Commit Graph

81306 Commits

Author SHA1 Message Date
Dario Lombardo b034473cb2
github: update windows action.
The target user_guide_chm has been replaced by user_guide_html
in 6bfab69d14, but the action hasn't been updated accordingly.
2021-06-28 12:53:38 +02:00
Guy Harris 693a02e760 wireless_timeline: make sure the hash table is always allocated.
At least on my Mac, if I start up Wireshark, start a capture
(non-monitor-mode) on the Wi-Fi adapter, add a comment to the SHB and
the first packet while it's capturing, stop the capture, and try to save
it, it warns that the wireless timeline hash table pointer is null.

Allocate it in the constructor.
2021-06-28 09:36:54 +00:00
Martin Mathieson 20491ae1d6 ESP: Free error string on UAT copy
CID: 1477519
2021-06-28 10:12:53 +01:00
Guy Harris c125236e57 wslog: don't assume how big struct timeval's tv_usec is.
At least according to the Single UNIX Standard, it merely has to be big
enough to hold a value in the range [-1, 1000000], and there must be
*an* environment in which it's no *larger* than a long.

Just cast it to long, and continue to print the result of dividing it by
1000 with %03ld.
2021-06-28 07:59:33 +00:00
Dr. Matthias St. Pierre 1e04fb3001 ipsec: calculate and verified the AEAD ICV only if enabled
AEAD ciphers should behave in the same way as the classical
cipher+hmac methods: the ICV should be calculated and verified
if the user has enabled the authentication check in the ESP
protocol options.
2021-06-28 07:43:38 +00:00
Dr. Matthias St. Pierre 67dad02eb0 ipsec: fix alignment check for encrypted payload data
This commit fixes the alignment check for the encrypted payload data
which prevented the decryption of ESP packets for 'stream ciphers'
like AES-GCM and AES-CTR, and adds an error indicator to the dissection
tree in case the check fails. The encrypted payload data needs to satisfy
the following two conditions:

- The ciphertext length needs to be a multiple of the cipher block size.

- the ciphertext needs to terminate on a 4-byte boundary.
  (RFC 2406, section 2.4)
2021-06-28 07:43:38 +00:00
João Valverde 3fc5eb3f1f wslog: Replace g_date_time_format()
Calling GLib functions inside the log writer is not safe,
it might infinitely recurse or abort if g_date_time_* logs
warnings because we registered our log handler for GLib itself.
2021-06-28 00:09:30 +01:00
Guy Harris c1082bd99e wiretap: have the "for each option" routine return a success/fail indication.
Have the routine it calls return a Boolean value, with "true" meaning
"keep going" and "false" meaning "stop iterating and return a failure
indication".  If the callback routine never returns "false", the routine
returns "true" as a success indication.
2021-06-27 13:25:16 -07:00
Gerald Combs 695b4c5bee [Automatic update for 2021-06-27]
Update manuf, services enterprise numbers, translations, and other items.
2021-06-27 17:12:48 +00:00
Guy Harris ae10f11212 wtap_opttypes: clean up comments. 2021-06-27 04:27:59 -07:00
Guy Harris 9e6aa424f1 pcapng: have a common routine to write the "end of options" option. 2021-06-27 03:14:14 -07:00
Pascal Quantin fa21433c35 Windows: upgrade Npcap to 1.50 2021-06-26 13:16:49 +02:00
Pascal Quantin 029a7fcec5 DNP: use the proper free function
g618661b22e introduced a free for a so called memory leak (which wasn't
a real leak due to the pinfo->pool garbage collector) but used the wrong
free function. Let's keep the explicit free but use the right function.

Closes #17462
2021-06-26 10:31:59 +02:00
João Valverde ceedd7b334 wslog: Update API documentation and improve code formatting 2021-06-26 00:44:23 +01:00
João Valverde c6a920686c wslog: Check environment initialization for errors
Initialiaze the cmdarg error stream earlier.

