To quote the GenDC 1.1 specification, section 2.2.2 "GenDC Container
Header Description":
Unique signature identifying a GenDC Container: a FourCC code
encoded as 4 ASCII characters not null terminated ...
so it's FT_STRING, not FT_STRINGZ.
Give the URL for a page pointing to all GenICam standards, including the
GenDC standards, version 1.0 and 1.1.
According to the Novell IPX Router Specification, Chapter 4 "Service
Advertising Protocol (SAP)":
Server Name
This field contains the 48 byte character string name that is
assigned to a server. The Server Name, in combination with the
Service Type, uniquely identifies a server on an internetwork.
Although SAP response packets always include the full 48 bytes
for this field, typical server names are usually less than 48
characters long and are ASCII NULL terminated. The contents of
the unused bytes which follow the NULL terminator are undefined.
which seems to indicate that a full 48-byte name will not have a null
termintor. It also indicates that the field isn't null-padded, just
"null-terminated if it's not terminated by the end of the field's fixed
length"; perhaps we need to distinguish between the former and the
latter, although it's not clear what would be a good short name for the
latter.
In any case, it sounds as if it's not guaranteed to be null-terminated.
As per IEEE Std 802.1Q-2016, section 13.8 "MST Configuration Identifier
(MCID)",
The Configuration Name, a variable length text string encoded
within a fixed field of 32 octets, conforming to IETF RFC 2271's
definition of SnmpAdminString. If the Configuration Name is
less than 32 characters, the text string should be terminated by
the NUL character, with the remainder of the 32-octet field
filled with NUL characters. Otherwise, the text string is
encoded with no terminating NUL character.
so it's not FT_STRINGZ, it's FT_STRINGZPAD.
This applies to other configuration names as well.
The Aeron specification says nothing about it being null-terminated, and
in at least some captures, it's not null terminated.
Make it an FT_STRING, rather than an FT_STRINGZ.
Clean up a comment so that more of the URL is visible in a narrower
window.
MariaDB and MySQL are not longer drop-in compatible, they differ in very
different directions
for protocol and api. This patch contains support for MariaDB specific
commands and extensions:
- MariaDB specific character sets and collations (also updated MySQL
collations)
- MariaDB extended capabilities in greeting and login packets
- Support for MARIADB_STMT_BULK_EXECUTE command
- Removal of "5.5.5-" prefix in the version string.
These parameters are used by latest GQUIC versions.
Pcap examples are available in #16825
I noticed that gquic::dissect_gquic_tag() and gquic::dissect_gquic_tags()
don't really need the gquic_info parameter: remove it
Both osmocom and TTCN3 Titan are parsing Handover Request with an IPv6
Transport layer Address just fine, but wireshark was showing it as
malformed. Parsing the address similar to what is done in IPv4 fixes the
issue.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
Done by scanning the asan1 template files. If there are spelling
mistakes in the specifications, we should ignore. Note that for z3950, I had
already found and accidentally fixed the same errors in the generated
file (before I taught my script to ignore gnerated dissector files).
In the T11 version of FCOE, the length field was removed. If the last
four reported bytes don't look like the EOF plus padding, but the four
bytes before that do, then the Ethernet FCS is almost surely present so
treat it that way. Closes the other case of #4594
Now that we're setting the C-language locale to use the UTF-8 code page,
they're already *in* UTF-8; g_locale_to_utf8() doesn't treat the
C-language locale's code page as the "locale" code page, it uses the
system code page, so it reads a UTF-8 string as being in some local code
page's encoding and proceeds to mangle it in the process of converting
it to UTF-8.
Closes#16811 (closed)
Otherwise it triggers an assert when adding the column as the field is
defined as BASE_NONE and not BASE_DEC or BASE_HEX. Thus an unknown value
(not in proto_checksum_vals[)array) cannot be represented.
Mark the checksum as bad even if we process the packet.
Closes#16816
The pre-T11 (pre August 2007) version of FCOE has a frame length, so it's
possible to set the length in order to help the Ethernet dissector determine
if a capture includes the Ethernet FCS, like how other dissectors do it.
This isn't possible in the standardized version, since the length field
was removed. Closes#4594.
