Only do retransmission detection for CON and NON type messages.
Change-Id: I5b5d93800918a98d4d321d1dcd0f3090b485ba9e
Reviewed-on: https://code.wireshark.org/review/37842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The M bit is used in Block1 Option in a request and in Block2 Option
in a response. Use this to determine when to prefix the block number
information with "End of".
Change-Id: I11c741b15f97f68d668d6cbec97660a6ea392dc1
Reviewed-on: https://code.wireshark.org/review/37629
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add items for block_payload and block_length to be used for block
analysis when reassembly is not complete.
Change-Id: I969cac9a50903431c727a2fc424eca464f0167d7
Reviewed-on: https://code.wireshark.org/review/37622
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Any private or vendor-specific options are not invalid, so mark them
as unknown. Move expert info to option entry. Add the unknown option
number to the item.
Change-Id: I567c397787d4afddffdca407a8c2e39db828ab83
Reviewed-on: https://code.wireshark.org/review/37562
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the raw value for the block "More Flag", not the already adjusted one.
Change-Id: I13ddd24c4f9b9201798d18abe008945879f03774
Reviewed-on: https://code.wireshark.org/review/37442
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
-Update dissection of the OSCORE option.
-Enable zero-length Sender and Recipient ID.
-Add ID Context field in preferences.
-Update context derivation to rfc8613.
-Extend context lookup to include ID context.
-Fix Observe responses.
Bug: 16585
Change-Id: Ib9823a54cf535be3559e1c41a19b8b612458777f
Reviewed-on: https://code.wireshark.org/review/37314
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not assume that having a TCP port means that CoAP is running directly
over TCP: this is not the case with MQTT for example (see bug 14591 for
a capture). Instead explicitly check that the parent dissector is TCP or
TLS.
Bug: 15910
Change-Id: Ib4880623b8525fe6be52a685397005eac86da135
Reviewed-on: https://code.wireshark.org/review/35879
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The current implementation assumes a wrong OSCORE option type
"21". RFC 8613 was release in July 2019 and defines an OSCORE option
type of "9". See: https://tools.ietf.org/html/rfc8613#section-2
Change-Id: I5fea8dffc2d1586f891b2b3b9fa42183b138e0ab
Reviewed-on: https://code.wireshark.org/review/35163
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- switch from tcp_dissect_pdus() to pinfo based reassembly as the header
size is variable
- use the proper message length when dissecting the payload
- reuse the conversation from the TCP disector instead of creating a new
one and breaking the TCP analysis
Ping-Bug: 15910
Change-Id: Ie2689363a01343bbb45cba6a48ce3475521954ec
Reviewed-on: https://code.wireshark.org/review/34987
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The observe option has different values for request and response. For
request it identifies register or deregister, and for response it is a
sequence number for reordering detection. RFC 7641 chapter 2.
Change-Id: I09515864997a32f7259e344532ea770b74030b04
Reviewed-on: https://code.wireshark.org/review/34368
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use both Token and Message ID in request/response tracking and retransmission
detection. The token is the same when using observables but the message id is
increasing.
Change-Id: I545416ce139328e6a8eb67258d7b51bddb6b278e
Reviewed-on: https://code.wireshark.org/review/34367
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Support is limited to message framing.
Bug: 15910
Change-Id: Ia27c0b8428842618af00720441a9ef9cf163fecb
Reviewed-on: https://code.wireshark.org/review/34001
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Show as expert info and in info column. Link to first request/response.
Change-Id: I990d9a5aec5904dabe22bcb103426a8549cef31b
Reviewed-on: https://code.wireshark.org/review/32615
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In frame 121, piv_len was 1 while piv was NULL. Ensure that both piv and
piv_len are reset to avoid this. Adjust another check to ensure that piv
and piv_len are in sync (probably not necessary, but it seems the
intention).
Bug: 15172
Change-Id: If8636d32f3273d6707749c807bd7d676ca9ab96d
Fixes: v2.5.2rc0-9-g830ea5731a ("CoAP: Hooks to OSCORE")
Reviewed-on: https://code.wireshark.org/review/30100
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the long run, we'd like to remove the time stamp from the frame_data
structure, as, in Wireshark, and in TShark in two-pass mode, there's one
allocated for every frame in the file, and shrinking the size of that
structure reduces the memory usage.
This removes one obstacle to that.
Change-Id: Ia8f87522cd974555c57e0ac1e742b097e8b0f2fc
Reviewed-on: https://code.wireshark.org/review/29881
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change from proto_tree_add_string() to proto_tree_add_item() for strings
which is fetched from the packet.
Change-Id: Iae6538977b2ecf69f83c62b47ac02198f5f09d54
Reviewed-on: https://code.wireshark.org/review/29348
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change was based on a incomplete/incorrect implementation of
LwM2M and is not correct because the payload encoding is mandatory
in the response.
This reverts commit 46fcf452ac.
This reverts commit b1e0cb01b3.
Change-Id: I89ae1f84e2735ad049a0f7c9045175940bed25cb
Reviewed-on: https://code.wireshark.org/review/27770
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add one fixed table for OMA (Normative) defined resource names and
one table for user defined resource names. All resources are identified
by a object ID and a resource ID.
Show number of elements in arrays instead of number of bytes.
Next iteration will add proper hf entries for OMA elements.
