cb74a9dfaab746c
Reviewed-on: https://code.wireshark.org/review/33037
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"initial_version" might not contain a valid QUIC version if the initial
packet is used to trigger version negotiation. This was observed with
quiche (on draft -18) which uses 0xbabababa. Change heuristics to detect
the new format instead.
Bug: 13881
Change-Id: I8f1dc466575f37a27ee579a6e3dd38e154c3fa5d
Reviewed-on: https://code.wireshark.org/review/33032
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In ws_pipe_wait_for_pipe() on Windows, the WaitForMultipleObjects() waits
on the pending pipe connection events and process handle. If the process
handle is signalled, then it means that the process did exit without
connecting to the pipes.
The WaitForMultipleObjects() was not waiting on the process handle and thus
if the process did fail without connecting to pipes the Wireshark gui was
frozen for 30 seconds.
This change fixes the freeze by increasing the number of handles, so
WaitForMultipleObjects() is aware of the process handle.
Change-Id: Id13824a60baf4be7795cbe1d5ed1c7932edbff45
Reviewed-on: https://code.wireshark.org/review/33028
Reviewed-by: Gerald Combs <gerald@wireshark.org>