The function to dissect CSuite Sel returns offset not number of
dissected bytes so calling function must assign new offset rather
than incrementing. For consistency also update the CSuite List
function to return offset.
Fix issues found by running ./tools/check_typed_item_calls.py
epan/dissectors/packet-eap.c:1475 proto_tree_add_item called for hf_eap_gpsk_failure_code - item type is FT_UINT16 but call has len 4
epan/dissectors/packet-eap.c:1479 proto_tree_add_item called for hf_eap_gpsk_failure_code - item type is FT_UINT16 but call has len 4
Speed functions to print hex bytes, escape XML strings and
print out indents by avoiding specifier calls, and building
larger strings before calling fputs().
Someone mentioned this in the sharkfest chat yesterday.
Also, Ostinato relies upon this when importing from pcap.
An example capture I have has gone from 18 to 11 seconds.
As noted in bug #16386, glib's `g_base64_decode_inplace()` aborts
decoding of base64 strings that aren't padded. This addresses that by
adding padding "=" characters if needed to the buffer which will be
decoded.
I added the test case from the bug report to the test suite, though the
location therein may not be ideal.
Closes#16386
Found by running ./tools/check_typed_item_calls.py
epan/dissectors/packet-ieee80211.c:14209 proto_tree_add_item called for hf_ieee80211_osen_akm_count - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-ieee80211.c:20025 proto_tree_add_item called for hf_ieee80211_tclas_ether_type - item type is FT_UINT8 but call has len 2
Fix issues found by running ./tools/check_typed_item_calls.py
epan/dissectors/packet-gtp.c:4414 proto_tree_add_item called for hf_gtp_sel_mode - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtp.c:6807 proto_tree_add_item called for hf_gtp_rai_rac - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtp.c:7600 proto_tree_add_item called for hf_gtp_bssgp_cause - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-gtpv2.c:3607 proto_tree_add_item called for hf_gtpv2_trace_id - item type is FT_UINT16 but call has len 3
epan/dissectors/packet-gtpv2.c:5049 proto_tree_add_item called for hf_gtpv2_trace_id - item type is FT_UINT16 but call has len 3
Make display_signed_time() take a 64-bit signed number of seconds, and,
in calls to it, cast the argument to gint64, not gint32.
Addresses issue #16909.
This unfortunately includes the name of the filter element but "sack" in TCP
should not mean "a packet with syn+ack set" to most networking people nowadays.
Added a dissector to reassemble IPP Over USB packets and pass them to
the HTTP dissector. Added a display filter so IPPUSB packets can be
filtered. Dissector checks to ensure semgent is IPPUSB and supports
reassembly of send-documents and print-job documents. It also supports
the reassembly and dissection of packets that are truncted or
incomplete.
Change-Id: Icc9525592c07b00baaac887a70bc9e7568273016
This commit introduces usbll states. These states
represent the transaction upto the current packet.
Uses of introducing usbll states:
1. Avoid condition checks upto last three packets.
2. Identify invalid PID sequences.
3. Identify correct transactions. This will help in
the USB 2.0 reassembly.
Ping-bug: 15908
Signed-off-by: Ameya Deshpande <ameyanrd@outlook.com>
Implement the Unicode Standard "best practices" for replacing ill-formed
sequences with the Unicode REPLACEMENT CHARACTER. Add wmem_strbuf_append_len
for appending strings with embedded null characters. Clarify why
wmem_strbuf_grow() doesn't always ensure that there's enough room for
a new string, and short-circuit some tests there. Related to #14948
- Rename some elements to their current RFC names
- Add an expert item for msg_len field
- Create an attribute for 8006 as unknown to avoid triggering the expert item for unknown attributes
packet-fbzero.c:348:47: error: ‘tag_len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
Change-Id: I775edcae2bfdc6184267ee8d1873744a675e0fba
Under some conditions the trailer can be added after the FCS has already
been added. Advance 4 bytes and take a second look for a triler without
needing to resort to walking the trailer.
Whether over RTP or just UDP, it's possible to get multiple simultaneous MP2T
transport streams between the same pair of IPs but on different ports. They
will not be part of the same reassembly. Thus the reassembly table functions
that use ports as well should be used to avoid ressembly errors and overlaps.
If the encapsulation is WTAP_ENCAP_PER_PACKET, all we know about the
file is that it might not include radiotap packets and, if it does, it
also includes non-radiotap packets.
If it's *not* WTAP_ENCAP_PER_PACKET, properly report it
(wtap_file_type_subtype() returns the *file type* of the file, not the
*link-layer header type* - yes, that *happens* to work for a pcap file
with Ethernet packets, because the values of WTAP_ENCAP_ETHERNET and
WTAP_FILE_TYPE_SUBTYPE_PCAP both *happen* to be 1, but that's pure
luck).
While we're at it, test only once for --skip-radiotap-header and put
both tests inside that if.
In the heuristic function we don't know the length of the CID in the short
header, so we assume the worst case scenario compatible with packet length
(no more than 20 bytes)
The private members save_action_ and remove_action_ in class FieldFilterEdit
are not used. Remove them.
(It looks as if FieldFilterEdit was copied from DisplayFilterEdit, where
those two actions are present and linked to slots...)
There's a check for adding a zero length fragment to a reassembly in progress,
but it accidentally checks fd_head->tvb_data (the reassembly in progress)
instead of fd_i->tvb_data (the new fragment) before calling tvb_get_data() on
fd_i->tvb_data. (Note that data / fd_head->tvb_data is created based on the
sum of the lengths of all the fd_i->tvb_data, so the former can only be NULL
if all the latter are, but it's possible for one fragment to be zero length
but not the entire reassembly. Thus this is the necessary and sufficient check.)
Fixes#15569
Martin Mathieson