Under some circumstances, FabricPath frames may be generated during a monitor
(capture) session, that contains a modified FabricPath header format in order
to retain the ID of the original FabricPath VLAN.
To make wireshark capable to dissect such frames, this commit amends the
heuristic logic of the dissector and make it work as a heuristic-only dissector
Change-Id: I40f6f75a629585ececbc1ce4f94fa61065110d2c
Reviewed-on: https://code.wireshark.org/review/33321
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This requires some special hackery, including a new packet-ber.c
routine, as those strings are just OCTET STRINGs, not UTF8Strings.
Change-Id: I776ed47f7400eba366a630b60b94be3397f7b45f
Reviewed-on: https://code.wireshark.org/review/33403
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dissector tries heuristic dissectors too. Preference was added
determining if heuristic dissectors should be tried first.
Change-Id: Ib70ddca9a33b507b8e4ea89aae5b00961b5273e5
Reviewed-on: https://code.wireshark.org/review/33128
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection for Graylog Extended Log Format (GELF) over UDP.
Bug: 15776
Change-Id: Ie976a1dee8d3441532f209061aef5c804219f289
Reviewed-on: https://code.wireshark.org/review/33184
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In at least one capture, structure IDs are in ASCII even though the code
page in the header is an EBCDIC code page. Determine the structure ID's
character encoding based on whether it's the ASCII or EBCDIC version of
the ID value, not on the global character encoding.
We were using the *integer* encoding, not the *string* encoding, for the
"qprotect" field, which is a string; fix that.
Use STR_UNICODE for strings, as they're not guaranteed to consist of
characters that can be mapped to ASCII characters (even the common
subset of EBCDIC, not counting code page-dependent code points, has
non-ASCII printable characters in it).
Change-Id: I971dd7ae55617c27ebe88f31089b2495374593bf
Reviewed-on: https://code.wireshark.org/review/33399
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At least some NCP operations that do file enumeration take wildcard
strings, with special codes for "special" variants of the asterisk and
question mark wildcards and the component separator period.
We should figure out how to display those "special" characters (put an
overbar above them, or something such as that?)
Change-Id: I4e455f47ae3a701004fe7989b44b64a77b26e828
Reviewed-on: https://code.wireshark.org/review/33398
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use existsing file_exists() function to check if the profile contains
a vlans file.
Change-Id: Ibc3d32b27059edd80b7c4e88ceb48fded2334909
Reviewed-on: https://code.wireshark.org/review/33384
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the profile directory contains a vlans file we will use it. Otherwise
fall back to normal user preferences.
Bug: 15795
Change-Id: Ie6a63a6f7a29bd83a15799875aa5883be7010039
Reviewed-on: https://code.wireshark.org/review/33378
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Handle NSAP 7 byte IPv4 address in transportLayerAddress field which aren't padded to 20 bytes.
Change-Id: Ied9a9549612fe8e9ec511419ee0d7e5ae06bcedf
Reviewed-on: https://code.wireshark.org/review/33278
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
blip.c:195:4: error: 'offset' was marked unused but was used
offset,
^
blip.c:200:22: error: 'blip_tree' was marked unused but was used
proto_tree_add_item(blip_tree, hf_blip_ack_size, tvb, offset, varint_ack_size_length, ENC_VARINT_PROTOBUF);
^
blip.c:200:56: error: 'offset' was marked unused but was used
proto_tree_add_item(blip_tree, hf_blip_ack_size, tvb, offset, varint_ack_size_length, ENC_VARINT_PROTOBUF);
^
blip.c:202:2: error: 'offset' was marked unused but was used
offset += varint_ack_size_length;
^
blip.c:284:14: error: 'pinfo' was marked unused but was used
col_set_str(pinfo->cinfo, COL_PROTOCOL, "BLIP");
^
blip.c:286:12: error: 'pinfo' was marked unused but was used
col_clear(pinfo->cinfo,COL_INFO);
^
blip.c:333:14: error: 'pinfo' was marked unused but was used
col_add_str(pinfo->cinfo, COL_INFO, col_info);
^
blip.c:337:34: error: 'pinfo' was marked unused but was used
return handle_ack_message(tvb, pinfo, blip_tree, offset, value_frame_flags);
^
blip.c:346:45: error: 'pinfo' was marked unused but was used
conversation = find_or_create_conversation(pinfo);
^
blip.c:361:4: error: 'pinfo' was marked unused but was used
pinfo,
^
blip.c:380:27: error: 'pinfo' was marked unused but was used
tvb_to_use = decompress(pinfo, tvb, offset, tvb_reported_length_remaining(tvb, offset) - BLIP_BODY_CHECKSUM_SIZE);
Change-Id: I9de1a78942469cc16011fd1a21d93b81820bee80
Reviewed-on: https://code.wireshark.org/review/33373
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dhcp.c:3087:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be >= 10");
^
dhcp.c:3119:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3131:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3143:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3155:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 1");
^
dhcp.c:3176:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 5");
^
dhcp.c:3201:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
Change-Id: If4e05284a4489e7cea75fee52733851533dacbc1
Reviewed-on: https://code.wireshark.org/review/33372
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
dot11decrypt.c:1686:46: error: 'group_cipher' was marked unused but was used
&group_cipher, &cipher, &akm);
Change-Id: Ie7b9eba44eaf9bf160ca6eb6bb7373b7ba3fd8cb
Reviewed-on: https://code.wireshark.org/review/33371
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
file-rbm.c:143:34: error: 'tree' was marked unused but was used
proto_tree_add_int_format_value(tree, hf_rbm_integer, tvb, *offset, len, value, "%d", value);
^
file-rbm.c:374:23: error: 'offset' was marked unused but was used
gint offset_start = *offset;
^
file-rbm.c:375:48: error: 'tree' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:375:54: error: 'tvb' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:375:60: error: 'offset' was marked unused but was used
proto_tree* drb_tree = proto_tree_add_subtree(tree, tvb, *offset, 0, ett_variable, NULL, "Objects");
^
file-rbm.c:376:21: error: 'tvb' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:376:26: error: 'pinfo' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:376:43: error: 'offset' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:21: error: 'tvb' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:26: error: 'pinfo' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:377:43: error: 'offset' was marked unused but was used
dissect_rbm_object(tvb, pinfo, drb_tree, offset, NULL, NULL);
^
file-rbm.c:378:32: error: 'offset' was marked unused but was used
proto_item_set_len(drb_tree, *offset - offset_start);
^
file-rbm.c:526:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_rbm_version_unsupported, "Version %u.%u is not supported (only %u.%u)",
Change-Id: Id255df237c43c313720797a46c0e877f0f7550e0
Reviewed-on: https://code.wireshark.org/review/33370
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
file-rfc7468.c:428:39: error: 'data' was marked unused but was used
dissect_rfc7468(tvb, pinfo, tree, data);
Change-Id: I938f30edfc7cf952eadbd0cf79e4cc95bb971b2e
Reviewed-on: https://code.wireshark.org/review/33369
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Big-endian and little-endian UTF-16 and UCS-2 aren't the same; always
associate them with a byte order ENC_ flag, to clarify what byte order
is being used. Yes, for big-endian, omitting the ENC_ flag, or using
ENC_NA, *happens* to work, because ENC_BIG_ENDIAN and ENC_NA *happen* to
be 0, but omitting ENC_BIG_ENDIAN doesn't make it sufficiently clear
that it's UTF-16BE or UCS-2BE.