Fix the following compiler warnings
packet-cl3.c:120:39: warning: 'tree' was marked unused but was used [-Wused-but-marked-unused]
ti = proto_tree_add_protocol_format(tree, proto_cl3, tvb, 0, header_length, "CableLabs Layer-3 Protocol (CL3) Version %u", (guint)version);
packet-cl3.c:136:32: warning: 'tree' was marked unused but was used [-Wused-but-marked-unused]
dissect_cl3_v1(tvb, pinfo, tree, ti, cl3_tree, header_length);
There will likely be one for for this pass. Further improvements to the
script are possible, i.e. filtering out (usually filter) strings such
as 'onetwothree' - may not be worth it though.
By default, ITS messages are send based on the geonetworking protocol.
Several tools send these messages via UDP as well
This patch enables "Decode As ITS" for UDP packets
A second batch of spelling errors, detected using a script
that uses pyspellcheck and a Wireshark-specific dictionary file.
I will take at least one more pass through the dissectors, as
further improvements are made to the script.
Python's lstrip apparently doesn't strip a prefix but instead strips
all supplied characters from beginning of a string. Using lstrip
in generate-nl80211-fields.py script to remove the 'nl80211_' prefix
happened to work for everything but a few NAN related enums.
Introduce a remove_prefix function and regenerate the nl80211
dissector code to fix the abbreviated field names for NAN.
Notes:
1. There are no functionality changes with this delivery
2. This change is to reduce manual copying between structs. This will make it easier to add upcoming feature changes, and fix some connection handling issues (future merge requests).
3. Combine enip_conn_val_t and cip_conn_info_t. Previously, there were 2 different structs to track information about an overall CIP Connection.
Notes:
1. There are no functionality changes with this delivery
2. cip_connID_info_t describes a one-way connection. Each CIP Connection includes 2 of these. Previously, each operation was duplicated for each direction.
3. This change is to reduce copypaste, simplify logic, and make it easier to add upcoming feature changes, and fix some connection handling issues (future merge requests)
Changes:
1. Extract Method: get_conversation_info_one_direction
2. dissect_net_param16/dissect_net_param32: Parse and set data into cip_connID_info_t
FT_STRINGZ means "terminated by a null character", so there can't be
non-null characters following the terminating null.
FT_STRINGZPAD doesn't only mean "padded with nulls"; there are protocols
where a string that's not the full length of the part of the packet for
the string has a null terminator but isn't guaranteed to be fully padded
with nulls. We can later add a separate type for fields where we really
*should* check that the padding is all nulls.
Change-Id: I5964817b4b847cb4db73f8ac673141052e8ef92c
Reviewed-on: https://code.wireshark.org/review/38230
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Section D.2.4.3 "protocol identity" of IEEE 802.1Q-2018 says:
The protocol identity field shall contain the first n octets of the
protocol after the layer 2 addresses (i.e., for example, starting
with the EtherType field) that the sender would like to advertise.
Show it as FT_BYTES, not FT_STRINGZ.
Add a comment explaining that, and expand a comment to indicate what
specifications there are for LLDP and some Organizationally Specific
TLVs.
Change-Id: I8c41026379731d1c05134d6e7ad563227f9fbfde
Reviewed-on: https://code.wireshark.org/review/38229
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Fix some Wayback Machine URLs that no longer work because the
wayback.archive.org domain name no longer works.
Update some Microsoft URLs that used to go through the Wayback Machine
to point to the current versions at docs.microsoft.com.
Update a comment to reflect the disappearance of a Network Associates
document and its absence from the Wayback Machine.
Change-Id: I27a5b19fa7747a8f601fd9e6c0bf75aba0a3528e
Reviewed-on: https://code.wireshark.org/review/38225
Reviewed-by: Guy Harris <gharris@sonic.net>
Add URLs from newer versions of the protocol documentation.
Change-Id: I03d6b4d34ce7f7b831a4eda3075b65b026f96526
Reviewed-on: https://code.wireshark.org/review/38224
Reviewed-by: Guy Harris <gharris@sonic.net>
Update one URL to a newer location and newer version of the document;
change the other one to use HTTPS.
Change-Id: I18bb2a14722c4e340a3e5f1afe0198def9d4fceb
Reviewed-on: https://code.wireshark.org/review/38223
Reviewed-by: Guy Harris <gharris@sonic.net>
The original document no longer appears to be available; point to the
Wayback Machine version.