Dumpcap also needs to know earlier if it is running in capture
child mode.
2021-06-26 00:18:26 +01:00
João Valverde c2c256f0d8 wslog: Fatal messages should always be active 2021-06-26 00:18:26 +01:00
João Valverde 472eaf911b "config.h" need not and should not be included in any header
config.h is included in the source file before including the
header that uses it.
2021-06-25 23:53:53 +01:00
João Valverde 7aae691f7d wsutil: Rewrite ws_assert() to minimize dependencies
This includes as little as possible in the assertion header, so
that it can be included globally in every file without pulling
any unwanted definitions. In particular pulling stdlib.h is
avoided because that can have side effects if it wants to
include non-portable extensions.

It is possible to have side-effects from include glib.h too, for
example because of G_LOG_DOMAIN.

These side-effects are usually avoidable with careful ordering
of pre-processor directives but with multiple levels of indirections
it can be hard to track. Better to make it robust to these kinds
of failures in the first place.

Also integrate with our logger for a cohesive experience (but
keep it a private dependency).
2021-06-25 22:06:32 +00:00
João Valverde 53704fb971 wsutil: Rewrite ws_log() to minimize dependencies
Minimizing the dependencies on other wsutil and GLib functions
reduces the chance that we will have a weird recursion pattern
in wslog and makes the code easier to analyze.
2021-06-25 22:06:32 +00:00
João Valverde 3fb7a6e0d5 checkAPIs: __func__ is now part of C99, allow it 2021-06-25 22:06:32 +00:00
Guy Harris 11d4da9ef6 fpp: get rid of variable with a name that a C function once had.
I'm not sure in what OSes we'd get the really old name for strchr(),
index(), defined, causing compiler whining about a local variable
shadowing a function declaration, but the source checking script
complains about it, so use the name offset instead (that's the name
typically used for offsets into a tvbuff).
2021-06-25 14:25:10 -07:00
Vasil Velichkov 6783ca027e Skip two protobuf dissector tests when LUA is not available
Both tests are using LUA scripts and both fails when it is not avialble.
2021-06-25 12:29:14 +00:00
Martin Mathieson bbcd42be87 Snort config: Avoid leaks when fail to open config file.
CID: 1477713
CID: 1477850
2021-06-25 11:50:24 +00:00
Joakim Andersson 72d331cfdc btle: Fix parsing of empty extendend advertising header
Fix parsing of extended advertising when the extended advertising header
is empty. The flag field is excluded when none of the fields are present
and the extended header length field is 0.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2021-06-25 11:34:17 +00:00
Joakim Andersson 23d3e0bdde btle: Fix parsing of CTE Info field in extended advertising header
Fix parsing of the CTE Info field in the extended advertising header.
The bit-mask of the different fields was wrongly placed.
The text of the different fields all said "CTE Info".
The CTE Time field was added twice.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2021-06-25 11:34:17 +00:00
Martin Mathieson af57fb94ac DT2000: Fix buffer length in wiretap code
CID: 1477941
2021-06-25 09:44:35 +01:00
João Valverde 129046b518 wsutil: Fix incorrect header include
wsutil should not have any dependency on epan, replace the
extraneous header.
2021-06-25 03:14:22 +00:00
Peter Wu a7ef7ff40d CMake: clear stale MaxMindDB cache entries if needed
On macOS with Homebrew, the version is included with the library path.
On updates, the old MAXMINDDB_LIBRARY is invalidated. However
ws_find_package only checks MaxMindDB_LIBRARY. Windows has a similar
problem. Make sure to clear the stale value such that newer versions can
be found, fixing the build.

Fixes #17069
2021-06-24 22:55:50 +00:00
John Thacker 16d9f8948c MP2T: Conversation direction matters for analysis stats
In the fairly rare case where we have multiple MP2T streams in
opposite directions on the same UDP (or other) conversation, keep
their analysis stats and assigned fragment IDs separate. Otherwise
the fragment IDs will be incremented at the wrong time and reassembly
will fail in edge cases.
2021-06-24 20:56:43 +00:00
Dr. Matthias St. Pierre 3ce390a8f9 ipsec: display the encryption and authentication algorithm names 2021-06-24 20:39:20 +00:00
Dr. Matthias St. Pierre 1d38a72db3 ipsec: implement ICV verification for AEAD ciphers
After all the previous refactoring, the ICV verification for AEAD
ciphers is rather straightforward.

