At least on my Mac, if I start up Wireshark, start a capture
(non-monitor-mode) on the Wi-Fi adapter, add a comment to the SHB and
the first packet while it's capturing, stop the capture, and try to save
it, it warns that the wireless timeline hash table pointer is null.
Allocate it in the constructor.
At least according to the Single UNIX Standard, it merely has to be big
enough to hold a value in the range [-1, 1000000], and there must be
*an* environment in which it's no *larger* than a long.
Just cast it to long, and continue to print the result of dividing it by
1000 with %03ld.
AEAD ciphers should behave in the same way as the classical
cipher+hmac methods: the ICV should be calculated and verified
if the user has enabled the authentication check in the ESP
protocol options.
This commit fixes the alignment check for the encrypted payload data
which prevented the decryption of ESP packets for 'stream ciphers'
like AES-GCM and AES-CTR, and adds an error indicator to the dissection
tree in case the check fails. The encrypted payload data needs to satisfy
the following two conditions:
- The ciphertext length needs to be a multiple of the cipher block size.
- the ciphertext needs to terminate on a 4-byte boundary.
(RFC 2406, section 2.4)
Calling GLib functions inside the log writer is not safe,
it might infinitely recurse or abort if g_date_time_* logs
warnings because we registered our log handler for GLib itself.
Have the routine it calls return a Boolean value, with "true" meaning
"keep going" and "false" meaning "stop iterating and return a failure
indication". If the callback routine never returns "false", the routine
returns "true" as a success indication.
g618661b22e introduced a free for a so called memory leak (which wasn't
a real leak due to the pinfo->pool garbage collector) but used the wrong
free function. Let's keep the explicit free but use the right function.
Closes#17462
This includes as little as possible in the assertion header, so
that it can be included globally in every file without pulling
any unwanted definitions. In particular pulling stdlib.h is
avoided because that can have side effects if it wants to
include non-portable extensions.
It is possible to have side-effects from include glib.h too, for
example because of G_LOG_DOMAIN.
These side-effects are usually avoidable with careful ordering
of pre-processor directives but with multiple levels of indirections
it can be hard to track. Better to make it robust to these kinds
of failures in the first place.
Also integrate with our logger for a cohesive experience (but
keep it a private dependency).
Minimizing the dependencies on other wsutil and GLib functions
reduces the chance that we will have a weird recursion pattern
in wslog and makes the code easier to analyze.
I'm not sure in what OSes we'd get the really old name for strchr(),
index(), defined, causing compiler whining about a local variable
shadowing a function declaration, but the source checking script
complains about it, so use the name offset instead (that's the name
typically used for offsets into a tvbuff).
Fix parsing of extended advertising when the extended advertising header
is empty. The flag field is excluded when none of the fields are present
and the extended header length field is 0.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing of the CTE Info field in the extended advertising header.
The bit-mask of the different fields was wrongly placed.
The text of the different fields all said "CTE Info".
The CTE Time field was added twice.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
On macOS with Homebrew, the version is included with the library path.
On updates, the old MAXMINDDB_LIBRARY is invalidated. However
ws_find_package only checks MaxMindDB_LIBRARY. Windows has a similar
problem. Make sure to clear the stale value such that newer versions can
be found, fixing the build.
Fixes#17069
In the fairly rare case where we have multiple MP2T streams in
opposite directions on the same UDP (or other) conversation, keep
their analysis stats and assigned fragment IDs separate. Otherwise
the fragment IDs will be incremented at the wrong time and reassembly
will fail in edge cases.
After all the previous refactoring, the ICV verification for AEAD
ciphers is rather straightforward.
Currently, the only supported AEAD cipher is AES-GCM.
Adding full support for AEAD ciphers like AES-GCM (including the
verification of the ICV) turned out to be difficult with the
current implementation of the ipsec dissector, because it does not
separate the dissection and decryption steps well enough and has
too many special cases depending on the crypto algorithms.