Change-Id: Iecf7375763ce4922bd1b0676c9dc5a01731c2fec
Reviewed-on: https://code.wireshark.org/review/33374
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Calling DissectorTables's try method for a dissector table of an unknown
type crashes Wireshark.
local dt = DissectorTable.get("iso14443.subdissector")
dt:try(0, tvbuf, pinfo, tree)
causes a segmentation fault
Thread 1 "wireshark" received signal SIGSEGV, Segmentation fault.
except_pop () at /media/sf_wireshark.git/epan/except.c:264
264 set_top(top->except_down);
(gdb) print top
$1 = (struct except_stacknode *) 0x2
(gdb) bt
at /media/sf_wireshark.git/epan/packet.c:590
My gut feeling (I haven't verified this) is that we should not call luaL_error()
inside a TRY-CATCH block. DissectorTable_try does this when the type of the
dissector table is not supported.
Fall back to the data dissector in this case and bring up an expert info
instead of aborting the dissection completely.
Change-Id: I9a49f738a99b2618014f41050d8c0bf6bfbb4138
Reviewed-on: https://code.wireshark.org/review/33357
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'gsm_sim.apdu.cla.secure_messaging_ind' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT8
Change-Id: Iff6e05d5e2c1309a62e026099bc90f8cb8a9b803
Reviewed-on: https://code.wireshark.org/review/33352
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We added FT_NONE dissector tables a while ago. These tables can only be
used for Decode As. Support such dissector tables in lua's print() function.
print(DissectorTable.get("iso14443.subdissector"))
will now print
DissectorTable iso14443.subdissector only for Decode As:
Change-Id: I9f5a2f6d6b1edb2a53ca1d2c0ae158c16fddf05f
Reviewed-on: https://code.wireshark.org/review/33356
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check up to 20 characters, not up to 10 characters.
Change-Id: Ief626dd1ee22e2d75455769a1df2dad853dff04a
Reviewed-on: https://code.wireshark.org/review/33360
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix the field names and the filter strings accordingly.
Change-Id: I4275abc04962a364dfea2ea76ca9877d82e0ae06
Reviewed-on: https://code.wireshark.org/review/33354
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The aeron hartbeat frame is a data frame with zero length. The rounded
length is used to report back consumed bytes. Set that to the real
length of a heartbeat frame, being 24.
Sample captures show trailing zero bytes after a heartbeat frame. Make
sure trailing zero bytes are not tested for additional frames.
CID 1439592
Change-Id: I99580179830b6de0886a1d57f994f4a9c5a1ae6d
Reviewed-on: https://code.wireshark.org/review/33243
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
remove the _U_ tag
Change-Id: Id0cfb160903cf3a72adee20fa5c388d68c991a56
Reviewed-on: https://code.wireshark.org/review/33353
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
ENC_UTF_16 does *not* go with ENC_NA; ENC_NA is for cases where the byte
order is "not applicable", such as a 1-byte number or a character
encoding where every character is encoded in 1 byte, but UTF-16 isn't
one of those cases, as a character is encoded in either 1 or 2 2-byte
values. This being a Windows thing, the byte order is little-endian.
Change-Id: Iab0db3fa2c5d2c25be209e4ed0ebd57827edbcd8
Reviewed-on: https://code.wireshark.org/review/33347
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Code page numbers are generally referred to by their number in decimal,
not hex.
Change-Id: I1dee3df09cf7b5efaca2f4144ee5fcbc8d3ee44c
Reviewed-on: https://code.wireshark.org/review/33343
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, add the Euro to code page 1251, expand the comments
for 1250 and 1251 and some DOS code pages, and add support for code page
1251 to tvb_get_stringz_enc().
Change-Id: I053d58f87cac26ad7c109e2f1cd8807ffec0622d
Reviewed-on: https://code.wireshark.org/review/33342
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a rule for interpretation of the length field of counted-string and
counted-octet-string fields. This means it's 1) not a general rule for
interpreting integers and 2) not a character encoding, as it also
applies to octet strings and, even for character strings, it's
*orthogonal* to the character encoding.
Therefore, it should *not* be one of the character encoding values; it
should be a bit flag.
Make it so. This means that
1) a character encoding can be specified for Zigbee Cluster Library
strings (they appear to have multiple character encodings possible);
2) the test of it that tested it as if it were a flag will no longer get
confused by character encodings that set one or more of the bits in the
old encoding value;
3) you don't have to special-case the encoding value passed to
get_uint_value().
Put in a comment emphasizing that values that aren't character encodings
should *not* be placed in the set of character encodings.
Change-Id: I8f50aaee8ca60b0781044287e9b38111de38c81f
Reviewed-on: https://code.wireshark.org/review/33341
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DCP_COMMIT, DCP_ABORT and DCP_SEQNO_ACK no longer include two seqnos,
just a single one.
Add missing status codes for durability-related statuses.
Change-Id: I97b847dd43c59405d69410ef28b0b362111c0fbd
Reviewed-on: https://code.wireshark.org/review/33339
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Changed type for the RatingGroupId fields, from signed32 to unsigned32.
This fixes the problem of getting "-1" values at G_MAXUINT32.
Change-Id: Ia1113901657bedc8d9c231aa1fe38b63170b2257
Reviewed-on: https://code.wireshark.org/review/33338
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Uploaded a LLDP test file, Bug 15793
Change-Id: I65bdf496df64a5a957b132a402c6535bec60cf84
Reviewed-on: https://code.wireshark.org/review/31598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wrong offset was used in the Additional entries
Change-Id: I408de47e31c2faec5fbc7f8c562949b1a5c348e9
Reviewed-on: https://code.wireshark.org/review/33336
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This way if we try to decode non IP data as IP (due to preference
setting), this does not prevent the end of the packet from being
dissected.
While we are at it, let's improve the heuristics.
Change-Id: Ic5b76cd84554fcbd10c3cf59294783933196163a
Reviewed-on: https://code.wireshark.org/review/33331
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
With the addition of handling the rtcp and rtpc-mux media attributes
(see cde023c3c5) the default behaviour
of presenting the media attribute value itself was lost. This change
adds this back.
Bug: 15791
Change-Id: Ib0084b99961bfadf1d89c70b54bd4a0805f9b9f6
Reviewed-on: https://code.wireshark.org/review/33314
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DPNSS specification for the Service Indicator Code
Synch/Asynchronous Information field states that the lower three bits of
this field define the Data Type. This requires a filter of three bits,
in this case 0x7, instead of 0x3 which is two bits.
CID 1159107
Change-Id: I38eec252c771adf085f98c3be077c9de102a37d2
Reviewed-on: https://code.wireshark.org/review/33317
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Current development builds and next official release of USBPcap will
feature generic unknown URB Function capture. When USBPcap notices URB
Function code that it does not understand, it'll write the USBPcap
pseudoheader with transfer type 0xFF (URB_UNKNOWN). The pseudoheader
will contain the IRP ID, status code, URB Function code, bus id, device
address and PDO->FDO or FDO->PDO flag. Other fields in the pseudoheader
will be 0.