Change-Id: I9f0b0742339cc7a982e638cbae5155e9ac6c1d20
Reviewed-on: https://code.wireshark.org/review/38222
Reviewed-by: Guy Harris <gharris@sonic.net>
Don't just pass ENC_NA, pass ENC_ASCII|ENC_NA, to mark all string
fetches with the encoding to use.
Change-Id: Icbe533b8e36d6df25841049950512cecd4c247a1
Reviewed-on: https://code.wireshark.org/review/38221
Reviewed-by: Guy Harris <gharris@sonic.net>
Don't just pass ENC_NA, pass ENC_ASCII|ENC_NA, to mark all string
fetches with the encoding to use.
Change-Id: If834f216a49787ff09b3b714d755d9467848e5a5
Reviewed-on: https://code.wireshark.org/review/38220
Reviewed-by: Guy Harris <gharris@sonic.net>
GSMTAP has recently gained support for wrapping E1/T1 protocol traces.
This is very useful as contrary to pcap/wtap file based protocol traces,
GSMTAP can be streamed in real-time.
The GSMTAP pseudo-header encodes information such as
* the E1/T1 timeslot number
* the E1/T1 subeslot number (if I.460 is used)
* the E1/T1 line/span number (somewhat awkwardly as 'antenna number')
* the payload (LAPD, Frame Relay, TRAU, ...)
In this first implementation in wireshark, only FR and LAPD
sub-dissectors are added. The other payloads (TRAU) do not have any
wireshark dissectors so far.
Change-Id: Ib699e9231ef7b9e6c5053e6b920954b3e7b0a4a4
Reviewed-on: https://code.wireshark.org/review/38213
Reviewed-by: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
I cannot find any mention in Q.933 that those two information elements
should not be present in CS0. In fact, multiple real-world traces
I just recently took from Cisco and Ericsson equipment encodes
those IEs in normal codset 0.
This appears to have been broken since commit
bafebc7b80 in 2005, when the code was
first introduced.
Change-Id: I4c0ad080447d492b541cf7abd1e3f24a0e85084a
Reviewed-on: https://code.wireshark.org/review/38212
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3GPP TS 48.016 specifies GPRS-NS over Frame Reley. In Section
6.1.1 it explicitly states that ITU-T Q.933 Annex A for FR PVC
must be supported. In real-world Gb-over-FR protocol traces I also
see related LMI messages on DLCI=0.
Hence, let's not dispatch DLCI=0 messages to the GPRS-NS dissector,
where they are all detected wrongly. Only non-zero DLCI are NS-VC.
Change-Id: I6ce3557cda0da31323a851008bf648047ba1f926
Reviewed-on: https://code.wireshark.org/review/38211
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is IPv4 Address/ 6 null bytes / IPv4 Address
IPv4 Address is client ? DC ?
Bug: 16657
Change-Id: Ie09f4598e18e26c95d297e3c622c80d3395d25d4
Reviewed-on: https://code.wireshark.org/review/38196
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2fad824ca417dcd089fabfdf06f28529c7ee9e87
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37949
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'couchbase.flex_frame_extras' exists multiple times with incompatible types: FT_STRING and FT_UINT8
Change-Id: Ide607ca786e19015f4aae3cfbe85675581968267
Reviewed-on: https://code.wireshark.org/review/38011
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There can be multiple PDV segments in the same frame that belong to
different reassemblies. Change the reassembly_id used for the
reassembly tables so that it is not identical for all segments in
the same presentation context (but still unique for a given reassembly),
so that that case can be handled properly. Otherwise fragment_add_seq_next
will retrieve the wrong reassembly for one of the segments (especially
on the second pass.)
Bug: 13110
Change-Id: Ib967fc7f6b7b591b9e3494d81d3b5d4ecc43cac1
Reviewed-on: https://code.wireshark.org/review/38200
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Domain ID in non participant discovery packets is deduced from the port.
This is valid only when using UDP. If using TCP that values must be
taken from the discovery or otherwise mark it as unknown.
Change-Id: I8fe64f5f67d86412edefdccdca8ded63193f6e14
Reviewed-on: https://code.wireshark.org/review/38003
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If one field uses a report ID, all other should too. Otherwise we don't
know if the first byte is a report ID or a data value.
Change-Id: I84f5cde3f08c26d904d7c5f66e8d622b820b3f6c
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/37781
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There cases where we may want to pre-allocate some memory before
appending all the fields.