From a dissector's viewpoint there shouldn't be much difference
between an authenticated encryption method and a combination of
a classical encryption method with an authentication method.
What matters is how the data is structured, so much how it is
calculated.
HEADER || IV || ENCRYPTED DATA || ICV (Frame Data)
|
v
DECRYPTED DATA (Decrypted Data)
This commit tries to refactor the implementation with the goal to
minimize the differences between the different crypto operations,
in particular their operation modes (like AES-CBC,AES-CTR,AES-GCM).
It follows the example of the isakmp dissector for IKEv2 packets,
which already has a functional AES-GCM support.
The most significant changes are:
- Display the IV and ICV as part of the original Frame Data, not
as part of the Decrypted Data.
- Display the location of the encrypted data, together with
information about encryption and authentication algorithms.
- Use gcry_cipher_setiv() to set the IV for AES-CBC instead of
copying the IV into the decryption buffer as a prefix which
subsequently gets discarded.
- Don't copy the ICV into the decryption buffer where it gets
"decrypted" accidentally and needs to be restored afterwards.
- Strip the nonce from the encryption key for AES-GCM and AES-CTR
at an early stage, to reduce special treatment for those modes
due to the different key lengths.
- Add some missing dissection tree items to get full coverage
of all bytes in the Frame Data and Decrypted Data.
- Don't report dissector bugs to stderr. Instead, use the
REPORT_DISSECTOR_BUG() macro which will raise an exception.
(If the WIRESHARK_ABORT_ON_DISSECTOR_BUG environment variable
is set, the program will call abort() instead, to make it easier
to get a stack trace.)
With these changes, AES-GCM encrypted payloads now get dissected
correctly after decryption, provided the ICV length is specified
correctly. The ICV verification is still missing, it will be added
in a followup commit.
The renamings serve the purpose to improve the readability of the
code and make it more consistent with the names in packet-isakmp.c.
They are part of the refactoring but where split off into a
separate commit in order to reduce the diff noise in the following
commit, which contains the important changes of the refactoring.
The current "AES-GCM" encryption type in the `esp_sa` uat file does
not specify an ICV length, contrary to the `ikev2_decryption_table`.
The ICV does not get stripped from the encrypted data before
decrypting and dissecting it, whence the protocol type of the
decrypted frame is looked up at the wrong location. In most cases,
an invalid protocol number is found and the dissection stops, in
other cases the wrong protocol is dissected, showing garbage.
This commit adds the following new encryption types
IPSEC_ENCRYPT_AES_GCM_8: "AES-GCM with 8 octet ICV [RFC4106]"
IPSEC_ENCRYPT_AES_GCM_12: "AES-GCM with 12 octet ICV [RFC4106]"
IPSEC_ENCRYPT_AES_GCM_16: "AES-GCM with 16 octet ICV [RFC4106]"
which are currently mapped to IPSEC_ENCRYPT_AES_GCM. In other words,
the new entries load without errors but the ICV is ignored.
The rationale is to have an unchanged reference implementation for
testing which does not bail out on the new uat encryption types.
Only call fragment_get() on the first pass when determining in
progress fragment length. Since we're using fragment_add_check, on
subsequent passes call fragment_get_reassembled_id(). Otherwise
dangling fragments at the end of the capture will be returned on the
second pass, causing unusual behavior and inconsistencies from the
first pass to subsequent ones.
Don't free a TVB returned from fragment_get; that can cause segfaults
when a single TSP contributes to two different reassemblies.
Also check for a too short length to prevent exceptions in cases of
dropped or out of order that would disturb the fragmentation analysis.
This avoids having to manage two different implementations.
For example with this change GLib functions will terminate
if Wireshark's fatal log level is set to a matching level
and the --log-file option will also output messages from
GLib itself.
This changes color use to be the very similar with GLib to
maintain familiarity. The only difference is that Message
and Info use a different color than Debug.
Also use the more familiar format of <domain> <level> instead
of <level> <domain>.