Capturing such packets serves multiple purposes:
* Makes it clear that the USBPcap capture is incomplete
* Combined with expert info, makes casual users able to report device
whose driver does issue IRPs with unhandled URB Function codes
* Shows that USBPcap can be improved to capture such data
Bug: 15792
Change-Id: Ib44c6bf05dd9f025617368e44b7dc80b5910aacd
Reviewed-on: https://code.wireshark.org/review/33307
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Change-Id: Ic9f9e323420bf6add83c7a8f7b56a6206eeb2c67
Reviewed-on: https://code.wireshark.org/review/33295
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It was using the same index into the input and output strings, which
means that if it escaped any character, it would skip the next two
characters in the input sring.
It was also not clearing is_reserved before testing whether a character
was reserved, so once it saw a character that neede dto be escaped, it
would escape all subsequent characters.
It was only used in get_key_string(), which was never used, so it was
dead code, but let's at least fix it, even if we end up removing that
code, so that if we bring it back, we bring back a non-broken version,
and so that if anybody *else* uses it, it's not broken.
Change-Id: I36588efad36908e012023bcfbd813c749a6a254f
Reviewed-on: https://code.wireshark.org/review/33287
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make a configurable preference to show the publish message as text
to bring back the old behavior.
Ping-Bug: 15738
Change-Id: I90ff4ab4c8fe857fa7ea585f67aef516d84c22c1
Reviewed-on: https://code.wireshark.org/review/33284
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Since the "quic " label was dropped in draft -17 (which happens to be
our minimum supported QUIC draft version as well), the QUIC and TLS 1.3
base secrets are the same again. Temporarily accept both the QUIC_xyz
and xyz labels, hopefully we can drop the "QUIC_" label soon.
Change-Id: Ib3919997db75c2e9652239a5d6400876df745fdb
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/33275
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Use the standard TLS 1.3 Key Update variant (broken since draft -13).
Fix key_phase change detection (gboolean is signed, and 1 != -1, so it
would always trigger a key update when KP1).
Fix typo that breaks Key Update for the client (server_pp -> pp_state).
Tested with attachment 17132 from the linked bug.
Bug: 13881
Change-Id: I0246816e99d2e3ed509aa3ebb8a57b753399dde4
Reviewed-on: https://code.wireshark.org/review/33279
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch adjusts the inconsistent usage of the is_mandatory flag
passed to the dissect_* functions for optional IEs, which fixes the
issue of incorrectly parsed RSL ERR REP optional IEs and the equally
broken BCCH INFORMATION optional IE parsing.
Bug: 15789
Change-Id: I94ea8fe110d8d6aa6ebd0cec5013d3cc8fd55311
Reviewed-on: https://code.wireshark.org/review/33269
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way, if it's cut short by a snapshot length (or its length is
otherwise too large), we don't throw an exception before dissecting the
items that are present.
Change-Id: Id2521efdcf97f63f6826d62b4361722c7eef78c9
Reviewed-on: https://code.wireshark.org/review/33253
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't show every single non-ASCII character as a bunch of meaningless
backslash-escape sequences for the multiple octest of their UTF-8
encodings.
Change-Id: Ieed3cdf26c3c63a0d1681efcf967c7b80132cb14
Reviewed-on: https://code.wireshark.org/review/33245
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Lua 5.2 moves unpack to table.unpack, be sure to define this for Lua 5.1
or LuaJIT. This fixes an error with https://github.com/Lekensteyn/kdnet
when using LuaJIT.
Change-Id: Ib9e4591d9edb1cb3b0c1e86172331055f9f457d9
Ping-Bug: 15745
Reviewed-on: https://code.wireshark.org/review/33046
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Octet arrays are octets of guint8s, not gchars/chars.
Make some strings arrays of chars/gchars, not guint8s; this needs more
thought (throughout Wireshark).
Offsets into tvbuffs are signed, not unsigned. (This is to support
negative offsets, which are offsets from the end of the tvbuff. We
might want to remove that and go with unsigned offsets, and have the
few, if any, places where that feature is used explicitly calculate the
offset from the end based on the tvbuff's length; most if not all of our
handling of trailers/end-of-packet FCSes/etc. does so, and makes sure it
handles the case where the end-of-packet information isn't present, to
better report errors and dissect the stuff before it.)
Change-Id: Ia46ed3fc7c2d8ac97cd14824d521cbc461fb7f45
Reviewed-on: https://code.wireshark.org/review/33239
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update them to use ws_diag_control.h and ws_compiler_tests.h, and the
DIAG_OFF() macros therein.
Regenerate the CORBA dissectors.
Change-Id: I26f0add0ec8dd920bfe80571b4141c1b0e2f0640
Reviewed-on: https://code.wireshark.org/review/33238
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(Why does a call to proto_tree_add_item_ret_uint(), passing a a pointer
to a gint32, rather than a guint32, as the last argument, not cause a
compiler error?)
Change-Id: Id1a0dfb62694bfe5147f53938bf1c9c8972efb70
Reviewed-on: https://code.wireshark.org/review/33234
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It can, and, in at least one capture, it does.
Change-Id: Id3540e6551db5d63427f09c6ccc521958ecccac6
Reviewed-on: https://code.wireshark.org/review/33231
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add NCP 98
Fix NDSrequestprotocolflags not being captured on request so that reply
would offset correctly with CRC flag.
Change-Id: Ie45a1017326dd38393baf3f005f3ec9195438565
Reviewed-on: https://code.wireshark.org/review/33146
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When checksum calculations are performed (irrespective of type) the
calculation is assumed to be possible on at least a common header and
optionally a payload. This assumption was not checked, which could
lead to out of bound access of packet buffer data.
Simply adding the assurance that enough buffer data is available avoids
this out of bound access.
CID 1439698
Change-Id: I5fec69b96b1064ffdda11f51b882fe5775844475
Reviewed-on: https://code.wireshark.org/review/33185
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When decrypt_ssl3_record is called with a record length of zero, it will
pass NULL to ssl_data_set because tvb_get_ptr(..., 0) yields NULL. That
triggers a DISSECTOR_ASSERT. Fix this and add expert info while at it.
Bug: 15780
Change-Id: I727b511aa48b6e1aeb20a441d1eb9d3627a74413
Reviewed-on: https://code.wireshark.org/review/33203
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bits named according to IEEE 802.11-2016, p.836, Figure 9-192
Change-Id: I4e0a6c90796d80ebbdc31c32a3ea2d9da4db8885
Reviewed-on: https://code.wireshark.org/review/33193
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For type B cards, the PCD assigns a card identifier (CID)
in the attrib message it sends to the card. The card sends
the assigned CID back in its response.
We already dissect the CID in the response. Dissect it in the
attrib message as well.
Change-Id: Ic0bd200f0e40496d8fe3121aa9ad601a269de36c
Reviewed-on: https://code.wireshark.org/review/33183
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Ber choice called with a non FT_UINT hf variable. Work around by
duplicating ASN1 code.