Currently, the only supported AEAD cipher is AES-GCM.
2021-06-24 20:39:20 +00:00
Dr. Matthias St. Pierre 70a93118d6 ipsec: refactor the decryption and dissection of ESP packets
Adding full support for AEAD ciphers like AES-GCM (including the
verification of the ICV) turned out to be difficult with the
current implementation of the ipsec dissector, because it does not
separate the dissection and decryption steps well enough and has
too many special cases depending on the crypto algorithms.

From a dissector's viewpoint there shouldn't be much difference
between an authenticated encryption method and a combination of
a classical encryption method with an authentication method.
What matters is how the data is structured, so much how it is
calculated.

       HEADER || IV || ENCRYPTED DATA || ICV      (Frame Data)
                               |
                               v
                       DECRYPTED DATA             (Decrypted Data)

This commit tries to refactor the implementation with the goal to
minimize the differences between the different crypto operations,
in particular their operation modes (like AES-CBC,AES-CTR,AES-GCM).
It follows the example of the isakmp dissector for IKEv2 packets,
which already has a functional AES-GCM support.

The most significant changes are:

- Display the IV and ICV as part of the original Frame Data, not
  as part of the Decrypted Data.

  - Display the location of the encrypted data, together with
    information about encryption and authentication algorithms.

  - Use gcry_cipher_setiv() to set the IV for AES-CBC instead of
    copying the IV into the decryption buffer as a prefix which
    subsequently gets discarded.

  - Don't copy the ICV into the decryption buffer where it gets
    "decrypted" accidentally and needs to be restored afterwards.

- Strip the nonce from the encryption key for AES-GCM and AES-CTR
  at an early stage, to reduce special treatment for those modes
  due to the different key lengths.

- Add some missing dissection tree items to get full coverage
  of all bytes in the Frame Data and Decrypted Data.

- Don't report dissector bugs to stderr. Instead, use the
  REPORT_DISSECTOR_BUG() macro which will raise an exception.
  (If the WIRESHARK_ABORT_ON_DISSECTOR_BUG environment variable
  is set, the program will call abort() instead, to make it easier
  to get a stack trace.)

With these changes, AES-GCM encrypted payloads now get dissected
correctly after decryption, provided the ICV length is specified
correctly. The ICV verification is still missing, it will be added
in a followup commit.
2021-06-24 20:39:20 +00:00
Dr. Matthias St. Pierre c5f1fbd1fc ipsec: rename some variables in the packet-ipsec.c
The renamings serve the purpose to improve the readability of the
code and make it more consistent with the names in packet-isakmp.c.
They are part of the refactoring but where split off into a
separate commit in order to reduce the diff noise in the following
commit, which contains the important changes of the refactoring.
2021-06-24 20:39:20 +00:00
Dr. Matthias St. Pierre 23ef47336c ipsec: add encryption types for AES-GCM with 8,12,16 octet ICV
The current "AES-GCM" encryption type in the `esp_sa` uat file does
not specify an ICV length, contrary to the `ikev2_decryption_table`.
The ICV does not get stripped from the encrypted data before
decrypting and dissecting it, whence the protocol type of the
decrypted frame is looked up at the wrong location. In most cases,
an invalid protocol number is found and the dissection stops, in
other cases the wrong protocol is dissected, showing garbage.