Change-Id: Ic46e83733d4338dbda45b2ca3ff2d533c5b44026
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/38122
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
format_text(alloc, string, strlen(string)) is a common idiom; provide
format_text_string(), which does the strlen(string) for you. (Any
string used in a %s to set the text of a protocol tree item, if it was
directly extracted from the packet, should be run through a format_text
routine, to ensure that it's valid UTF-8 and that control characters are
handled correctly.)
Update comments while we're at it.
Change-Id: Ia8549efa1c96510ffce97178ed4ff7be4b02eb6e
Reviewed-on: https://code.wireshark.org/review/38202
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
- use segment size during sdo (write by index) payload decoding process
- set mapping-sections of sdo objects one level lower
Bug: 16792
Change-Id: Iae3f2095142ad076f7cde6266493e7308c65a51f
Reviewed-on: https://code.wireshark.org/review/38199
Reviewed-by: Christian Krump <christian.krump@br-automation.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
it is possible to have multiple range port for TSAgent
Change-Id: I7b45f30a1d1cf974ffcf62d2f19dbc30b621ec4e
Reviewed-on: https://code.wireshark.org/review/38186
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the data related to ITU-T E.212 with the latest released information
as found in the ITU-T Operational Bulletins, amended with some other online
resources where the ITU-T seem not be informed yet.
Also retain the UTF-8 encoding of the registered data.
Bug: 16755
Change-Id: I13ba306558c0768379fa0e82db84e30f57af8259
Reviewed-on: https://code.wireshark.org/review/38159
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
With commit f8a394022b the Unassigned
entries were put in with off-by-one values. This changes puts them
in their right place.
Change-Id: I77c6eb4c47f17b8fba2dd662d3589ff63855e55f
Reviewed-on: https://code.wireshark.org/review/38179
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Implement updates of the following lists:
List of Signalling Area/Network Codes (SANC), based on
Annex to the ITU Operational Bulletin No. 1125 - 1.VI.2017
List of International Signalling Point Codes (ISPC), based on
Annex to ITU Operational Bulletin No. 1199 - 1.VII.2020
Also retain the UTF-8 encoding of the registered data.
Change-Id: I8c0ff7107a9489d7ec6ed1cc272717f06e2e7599
Reviewed-on: https://code.wireshark.org/review/38073
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The hf field was already created, but it was just not used anywhere.
Change-Id: I7af885911093d6a7a57a408c6d4d11bda155e6f6
Reviewed-on: https://code.wireshark.org/review/38178
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
SI symbol for kilohertz is kHz, not KHz.
Ping-Bug: 11743
Change-Id: Ie6cafd242b2e479783ecd8ab8a04c08effe23413
Reviewed-on: https://code.wireshark.org/review/38168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set I/O to only drive on a '0' and tristate on a '1' command essentially
sets each I/O output type to either Open-Drain or Push-Pull.
Ping-Bug: 11743
Change-Id: I580d63c80114ad8f4a7cb1fc82a3c40720cc71e6
Reviewed-on: https://code.wireshark.org/review/38167
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'check_tfs.py --common' can look for tfs values that appear multiple times.
Current output prior to these dssector changes was:
('No Extension', 'Extension') appears 3 times in: ['epan/dissectors/packet-bssap.c', 'epan/dissectors/packet-camel.c', 'epan/dissectors/packet-gsm_map.c']
('Optimised for signalling traffic', 'Not optimised for signalling traffic') appears 3 times in: ['epan/dissectors/packet-gsm_a_gm.c', 'epan/dissectors/packet-gsm_map.c', 'epan/dissectors/packet-gtp.c']
('Data PDU', 'Control PDU') appears 3 times in: ['epan/dissectors/packet-pdcp-lte.c', 'epan/dissectors/packet-pdcp-nr.c', 'epan/dissectors/packet-rlc-nr.c']
('Message sent to originating side', 'Message sent from originating side') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
('User', 'Provider') appears 3 times in: ['epan/dissectors/packet-q2931.c', 'epan/dissectors/packet-q931.c', 'epan/dissectors/packet-q933.c']
The first and last ones were made common, the others seem a little too specialised.
Checking some of the existing items in tfs.c (using QtCreator's 'Find Usages'),
some of the common items are used a lot, but many of them are not referenced.