Change-Id: I71b38e25288f222058793110eb43c122c012dcca
Reviewed-on: https://code.wireshark.org/review/33191
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert the host-endian session ID passed to seskey_find_sid_key()
before comparing it with the little-endian session IDs in the UAT.
While we're at it, tag session ID fields in various structures with the
byte order.
Bug: 15772
Change-Id: Ib1e7323bad1dfdb1ac24a08998205650f2744097
Reviewed-on: https://code.wireshark.org/review/33188
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Controlled by a preference (off by default).
Change-Id: If2fafb1d0b94faf4e42c3e9bb4bef010f1a9be0b
Reviewed-on: https://code.wireshark.org/review/33056
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Dissect version 1 and 2 of Audio Streaming General Endpoint descriptor.
Ping-Bug: 15503
Change-Id: I2b9dfdc22db0c75a0e736738c2d6ca72e7f8d9af
Reviewed-on: https://code.wireshark.org/review/33172
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This is the new standard in recent Elastic versions.
Fix point (3) of the linked bug.
Bug: 15763
Change-Id: I64ef085c2a8ad9d25ced30a337287c8cb77903e4
Reviewed-on: https://code.wireshark.org/review/33112
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Elastic integer fields are:
integer: signed 32 bit
long: signed 64 bit
Fix values in mapping. uint64 is not handled by elastic, but still
mapped on 'long'.
Fix point (2) of the linked bug.
Bug: 15763
Change-Id: I14afa1cb7fcb6ad98d44707a8b506420e29ceb83
Reviewed-on: https://code.wireshark.org/review/33109
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Each MIDI Event creates its own protocol tree and thus the generic USB
Audio tree is not needed.
Ping-Bug: 15503
Change-Id: I83ab01e340fce72e8ab824a2ee77ae37c033daae
Reviewed-on: https://code.wireshark.org/review/33160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is especially useful when there are multiple USB Midi Events in frame.
Ping-Bug: 15503
Change-Id: I92ab73d5ff33f5a227f4433ba22792ca791e38e7
Reviewed-on: https://code.wireshark.org/review/33159
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Extend audio conversation info to include the major version of USB MIDI.
The major version in Audio Control header can be different than the
major version in MIDI Streaming header.
Ping-Bug: 15503
Change-Id: I7ef7c15b4fcab21cfaf380f46085a1a3a13021b5
Reviewed-on: https://code.wireshark.org/review/33168
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prior to this change the MIDI Streaming descriptors were labeled as
UNKNOWN DESCRIPTOR.
Actual contents of MIDI Streaming descriptors are not dissected yet.
Ping-Bug: 15503
Change-Id: Ie55431bd89a09770ed832d7d0838eb8c2268d531
Reviewed-on: https://code.wireshark.org/review/33161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support of NVMe/TCP (NVM Express over Fabrics for TCP).
to wireshark.
NVM Express is high speed interface for accessing solid state drives.
NVM Express specifications are maintained by NVM Express industry
association at https://nvmexpress.org/.
NVMe/TCP is the TCP transport binding specification
which recently ratified (Technical Proposal 8000) and is a part
of NVMe-oF spec version 1.1.
Reference can be found here:
https://lwn.net/Articles/772556/
and protocol specification:
https://nvmexpress.org/welcome-nvme-tcp-to-the-nvme-of-family-of-transports/
Supported commands are
*) NVMe/TCP ICREQ, ICRESP.
*) NVMe Fabrics commands
*) NVMe commands that are supported by packet-nvme dissector.
Testing is done with Linux 5.0 nvme-tcp host and target drivers.
H2C and C2H termination PDU`s are not supported as Linux NVMe/TCP driver
does not support them as well in kernel 5.0
Bug: 15735
Change-Id: I63ae7aa2a42ff843b9832110830fd345f30d9170
Reviewed-on: https://code.wireshark.org/review/32640
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Have separate expert info items for the PDU length field being too
short, the PDU length field being too long, a CLV being too short, and a
CLV being too long.
Do the PDU length checks when we add the PDU length field, and add the
expert infos to the length item; remember the results of the checks for
future use.
Use DISSECTOR_ASSERT for the tests in osi_check_and_get_checksum() that
make sure the checksum field is contained within the data to be
checksummed, so that's reported as a dissector bug to the user.
That means that osi_check_and_get_checksum() only returns FALSE if we
don't have all the data available to checksum; that already gets
reported as an indication that the checksum is unverified, so we don't
need to put confusing and misleading expert infos about the PDU
length - whatever PDU length errors need to be reported have already
been reported, as per the above.
Make expert info names more consistent, and fix one expert info variable
name.
Make the length argument to isis_dissect_clvs() unsigned.
Clean up white space.
Change-Id: I0ce799c766dc427602d155c5b48099df8bf51c67
Reviewed-on: https://code.wireshark.org/review/33179
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The length variable is the length of the value, not the length of the
entire CLV, so there's no need to subtract the length of the C and the
L from the length - it covers just the V.
Change-Id: I711657e4e0b76e2aac9d58efd88f45201b9c2c5b
Reviewed-on: https://code.wireshark.org/review/33174
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When composing the error string to return to the UAT handling,
the proto name string is already free'd. Reverse the two calls
so that the string is free'd _after_ the error string composition.
Change-Id: I11615c07f6b00e59007e0c85c84283d486cc478c
Reviewed-on: https://code.wireshark.org/review/33167
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the purported first tuple has a net of 0, it's a 3-octet version
indicator, not a tuple containing route information; the third octet is
a version number. Display the version number and skip it before
displaying the tuples.
If the first tuple is an extended network tuple, the sixth octet is a
version number; display it as such.
Change-Id: I7ffb8b9df025dd75eb43eba24a37ce6bd26e8019
Reviewed-on: https://code.wireshark.org/review/33152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The BSSMAP LCLS GCR field is specified in 3GPP TS 29.205, which
in turn was originally created to augment the ITU-T Q.190x BICC
with Mobile specific information elements. Let's add the latter
decoding function as a new packet-bicc_mst.c, so it can be used
also from other dissectors. For example, GSM MAP also includes
GCRs and hence should be modified to use this new decoder.
Change-Id: I247d2ccd2d16e996f4fe5d5952ba8a4091a4ffd0
Reviewed-on: https://code.wireshark.org/review/33117
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is achieved by calling the respective dissector functions
from other dissectors, which requires them to be exported.
Change-Id: Ifd01da8e5ff4ac3f3f3179b842e3a7223629b234
Reviewed-on: https://code.wireshark.org/review/33121
Reviewed-by: fixeria <axilirator@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
The Osmocom GSUP protocol was recently extended with additional
message types and information elements to support the use case
at the GSM "E Interface", which is the signaling interface between two
MSCs during Inter-MSC-Handover procedures.
This patch adds the bulk of the E interface decoding, leaving only
the dissection of RR/BSSAP/SM cause values for follow-up patches,
as this requires modifications to those respective dissectors.
Change-Id: I0ef2fe4eac108de6804ede152cddac8551d4918e
Reviewed-on: https://code.wireshark.org/review/33120
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
And, for DDP packets, set the length in the LLAP tvbuff based on the
length to which the DDP dissector set its tvbuff.