Change-Id: I4d6c053a7c448cc65692ba1d1e92a2033ff3b397
Reviewed-on: https://code.wireshark.org/review/27551
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A use-after-free is possible through the following path:
// returns wmem_packet_scope() memory
coinfo->ctype_str = val_to_str(coinfo->ctype_value, vals_ctype, "Unknown Type %u");
// leaks packet scoped memory into conversation
coap_trans = wmem_new0(wmem_file_scope(), coap_transaction);
coap_trans->req_ctype_str = coinfo->ctype_str; // <-- oops
// next packet: use-after-free of packet scoped memory
coinfo->ctype_str = coap_trans->req_ctype_str;
This could be fixed by duplicating "ctype_str" with wmem_file_scope, but
since all "ctype_str" strings are constant, make the problematic
"ctype_str" assignment also constant for unknown types (the numeric type
is also stored in "ctype_value" if necessary).
Change-Id: I6249e076fa282bbe0982b8c709788e27f6fdf86e
Fixes: v2.9.0rc0-317-g46fcf452ac ("coap: Store ctype values in transaction tracking")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8196
Reviewed-on: https://code.wireshark.org/review/27477
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add support for decrypting Observe responses with Partial IV within the
response. CoAP prioritizes the Partial IV from the response if present,
if not it passes Partial IV from the corresponding request.
Bug: 14417
Change-Id: Icb0f782de67bd0507db4f1f2a2ea90c72a4b6f0a
Reviewed-on: https://code.wireshark.org/review/25483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
OSCORE plaintext contains CoAP code, some CoAP options and CoAP payload.
To avoid code duplication, CoAP dissection of these fields used by
OSCORE is generalized and exported in packet-coap.h. Exported functions
and their subroutines now operate explicitly on local variables. This
allows OSCORE dissector to pass its header fields.
Use of "offset_end" instead of "coap_length" to denote the end of
message.
Bug: 14417
Change-Id: If51b0d585ab29d46c1c550fbf264fd3765ed4c32
Reviewed-on: https://code.wireshark.org/review/25482
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Structure oscore_info_t carries parameters needed by OSCORE for
decryption. These parameters are communicated in the CoAP layer within
the Object-Security option. To decrypt a response, OSCORE needs the
parameters from the corresponding request. Matching of responses to
requests on the CoAP layer is leveraged to pass the correct parameters
to OSCORE. This change adds an oscore_info_t pointer to coap_info and
coap_transaction structures in order to pass the parameters on to the
OSCORE dissector. Dissection of Object-Security option is reworked to
make use of the new coap_info element, instead of relying on local
variables.
Bug: 14417
Change-Id: I173057ba95407675aaa539ddbff51d02337551bc
Reviewed-on: https://code.wireshark.org/review/25481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This field is generated so mark it so. It may also be usable so
make it visible.
Change-Id: I10d951f234f1fba240059bc791b40d25dede07a9
Reviewed-on: https://code.wireshark.org/review/25350
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Shift the value stored in coinfo->block_mflag in
dissect_coap_opt_block so that we store 0/1 instead of 0/8.
Change-Id: I45ac08564ff1fdcaf4e7306692db862b6a70989b
Reviewed-on: https://code.wireshark.org/review/25248
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Niels Widger <niels@qacafe.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
1. Add Object-Security option handling to CoAP.
2. Add RFC8132 defined codes.
3. Fix indentation.
4. Use macros for masks.
Change-Id: I48c71513db14e79133fe323578123f99946cbaa9
Reviewed-on: https://code.wireshark.org/review/24913
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
For the moment this mirrors the port_type enumeration (PT_XXX), but the
intent is to move away from using "port types", eliminating most (if not
all)
Added conversation_pt_to_endpoint_type() so that conversations deal with the
correct enumeration. This is for dissector that use pinfo->ptype as input
to conversation APIs. Explicit use of port types are converted to using
ENDPOINT_XXX type.
Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef
Reviewed-on: https://code.wireshark.org/review/24166
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I29429f731b7e2f25568d44de455816ac70e079b6
Reviewed-on: https://code.wireshark.org/review/23740
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Conversation recording now uses a hash map instead of a tree. URI
reconstruction for responses has also been added to assist Thread CoAP
decoding.
Change-Id: I83dc0dc48534d5182cf37ba50dad67e1b095188a
Reviewed-on: https://code.wireshark.org/review/20553
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
coaps port is defined in RFC 7252, section 12.7.
CoAP (RFC 7252) is defined only for UDP, not TCP. For TCP, the frame
format is slightly different (draft-ietf-core-coap-tcp-tls-05) and
needs more dissector changes, so remove registration for now.
Change-Id: I1fc7163086f8fe66986565aa24b579ef24f72550
Ping-Bug: 13370
Reviewed-on: https://code.wireshark.org/review/19870
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
They already know who they are when they register themselves. Saving the
handle then to avoid finding it later.
Not sure if this will increase unnecessary register_dissector functions
(instead of using create_dissector_handle in proto_reg_handoff function)
when other dissectors copy/paste, but it should make startup time
a few microseconds better.
Change-Id: I3839be791b32b84887ac51a6a65fb5733e9f1f43
Reviewed-on: https://code.wireshark.org/review/19481
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Even when the token length is 0.
Bug: 12771
Change-Id: I0d77f0411fe90a6702d1f23ba9cd4b61433a5995
Reviewed-on: https://code.wireshark.org/review/17194
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also some other tricks to remove unnecessary tvb_get_string_enc calls.
Change-Id: I2f40d9175b6c0bb0b1364b4089bfaa287edf0914
Reviewed-on: https://code.wireshark.org/review/16158
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Lightweight M2M is a protocol on top of CoAP that is used for
device management. The specification contains a custom payload
format - a simple type, length, value binary encoding.
This patch adds support for dissecting this payload format.
While not yet officially registered, the main open source
implementation of the lwm2m protocol - eclipse's leshan - uses this
content type 1542 for its messages.
Bug: 12110
Change-Id: Ib022d1f485c706f1d69ceec7200790448d080965
Reviewed-on: https://code.wireshark.org/review/13835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Stig Bjørlykke