Change-Id: Ia4006d2c4fa7cafbc3b004dc7a367a986dbeb0c4
Reviewed-on: https://code.wireshark.org/review/38177
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also fix packet-ieee1905.c to include packet-wifi-dpp.h for the definition
it needs.
Change-Id: Iebb290ffb3112161605d6065123cfc54b921f2eb
Reviewed-on: https://code.wireshark.org/review/38163
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The names for files extracted from data PDVs depend on information in the tags.
Need to read the tags for data PDVs if the Export Objects tap has a listener
even if there isn't a tree (so that tshark works) and need to send data to
Export Objects only after reading the tags (so that it works on the first pass).
This makes the tshark single pass behavior match wireshark GUI behavior.
Bug: 16771
Change-Id: I6cfa792e7b86f205290ff92c9f5e09fd94a25f9f
Reviewed-on: https://code.wireshark.org/review/38164
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Detected by check_typed_item_calls.py.
Change-Id: I08081c6619f3e1cd1b6733c8a2864bf9ac2a16aa
Reviewed-on: https://code.wireshark.org/review/38162
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct endianess for Max PDU field in LE Set CIG Parameters and LE
Create BIG Test Command. Correct endianes for BIS handle and remove
PHY field from LE Create BIG Sync Established Event.
Add SDU interval field to LE BIGInfo Advertising Report Event.
Change-Id: Ic276aceb5a2e1cd6e1c08ae20303bfbe6bdc1286
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/38157
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Google/Apple Exposure Notification protocol is designed to aid
contact tracing efforts by allowing users to broadcast changing
identifiers, derived from longer-term (24 hour) keys; in the event that
a user receives a positive diagnosis, they upload their longer-term keys
to a key server, and all other users can use those long-term keys to
generate all the potential changing identifiers, and compare those to
their logs to determine if they were in contact with the infected user.
This protocol was developed in response to SARS-CoV-2, but is not
inherently limited to it.
This patch adds a "bluetooth.gaen" filter, with two data fields in the
periodic (changing identifier) broadcast:
- bluetooth.gaen.rpi: The Rolling Proximity Identifier
- bluetooth.gaen.aemd: The Associated Encrypted Metadata
Links to Protocol Documents:
- Google: https://www.google.com/covid19/exposurenotifications/
- Apple: https://www.apple.com/covid19/contacttracing
This change also adds the Bluetooth SIG-assigned 16-bit UUID for GAEN,
0xFD6F, to the list of Wireshark-recognizable 16-bit UUIDs.
These changes are licensed under the same license as Wireshark itself.
Change-Id: I3af14b225a35d0670433a9a89901d4d37895b3bd
Reviewed-on: https://code.wireshark.org/review/38064
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new BMP Message type (Section 2.1).
o Type = TBD: Route Policy and Attribute Trace Message. (100)
new TLV types for the Route Policy and Attribute Trace Message (Section 2.3).
o Type = TBD1 (2 Byte): VRF/Table TLV. (0)
o Type = TBD2 (2 Byte): Policy TLV. (1)
o Type = TBD3 (2 Byte): Pre Policy Attribute TLV. (2)
o Type = TBD4 (2 Byte): Post Policy Attribute TLV. (3)
o Type = TBD5 (2 Byte): String TLV. (4)
Bug: 16749
Change-Id: I9858c94fb8fe5a9f3341204646030e59e13509bf
Reviewed-on: https://code.wireshark.org/review/37911
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
tokens[] contains two tokens - the part of the identity before @ and the
part of the identity after @.
realm_tokens[] contain five tokens - the "."-separated parts of the part
of the identity after @.
The latter include "mncNNN" and "mncNNN".
This fixes a crash.
Change-Id: I4b13dd90977a626a823cb53958412301abf8addb
Reviewed-on: https://code.wireshark.org/review/38158
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The IPv4 or IPv6 address was not added properly to the tree
Bug: 16777
Change-Id: Ic28138cc1d4c2dc350fb5ff95aa3a5496a293c91
Reviewed-on: https://code.wireshark.org/review/38153
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Error: epan/dissectors/packet-docsis.c filter= docsis.ehdr.rsvd FT_UINT8 so field_width= 8 but mask is 0x3FFF which is 14 bits wide!
Error: epan/dissectors/packet-ixveriwave.c filter= ixveriwave.contextp.agc FT_BOOLEAN so field_width= 1 but mask is 0x0038 which is 3 bits wide!