That lets padding be recognized as such, and also prevents dissectors
called from the DDP dissector from running past the end of the packet.
Report invalid lengths with expert info.
Change-Id: Icc6ed222a4e7b33463c7c0b02c954952fe21949a
Reviewed-on: https://code.wireshark.org/review/33142
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At least on the document we cite here, the company's name is "VSS
Monitoring",not "VSS-Monitoring".
Perhaps this dissector should be disabled by default, so people don't
get shown bogus VSS Monitoring trailers when the packet just has
one or two bytes of padding at the end.
Change-Id: I367fab67d9e0cc294a668ee8532d46c02feffbfa
Reviewed-on: https://code.wireshark.org/review/33138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Since draft 17, IETF QUIC retry packets carry the Original Destination Connection ID Length (ODCIL)
in the four least-significant bits of the first byte.
However Wireshark's QUIC dissector expects the ODCIL to be after the source connection ID,
which was the behaviour before draft 17, which results in incorrect dissection
Issue reported by Jeremy Lainé
Bug: 15764
Change-Id: I7c6ed2988a0b0ab3f4dfe6de9f9571ae522148cf
Reviewed-on: https://code.wireshark.org/review/33116
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also dissect UUID flags.
Change-Id: Ic63ff2e7d9aeb46b0ad0a3bf6501bb0862087c55
Reviewed-on: https://code.wireshark.org/review/33132
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Need to make sure to read UM/AM direction before reading SN-length. Also fix a backward test while looking up
stored SNLength.
Change-Id: I4dbb701efe80c78fee5e1af9e405b2cf883f7401
Reviewed-on: https://code.wireshark.org/review/33129
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
We may want to have a preference to allow the user to specify which Mac
extended character set to use.
Change-Id: I0b8cc0c3f0f46f211aec37b428ab875205a1a000
Reviewed-on: https://code.wireshark.org/review/33126
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
EtherTalk and TokenTalk frames use LLC/SNAP headers with an OUI of
08:00:07 and a PID of 0x809B.
Frames with an Ethertype of 0x809B - either as the Ethertype field of an
Ethernet frame or as the PID, in combination of an OUI of 00:00:00, of
an LLC/SNAP frame - have an LLAP frame, complete with an LLAP header, as
the payload.
Don't treat 08:00:07 as a special case - register it as an OUI and give
it a dissector table, and register the DDP dissector in that dissector
table with ETHERTYPE_ATALK. Register the LLAP dissector in the
"ethertype" table with the Ethertype ETHERTYPE_ATALK.
This means we now have two separate LLC+SNAP PID tables for Apple; name
them appropriately.
That also means we need to add packet-atalk.c to the list of files
allowed to add "llc." named fields.
Change-Id: I00bafd692f83f73bd347628cb9e950863c26a2b7
Reviewed-on: https://code.wireshark.org/review/33125
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ACK tracking did not work for protocols like ZigBee because the ACK is
send without address information. By moving the ACK tracking out-side
the conversation and only use the interface and the sequence number to
match requests and ACKs this is now working.
If addresses are present in the ACK they will still be used to avoid
invalid matches.
The nature of the wmem_tree ensures that the ACK tracking will always
work on the latest requests.
Change-Id: I5c763e34ec340b19a7998ddcfe9f72fccfd2acd1
Reviewed-on: https://code.wireshark.org/review/32927
Reviewed-by: James Ko <jck@exegin.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Subdissector compatibility is enhanced. flexray_identifier structure can now be
used by subdissectors.
Change-Id: I89f80c03f0f75746fc477d21c3614ae8263cb1b3
Reviewed-on: https://code.wireshark.org/review/33030
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix for compilation on platforms without GCrypt library.
Change-Id: I049f7d60f3b65f713ee3e43f62361790901982a6
Reviewed-on: https://code.wireshark.org/review/33113
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix compilation on Centos:
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_record_update_cb':
epan/dissectors/packet-btmesh.c:2057:9: error: implicit declaration of function 'k4' [-Werror=implicit-function-declaration]
if (k4(rec)) {
^
epan/dissectors/packet-btmesh.c: In function 'uat_btmesh_label_uuid_record_update_cb':
epan/dissectors/packet-btmesh.c:2198:9: error: implicit declaration of function 'label_uuid_hash' [-Werror=implicit-function-declaration]
if (label_uuid_hash(rec)) {
^
cc1: some warnings being treated as errors
[224/2387] Building C object epan/dissectors/CMakeFiles/dissectors.dir/packet-btmesh-pbadv.c.o
ninja: build stopped: subcommand failed.
Change-Id: I0ffbce46285c7883f3ef604d06fad3a94b2197cd
Reviewed-on: https://code.wireshark.org/review/33108
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This protocol is spoken between the BSC (Base Station Controller) and
the CBC (Cell Broadcast Centre). It runs over TCP Port 48049 and is
specified in 3GPP TS 48.049.
Change-Id: I183e4741e2db5b9cc4dfe2b89f7920a32af67971
Reviewed-on: https://code.wireshark.org/review/29745
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Thanks to Peter Wu for the deep analysis of the issue:
Reproduce this issue with master v3.1.0rc0-662-gfd30adca44 and the reproducer from
the oss-fuzz issue tracker:
HOME=/x FUZZSHARK_TABLE=ip.proto FUZZSHARK_TARGET=ospf fuzzshark
clusterfuzz-testcase-minimized-fuzzshark_ip_proto-ospf-5128657784799232
Attached are the traces for watchpoints on changes to parent_tree.tree_data.count,
this revealed 7 nodes that were added from the catch block in epan/expert.c:759
show_reported_bounds_error adds a proto node and calls expert_add_info:
1. _ws.malformed - protocol node via epan/show_exception.c:177
expert_create_tree adds two items:
2. _ws.malformed - expert tree via epan/expert.c:480
3. _ws.malformed - protocol filter because group==PI_MALFORMED via epan/expert.c:488
Because an explicit ei field was given: "add_expert_info(..., &ei_malformed)", two
fields are added instead of one:
4. _ws.malformed.expert - none node via epan/expert.c:543
5. _ws.expert.message - string node via epan/expert.c:545
Two more fields are added for the severity and group:
6. _ws.expert.severity - uint node via epan/expert.c:549
7. _ws.expert.group - uint node via epan/expert.c:552
So this problem would never occur when an exception is triggered via DISSECTOR_ASSERT,
but only for ReportedBoundsError exceptions (which occur when trying to use proto_tree_add_item
with invalid bounds for a tvb).
In conclusion, increasing EXCEPTION_TREE_ITEMS by 2 would suffice, but bump it to 10
(double the current value) to prevent similar crashes to happen if few more items
will be added in the future.
Bug: 14978
Change-Id: Ib9f5e254aeb4d756da5bab8f2e7ccf2572764aa4
Reviewed-on: https://code.wireshark.org/review/33060
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Any request or response with the Content-Type header and no
Content-Length header would cause the HTTP dissector to combine all
segments until the end of the connection. This is bogus, it should only
do this for HTTP responses under stricter conditions.
To fix this issue: 1) explicitly disable body desegmentation for
messages that never have a message body, 2) restrict "desegmentat until
the end" to HTTP responses.