This commit adds the following new encryption types

  IPSEC_ENCRYPT_AES_GCM_8:  "AES-GCM with 8 octet ICV [RFC4106]"
  IPSEC_ENCRYPT_AES_GCM_12: "AES-GCM with 12 octet ICV [RFC4106]"
  IPSEC_ENCRYPT_AES_GCM_16: "AES-GCM with 16 octet ICV [RFC4106]"

which are currently mapped to IPSEC_ENCRYPT_AES_GCM. In other words,
the new entries load without errors but the ICV is ignored.
The rationale is to have an unchanged reference implementation for
testing which does not bail out on the new uat encryption types.
2021-06-24 20:39:20 +00:00
John Thacker 18f6c8b058 MP2T: Only call fragment_get the first pass
Only call fragment_get() on the first pass when determining in
progress fragment length. Since we're using fragment_add_check, on
subsequent passes call fragment_get_reassembled_id(). Otherwise
dangling fragments at the end of the capture will be returned on the
second pass, causing unusual behavior and inconsistencies from the
first pass to subsequent ones.

Don't free a TVB returned from fragment_get; that can cause segfaults
when a single TSP contributes to two different reassemblies.
Also check for a too short length to prevent exceptions in cases of
dropped or out of order that would disturb the fragmentation analysis.
2021-06-24 14:34:53 -04:00
Developer Alexander 0112c9b735 pdu_transport: dissector handles registered by name
Dissector handles are registered by name so that they become accessible from
lua scripts via Dissector.get()
2021-06-24 07:39:30 +00:00
João Valverde cd05ec7232 wslog: Register log handler with GLib
This avoids having to manage two different implementations.
For example with this change GLib functions will terminate
if Wireshark's fatal log level is set to a matching level
and the --log-file option will also output messages from
GLib itself.
2021-06-24 02:31:42 +01:00
João Valverde f34cc62a6c Set the proper log domain for Qt 2021-06-24 02:30:55 +01:00
João Valverde a370024ca9 wslog: Fix initialization with invalid environment
We can't write to stderr outside of the default writer context.
Wireshark and tshark will block if we do that and dumpcap is
running as capture child.
2021-06-24 02:26:28 +01:00
João Valverde eb3417e38f wslog: Slight color and format change
This changes color use to be the very similar with GLib to
maintain familiarity. The only difference is that Message
and Info use a different color than Debug.

Also use the more familiar format of <domain> <level> instead
of <level> <domain>.
2021-06-24 00:06:19 +01:00
Gerald Combs a59501c0a3 ErlDP: Fixup some format strings.
Use G_GUINT64_FORMAT where needed.
2021-06-23 11:58:12 -07:00
João Valverde 752b0fc320 Debug: Lower priority to "noisy" for pipe spawn output
Spawn output can include very long multiline extcap arguments.
2021-06-23 17:45:44 +00:00
João Valverde 7bc3a5629e wslog: Fix crash using a custom log file
Add missing va_copy() call.
2021-06-23 17:09:24 +00:00
Andreas Schultz 8ce5618c72 ErlDP: add support for fragmented distribution messages 2021-06-23 16:58:17 +00:00
Guy Harris 6d9b0646d8 If opening a capture device provides a warning, show it.
We start the capture anyway, but print a warning message or pop up a
warning dialog first.
2021-06-23 02:31:31 -07:00
Gerald Combs cdd6f2ec80 CMake+docs: Use Asciidoctor.js if it's available.
Add the executables shipped by the Asciidoctor.js project to
FindAsciidoctor.cmake, and update the Developer's Guide to match.
2021-06-23 05:28:55 +00:00
Chuck Craft 701d0565c5 Qt: Undo MR 3422 (filter button separator hint)
See discussion attached to !3422
2021-06-23 05:12:08 +00:00
Michael Tuexen 1f0a16e472 pcapng: add support for custom options 2021-06-23 04:38:27 +00:00
John Thacker c9f4bbc11c simple_dialog(Qt): Don't warn about zero duplicate messages
Only log a warning when at least one duplicate message was actually
suppressed. Prevents "0 duplicates of %s were suppressed" messages
to the console.
2021-06-23 04:03:01 +00:00
John Thacker 784b9f44a4 NAS 5GS: Use 5GSTAI MCC/MNC fields
Use 5GS TAI (and not just TAI) where appropriate in the 5GS TAI, 5GS TAI List,
and 5GS Service Area List.
2021-06-22 21:17:14 -04:00