N.B. The ixveriwave field was not in use, so was deleted.
Change-Id: Ife73eb9204f7339cc0fe2b4e991f0df553823ffe
Reviewed-on: https://code.wireshark.org/review/38140
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Make it more obvious that the time value is Zero.
Change-Id: Idca96185d869f10cf0d2b8ab6aaccb879dfc1ec2
Reviewed-on: https://code.wireshark.org/review/38135
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's arguably an error, as an FT_STRINGZ requires at least one character
position for the terminating NUL, but the way to handle that is to give
it a string value of an empty string and add an expert info indicating
that the terminating NUL is missing. (The same should be done for
FT_STRINGZ fields with a specified non-zero length that don't have a NUL
in the last character position.)
Change-Id: Ie702bf44db36310f0f6e2625a3a64e6424167546
Reviewed-on: https://code.wireshark.org/review/38136
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The documentation mentioned looks more like API/ABI documentation than
"data on the wire" documentation, but the strings all look like counted
strings, with no trwminating NUL. Use FT_STRING, not FT_STRINGZ.
Add a URL for the MQ PCF documentation and replace no-longer-working
URLs for the MQ documentation with a working URL.
Change-Id: Id656a3e6cd75bff34d1a5a650229b4ba749ef365
Reviewed-on: https://code.wireshark.org/review/38134
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Make sure to set the GSS Data subtree length properly when
the packet has been truncated so at least the rest of the
packet could be partially dissected.
Change-Id: I0b41137aea47c2512d15d28ed620542decd31904
Reviewed-on: https://code.wireshark.org/review/38086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add rfc8489 to differences table
- Add expert items for attributes exceeding packet length and attributes with trailing data
- Remove unused and "#if 0"ed attributes_properties_p (never used since added in 2009
Change-Id: If7f804a5ee8ea057765f2d55b04181c644cc3d0c
Reviewed-on: https://code.wireshark.org/review/38059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the main dissector, check the first 2/3 bytes for recognized
Byte-Order Marks (BOM) and decode if detected.
In the heuristic check, when unicode heuristics are enabled, check the
first 2 bytes for a recognized BOM instead of assuming UCS-2LE. (Still
falls back on that if no BOM detected.)
Bug: 9069
Change-Id: I7c6510221ef9257a9c3030715906e07b88af6aa7
Reviewed-on: https://code.wireshark.org/review/38076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update URL for the TACACS+ I-D - point to the IETF site.
Fix code indentation.
Use proto_tree_add_item_ret_uint() to get string lengths when adding
them to the protocol tree.
Put the username and password under the top-level tree item, rather than
at the top level themselves.
The username and password are counted strings, and are not
null-terminated; make them FT_STRING rather than FT_STRINGZ.
Change-Id: Ia974937ade5908f98c0b527586e8ac15c3ffb907
Reviewed-on: https://code.wireshark.org/review/38130
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Those routines do more checking than strtoul(), and get passed a pointer
to a guint32(), so you don't have to worry about 32-bit vs. 64-bit longs
(which causes warnings on macOS builds, courtesy of Apple throwing in
"narrowing 64-bit value to 32 bits" warnings when they introduced their
first 64-bit machines, to help developers 64-bitifying their
applications, causing macOS builds to fail).
If the checks fail, note that in the formatted value.
(XXX - assign units to the fields, so we don't have to add them in our
formatting?)
Change-Id: I35945a3f1eaedc88e5b2ebf500c06fb7cf022753
Reviewed-on: https://code.wireshark.org/review/38119
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 16764
Change-Id: Iff902150491c984d3069c1b83acef9c2c8ce12c7
Reviewed-on: https://code.wireshark.org/review/38106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Export proto_item_set_bits_offset_len and fix
In file included from ../epan/dfilter/dfilter.h:18:
../epan/proto.h:1113:11: warning: parameter 'bits_offset' is already documented [-Wdocumentation]
* @param bits_offset The new length in bits.
^~~~~~~~~~~
../epan/proto.h:1112:5: note: previous documentation
* @param bits_offset The number of bits from the beginning of the field.
^ ~~~~~~~~~~~
Change-Id: Ib171ce38607b9656baea5eb7a3e6aee3b99ddbac
Reviewed-on: https://code.wireshark.org/review/38115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>