The "Connection: Keep-Alive" case was a fix for bug 1142, but that is
now properly addressed by checking for the 304 status code.
Bug: 13116
Change-Id: I02371ac88ec2de6ee966fdc6df0dd246ad49c46d
Reviewed-on: https://code.wireshark.org/review/33035
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Small rework while here to prevent the creation of str_escaped if
the input string is enough for the check.
Bug: 15758
Change-Id: I5facf0307d1e0fed882bbe3ef91463164cf3440c
Reviewed-on: https://code.wireshark.org/review/33100
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The normal response to Write Single Coil and Write Single Register is an
echo of the request and thus the Request/Response of these codes cannot
be classified based on the length alone.
When the mbrtu.tcp.port value is set to Modbus Slave listening port,
then the Query/Response is correctly classified as long as the Master
source port is different to the Slave listening port.
Bug: 15573
Change-Id: I5cb9f1edb4cdc8e8872196075c14c61ae69b5d15
Reviewed-on: https://code.wireshark.org/review/33077
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the heuristics, don't fetch fields unless we're sure they're
available in the captured packet data.
Change-Id: I56ca1675aee13fe1629f02903573a392459d4846
Reviewed-on: https://code.wireshark.org/review/33102
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Every SysEx Manufacturer can decide its own SysEx message format.
As there are quite a lot of registered SysEx Manufacturers, it is best
to not mix all the Manufacturer specific commands in one file.
During the extraction following have been changed:
* sysex.digitech prefix changed to sysex_digitech
* sysex.device_id changed to sysex_digitech.device_id as the MIDI
System Exclusive specification doesn't specify anything except the
(Extended) Manufacturer ID
* sysex.digitech.device_id renamed to sysex_digitech.received_device_id
as this field is part of the Who Am I command response
* Remove the PROTO_CHECKSUM_ZERO flag - the actual checksum is simply
XOR of all bytes. Prior this change the actual checksum byte was
XORed together with the checksummed data.
Change-Id: I225149f16a83b7629ce4bf9f6ca81c1d93dd856a
Reviewed-on: https://code.wireshark.org/review/33070
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add SysEx reassembled message information under the "USB Midi Event
Packet" not under the "USB Audio".
Ping-Bug: 15503
Change-Id: I2c9367b1dcce0026964e1b9cdeb2af3875b5e882
Reviewed-on: https://code.wireshark.org/review/33085
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector tries heuristic dissectors too. Preference was added
determining if heuristic dissectors should be tried first.
Change-Id: I47dbbb6a7ebe2dd0266ad7c081141ada00ecde4a
Reviewed-on: https://code.wireshark.org/review/33055
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The DDP length is 10 bits long, not 2 bits long; it includes the bottom
2 bits of the first octet *and* all 8 bits of the second octet.
The checksum is at an offset of 2, not 0, from the beginning of the header.
Change-Id: I7e2b8eff4d023f80a894f1e1eec7b71d08510f7e
Reviewed-on: https://code.wireshark.org/review/33094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Try to recognize FRF.3.2/RFC 2427 frames that have a non-UI control field,
and Ethernet-directly-over-Frame-Relay frames, using heuristics; use a
heuristic to identify Cisco HDLC-over-Frame-Relay frames. All
heuristics involve checking the dissector tables for various protocol
discriminators (OSI NLPID, Ethernet type, Cisco HDLC type) to see
whether the value of the purported protocol discriminator has a
dissector.
Change-Id: I46d6ba2881674b102fb6983a43f0355e036f53d7
Reviewed-on: https://code.wireshark.org/review/33090
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Format types differ quite a lot between USB Audio version 1 and 2 thus
it is good to clearly separate the dissection into separate functions.
So far only the format type 1 of version 2 USB Audio Audio Streaming is
dissected.
Ping-Bug: 15503
Change-Id: I40544c7efb05810e2281248d1d1d33951b3b42a9
Reviewed-on: https://code.wireshark.org/review/33065
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'zbee_zcl_se.drlc.report_event.signature_type' exists multiple times with NOT compatible types: FT_BYTES and FT_UINT8
Change-Id: I79bfd0178f46444a08f2350cddbc792ea480a173
Reviewed-on: https://code.wireshark.org/review/33075
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I5326b87784817fb353329e2d686fe0515c32f6cb
Reviewed-on: https://code.wireshark.org/review/33038
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
The string type is the default in elasticsearch, then there is no
need to put those entries in the mapping report. This shortens a lot
the list.
Small indentation fix, while here.
Change-Id: If304d409a3ee2c30f24b5de4d90be522bbfae41e
Ping-Bug: 15719
Reviewed-on: https://code.wireshark.org/review/33053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show PDO version of PRes in the same way as we do it for PReq.
Change-Id: Ib433ade6cfedfcf74e9886bcfc8eba08dcddb588
Reviewed-on: https://code.wireshark.org/review/33062
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Include undecoded data expert info for partially dissected Audio Streaming
descriptors.
Ping-Bug: 15503
Change-Id: I93f03dea42af11b3fd4ab684766c26335bc08e57
Reviewed-on: https://code.wireshark.org/review/33063
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Output Terminal descriptor only when the version is supported by
the dissectr (1 or 2).
Ping-Bug: 15503
Change-Id: Icc64f8288c9917b5b7c3dfd88fe8a6d591d64dcd
Reviewed-on: https://code.wireshark.org/review/33061
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissect Input Terminal descriptor only when the version is supported by
the dissector (1 or 2).
Ping-Bug: 15503
Change-Id: I98bc5d52c4b0a7849c48e2e7f9d9e36f5ef254cf
Reviewed-on: https://code.wireshark.org/review/33057
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The MQTT documentation states "The Payload contains the Application
Message that is being published. The content and format of the data
is application specific."
Bug: 15738
Change-Id: Ie9d603049821fd7fe73add675a95245d5f27e0b0
Reviewed-on: https://code.wireshark.org/review/33020
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Generalise Audio Control subclass dissection to include undecoded data
expert info not only when the whole subtype is unknown, but also when
the descriptor was only partially dissected.
Ping-Bug: 15503
Change-Id: Id9d2d9c172e7c649a44290159cb74a9dfaab746c
Reviewed-on: https://code.wireshark.org/review/33037
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
"initial_version" might not contain a valid QUIC version if the initial
packet is used to trigger version negotiation. This was observed with
quiche (on draft -18) which uses 0xbabababa. Change heuristics to detect
the new format instead.
Bug: 13881
Change-Id: I8f1dc466575f37a27ee579a6e3dd38e154c3fa5d
Reviewed-on: https://code.wireshark.org/review/33032
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add extra fields to display the components of the layout
nfl_util for the files layout type. These components include
whether the layout is dense or sparse, whether the client
should send the commit to the metadata server or data server
and lastly the stripe unit size.
Change-Id: I8c054c68353eb5bd711b2f95d8dcf74ecc2aab03
Reviewed-on: https://code.wireshark.org/review/32952
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto.h:853:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
proto.h:866:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
Change-Id: I50a462c7a05f36ba60484980fd8ae9026effc047
Reviewed-on: https://code.wireshark.org/review/32922
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEC 60870-5-101 is the traditional serial version of '104. The headers are different but the ASDU dissection is identical.
Changes made to the '104 dissector to accommodate '101 are as follows:
- Added in a new protocol dissector 'iec60870_101'. This dissector handles the '101 header and calls the ASDU dissector when required.
- The existing '104acpi' dissector has been renamed to 'iec60870_104' to better align with the '101 addition
- The '104asdu' protocol has been renamed to 'iec60870_asdu' in order to make it more generalized between the two variants. Updated variable names and display filter fields as needed.
- 3 preferences exist in the iec60870_101 dissector to allow for configurable length of the COT, ASDU Addr and IOA fields. These are fixed their max length in '104 (2, 2 and 3 octets respectively) but are configurable in '101.
- The ASDU dissector has been modified to accept a data parameter that contains the fixed/configurable lengths of COT, ASDU Addr and IOA fields.
Bug: 15688
Change-Id: Ib0c918a40d24967caa8588067fa9e9a240af4ca5
Reviewed-on: https://code.wireshark.org/review/32802
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It looks like PSIDs have a maximum length of 4 bytes. If we encounter an
invalid PSID, add an expert item to the tree and return.
Bug: 15604
Change-Id: I74e45a56bb0322d4ef95f87a5e2a11c32f43f00a
Reviewed-on: https://code.wireshark.org/review/32986
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Even though the three route subobjects type values overlap (mostly),
the range for RRO subobjects is not limited by an l-bit. For regular
type values this makes no difference, there is a difference for the
private subobjecs of an RRO. With the restriction on type value in the
code the private subobjects of RRO could never be reached.
Removing the type value limitation for RRO solves this. While at it
remove the superfluous rsvp class check for these high type values.
Change-Id: I63941085919902ab74f4b4b7ea74b2d362512da6
Reviewed-on: https://code.wireshark.org/review/32969
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's not used unless we have either zlib or libbrotli, so don't define
it if we have neither of them. This fixes no-zlib/no-libbrotli builds.
Change-Id: I97358c9197a2ab789f85498cc4e40d301ecb792d
Reviewed-on: https://code.wireshark.org/review/32975
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adding defragmentation of control and access layer messages.
Adding dissection of Friend Update and Heartbeat control messages.
Bug: 15722
Change-Id: Ib6d8899a2d089dfa3b3eee6cd3e5248b8dc26aff
Reviewed-on: https://code.wireshark.org/review/32948
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RFC7427 describes the Digital Signature Authentication for IKEv2. This
consists of the Signature Hash Algo Notify and a new format of the
authentication data. The Notify was already present. This patch only adds
the capability to parse the new format of the authentication data.
Change-Id: Id1949397c1a2caa9898ecf44ecd580b5417d3343
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Lack of handshake reassembly caused Certificate handshake messages to be
reported as "Encrypted Handshake Messages" and broke decryption in some
cases. Fix this by properly tracking handshake fragments and delay
dissection until all fragments are available.
Now when a fragmented Handshake message is found:
* The first fragment will have "(fragmented)" appended to the record
tree item as well as the "Handshake Protocol" item.
* "Reassembled Handshake Message in frame: X" is added for fragments.
* The last reassembled handshake message will be displayed together with
a fragment list.
Note: Previously, handshake records with a message length larger than
the available data was assumed to be encrypted. This restriction had to
be lifted, but can now cause false positives (reporting encrypted data
as unencrypted handshake fragments).
The provided capture is not minimal but should be comprehensive as it is
generated with randomly sized TLS record and TCP segment lengths using
`./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and
https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py
(A copy of this script is attached to bug 3303.)
Bug: 3303
Bug: 15537
Bug: 15625
Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764
Reviewed-on: https://code.wireshark.org/review/32857
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When reading the keyring xml file stop reading the name early enough
not to overrun the name buffer.
Change-Id: Ia98ddcd37b17e9865e24ef53a9146d85af1ae30f
Reviewed-on: https://code.wireshark.org/review/32954
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This makes it possible to set the console.log.level from the Advanced
preferences window.
Change-Id: I5c5551f089a935eef77f54fdcad0ba060f14edfd
Reviewed-on: https://code.wireshark.org/review/32930
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Currently an extended vendor parser only gets the vendor_type directly and
the vendor_id indirectly. For some cases (eap fragmentation et al.) it is
important to have access to the eap_code and the eap_identifier as well.
This patch is adding this.
Change-Id: I848cbe58dc4f8e4034382a9c9ca43d350a61bb18
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32944
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissect and skip the header and support for dissection of data coalesced
in the same TCP segment. It does not properly work for two-pass
dissections though, see comment 3 of the linked bug for a sample.
(The existing v2 dissector does not support coalescing at all.)
Requires enabling TCP preference "Try heuristic sub-dissectors first".
Decode As - TCP Port can be used to change the proxied dissector.
Bug: 15714
Change-Id: Ic6ba926eaef81a2cef3c7e00e1cb6eddc3bbc486
Reviewed-on: https://code.wireshark.org/review/32916
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Source/Destination addresses/ports are not specific to v2, they also
apply to v1, so drop the "v2" part. Rename fields and shorten the label
for consistency with the "ip.dst" and "tcp.dstport" fields.
Change-Id: I4187f9e278a315ccda7fa803106d368039e0f25c
Ping-Bug: 15714
Reviewed-on: https://code.wireshark.org/review/32940
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per RFC 6213 make an attempt to dissect the BFD-Enabled TLV.
Change-Id: I9a210c0cc119d66dfb091cd85203b9673cbe4a01
Reviewed-on: https://code.wireshark.org/review/32947
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The TLS dissector relies on a stable value for pinfo->curr_layer_num
between passes to enable handshake reassembly and decryption. A mismatch
could occur if the subdissector accepted the data (len is non-zero), but
did not add any tree items (tree->tree_data->count remains unchanged).
The original change added the check for tree->tree_data->count in order
to remove protocol names that are not visible in the tree. This could
for example occur when the HTTP dissector accepts the data but requests
more data for reassembly.
This desire to hide protocols is understandable, so simply reverting the
change would not be ok. Checking pinfo->desegment_offset is also not
stable. So that leaves the current approach.
Change-Id: I247adafbaa6d23ab9397eadacabaed9e1bfde997
Ping-Bug: 15625
Fixes: v2.5.0rc0-1206-gcd90f732a1 ("Improve frame.protocols accuracy.")
Reviewed-on: https://code.wireshark.org/review/32919
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fine Time Measurement protocol has been introduced as part of 802.11mc,
wireshark software is missing the support of parsing the FTM.
Add necessary changes to parse FTM frames.
Bug: 15721
Change-Id: I86c6a8db25ffc99df146e0fa1c1cc05bf29710d2
Reviewed-on: https://code.wireshark.org/review/32935
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding some more payload types defined in RFC6407 (Group Domain
of Interpretation).
Bug: 15693
Change-Id: I0f53c1c5eb92165e456bec63f2a85ef5eee506df
Reviewed-on: https://code.wireshark.org/review/32915
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The copied code for Zebra route IPv6 source prefix uses the normal
prefix length instead of the source prefix length. Change to use the
source prefix length instead.
CID 1440379.
Change-Id: I043ed5d37d2c5a3a279ef8ff573364ca6f5e627b
Reviewed-on: https://code.wireshark.org/review/32905
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current EAP dissector assumes that all vendor-defined extended types are
WPS. This does not allow for adding new vendor-defined payloads. This codes
cleans up the limitation. The Vendor-ID can be registered using a dissector
table, while the Vendor-Type is passed as data.
Change-Id: Idc75108fd42b9b2153089db503b137c6eeefe274
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32888
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This reverts commit bdf26a35f6.
This caused a warning on AppleClang 9.1.0.9020039 on Travis CI:
../epan/wmem/wmem_test.c:692:1: warning: unknown warning group '-Wunsafe-loop-optimizations', ignored [-Wunknown-warning-option]
A better workaround is to globally disable the warning for broken GCC
versions.
Change-Id: I3d878c4dccd5afc28e4bf8394f9adae2e6c35deb
Reviewed-on: https://code.wireshark.org/review/32903
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
in 1426 Access-Restriction-Data
Change-Id: I358ddffa1b395adeaa96494f572471619d8b40a6
Reviewed-on: https://code.wireshark.org/review/32884
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The field type must be FT_NONE in dissect_rpc_array to avoid
warning: Trailing stray characters.
Change-Id: I259e1fe5491b3ab95234c3521aa2c2b575650856
Reviewed-on: https://code.wireshark.org/review/32880
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove most cases where we were processing CI_GRC_SERVICE_ERROR as a
success condition.
Leave CI_GRC_SERVICE_ERROR in some cases where this may make sense, eg:
Modbus embedded messages may still want to be parsed as the embedded
format.
Bug: 15669
Change-Id: I44cae1ea8d3bacd6291a3118750f8a9e825de044
Reviewed-on: https://code.wireshark.org/review/32874
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Some offsets were not incremented after being read, but the next field
assumed it was incremented.
Change-Id: Ifb523bc37f454cfc76d077d34c3efa2663fb6b9e
Reviewed-on: https://code.wireshark.org/review/32873
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add MIN..MAX in the ASN1 code to have it generate code to handle 64
bits.
Bug: 15154
Change-Id: I87b786a84bdab60641c520322ea8096c5f7a7f81
Reviewed-on: https://code.wireshark.org/review/32860
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The checkapi code dislikes variables named time so rename it.
Change-Id: I49727203baacb32869b78d047e86b478b8e5c25c
Reviewed-on: https://code.wireshark.org/review/32840
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Updating option list according to
https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml
and adding options:
* RFC8026 OPTION_S46_PRIORITY
* RFC8156 DHCPv6 Failover Protocol
* RFC8357 Generalized UDP Source Port for DHCP Relay
Change-Id: I4924e50689629af1f9b0e4f12c2fda38d0013d98
Reviewed-on: https://code.wireshark.org/review/32827
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The bitmask for every header field is 8 bits, do not pass 64-bit values
to proto_tree_add_bitmask_list since the bitmask would always match
against the (possibly wrong) lower 8 bits. Instead process 8 bits at a
time, as before gc2ac157ac0.
Since g37b91eedd6, a dissector exception is thrown when the number of
bytes covering the BIT STRING value is smaller than the number of named
bit fields. (Trailing zero bits in a BIT STRING with named bit fields do
not have to be encoded.) Fix this by assuming zeroes.
Restructure the code to reduce duplication and add some comments. Tested
with the capture from 15684 (attachment 17045), check the keyUsage
extension in the Certificate message (frame 5).
Bug: 15673
Change-Id: Ifa010b9df3e4b46941c00e4f830a03efc589ac21
Fixes: v3.1.0rc0-431-gc2ac157ac0 ("ASN.1: Use proto_tree_add_bitmask... () for named bits.")
Fixes: v3.1.0rc0-458-g37b91eedd6 ("BER: fix dissection of bitmask lists with an invalid length")
Reviewed-on: https://code.wireshark.org/review/32820
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current dissector doesn't display correctly the
hf_rtcp_xr_timestamp field. ENC_TIME_NTP seems to be
missing.
Bug: 15687
Change-Id: Ie417e8a11e05e5fb842a4fb0ad5437da1f916130
Reviewed-on: https://code.wireshark.org/review/32809
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IANA hasn't assigned a port for ICAPS. Therefore we default to 0
to have the "Decode as" option available.
Bug: 15684
Change-Id: I69aa89e2b0e719f9abbd4b57a5c35723203623b1
Reviewed-on: https://code.wireshark.org/review/32790
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Issue reported by Helge Magnus Keck
Change-Id: I7878a56acf07119fc7f900eb72b6d497c675567c
Reviewed-on: https://code.wireshark.org/review/32808
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Field 'parameterId' (rtps.param.id) has a conflicting entry in its value_string: 15 is at indices 67 (PID_DOMAIN_ID) and 74 (PID_IS_RELIABLE [deprecated])
Change-Id: I34081c099da808d85236d9e255d6fe256fdf9cf7
Reviewed-on: https://code.wireshark.org/review/31632
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Helge Magnus Keck
Change-Id: Ib761b4209d1efc80ca2c107dda9919e71f5865c2
Reviewed-on: https://code.wireshark.org/review/32798
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the IEEE 802.11 dissector the conversations concept is (re)used
for tracking associations. The conversations are then used to keep
data that's unique for a certain association, like negotiated AKMS.
Though currently associations are unique per (re)association
whereas conversations are unique based only on src/dest address.
This is problematic for captures with multiple associations with
same STA/BSSI pair.
For example:
Assoc req frame (assoc #1, conversation #1)
Reassoc frame (assoc #2, conversation #1)
Assoc req frame (assoc #3, conversation #1)
To make a one to one mapping between conversations and associations
store an association counter with each frame and use it with the pinfo
srcport/destport fields to build a conversation key:
(src, dest, association_counter).
Bug: 15616
Change-Id: Ie020bdffbcdab4739ee07f73025ef1157c1fc329
Reviewed-on: https://code.wireshark.org/review/32737
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also the MIC inside FT IE is variable length in coming IEEE 802.11
spec. According to IEEE 802.11 spec the MIC length is based on AKMS
negotiated during (re)association phase. This is good as long as
the capture file contains needed assoc frames.
Though if association frames are missing the MIC length is unknown.
As a backup try to use the AKMS found in current frame to
determine MIC length. Handle this logic in a new function like this:
MIC length is detemined by:
1. User overridden MIC length setting
2. AKMS negotiated during association phase (conversation)
3. AKMS from current frame
4. Default 16 bytes length.
Also changes had to be done to the ieee80211_packet_data_t handling.
This structure appears to be used as a temporary storage for data
related to current frame. However data was stored in file scope making
it impossible to know whether data was from current or another frame.
This is fixed by changing to the pinfo pool.
Bug: 15616
Change-Id: I521d440b47d71cbc94cd6c56714d21274c8dd23e
Reviewed-on: https://code.wireshark.org/review/32693
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adds support for RFC7140.
Change-Id: I0d7312a078bcb654574707fc46da0fe0629dbb7d
Reviewed-on: https://code.wireshark.org/review/32803
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>