Use the term "external capture interfaces".
Change-Id: I216ce2273737b58e4922c476416333ba16d6cb30
Reviewed-on: https://code.wireshark.org/review/25298
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a trailing NULLs so that we don't read past the end of
hfi_nfct_attr_status_flags and hfi_nfexp_attr_flags_bitfield.
Bug: 14336
Change-Id: I1e96a89f60df2d653c4f3ad63f29cf57eb0224a5
Reviewed-on: https://code.wireshark.org/review/25290
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Have the make-dissectors CMake target explicitly depend on copy_cli_dlls,
otherwise we might try to create dissectors.c before libglib-2.0-0.dll
has been copied into place. It looks like this is what's been causing
our random Windows PD failures.
Change-Id: Ia2445f17abd2c73113ab269ba6c606f48e724d93
Reviewed-on: https://code.wireshark.org/review/25292
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Decode additional data of NTP opcodes 8,9,10,11,12 only as one string.
There's room for improvement to dissect the string for all the
name=value pairs. To do so more samples of different implementations are
needed.
Used reference:
* https://tools.ietf.org/html/draft-ietf-ntp-mode-6-cmds-03
* http://doc.ntp.org/
* sample captures attached to bug
Bug: 14270
Change-Id: I4da537bf2a984b673845333714d8a8cb873f3147
Reviewed-on: https://code.wireshark.org/review/25281
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This UAT was limited (allowed configuring RACH channels only) and hasn't been extended for 4 years now.
There is also a heuristic dissector for RACH channels so pre-configuring them is unnecessary.
Change-Id: I266d2a0aba179318e1c28e0d5bc2b60860962fb2
Reviewed-on: https://code.wireshark.org/review/25270
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since the message number isn't explicitly encoded in the protocol there
is no field to filter on. It is however derived from the message
contents and added in the info column.
Adding this as a generated field allows searching for and filtering of
these messages.
As requested before, last at SF'17 EU.
Change-Id: Id77612f0178710d30ea815335b0a54339d5d7b2c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25257
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The correct length for an AT_STRINGZ address of "" is 1, not 0. A
length of 0 for an address is valid only if the pointer-to-address-data
is null.
Change-Id: I1da6de5ed402020ed5c8389a911870a54fa8b14a
Reviewed-on: https://code.wireshark.org/review/25258
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fixes a build failure when building the wireshark-git package on Arch
Linux using GCC 7.2.1:
epan/dissectors/packet-h223.c: In function ‘dissect_mux_sdu_fragment’:
epan/dissectors/packet-h223.c:207:13: error: variable ‘circuit_id’ might be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
Fixes: v2.5.0rc0-1698-g800b26edbe ("Remove circuit API")
Change-Id: I0b63f692e840e852680467b25ba3c3dfd31392ed
Reviewed-on: https://code.wireshark.org/review/25251
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make plugins.c the source of truth for plugin names. Where plugins
reside and what they do are two different things, so split the plugin
directory and description into two separate elements.
CMake creates portable[1] builds on Windows and macOS. That is, the
build-time directory layout is the same as the installation directory
layout. Adjust various plugin paths macOS accordingly.
[1] You have to run osx-app.sh on macOS to prepare the application
bundle, but the goal is to create a directory/bundle that can be moved
or copied to a different system and run in the new location.
Change-Id: Icf9d02e61918fdf1404468baf52542910edf2743
Reviewed-on: https://code.wireshark.org/review/25166
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Shift the value stored in coinfo->block_mflag in
dissect_coap_opt_block so that we store 0/1 instead of 0/8.
Change-Id: I45ac08564ff1fdcaf4e7306692db862b6a70989b
Reviewed-on: https://code.wireshark.org/review/25248
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Niels Widger <niels@qacafe.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
For queries, there appear to be two different versions, one with a
2-byte value of some unknown type and one with a 1-byte value that
appears to be an "appliance type" code followed by a 2-byte VLAN ID.
For replies, there only appears to be a version with a 1-byte "appliance
type" followed by a 2-byte VLAN ID, but handle a too-short payload.
Also point to http://www.rhyshaden.com/cdp.htm in some comments.
Change-Id: If1b476d5e6b23c7e0ba027835c6f0c84c8b723b7
Reviewed-on: https://code.wireshark.org/review/25249
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Allow decoding of LoRaTap in UDP packets like used by gr-lora (https://
github.com/rpp0/gr-lora) for instance.
Change-Id: I812c428db840a646b6fb22437037dcb8fab39370
Reviewed-on: https://code.wireshark.org/review/25247
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
UNSOLICITED_PONG (0xB): An endpoint received a PONG frame that did
not correspond to any PING frame that it previously sent.
Bug: 13881
Change-Id: I8f3daf46965b93007dd178622f3ebd7c187b11e7
Reviewed-on: https://code.wireshark.org/review/25239
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AS23456 is reserved in RFC6793 for 32-bit AS number range as AS_TRANS.
Add an additional text "(AS_TRANS)" to AS 23456 items.
Bug: 14305
Change-Id: I1a0ea9e07c74b7e409cb32e2da55dbf233a2348d
Reviewed-on: https://code.wireshark.org/review/25172
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ASN.1 prose imported from the specification and heavily modified
manually to workaround its poor quality.
Some of them are marked with -- WS modification comment, some are not.
Probably useless as-is, but it is an initial start until an updated
version is available.
Change-Id: I19ab6cedb6aa23c8ed57bae525ee4a3391494e32
Reviewed-on: https://code.wireshark.org/review/25235
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When doing recursion check we must also count down when done.
Bug: 14253
Change-Id: Icacc86e8b25e106e151117dbcc2f132b1bbe898e
Reviewed-on: https://code.wireshark.org/review/25226
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Another simple example of how to use preference effects to limit
the times a capture file is redissected unnecessarily.
Also clean up some of the grammar of preference effect descriptions.
Change-Id: I2db92e8e3ee913d3b37162916bd0ef7ac8ecd794
Reviewed-on: https://code.wireshark.org/review/25175
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We've added more fields, increment the pre-allocation amount
Change-Id: If0e68697c797e8709349a59b86fbcd4397730476
Reviewed-on: https://code.wireshark.org/review/25220
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow LoRaTap syncword field to be used for "decode as".
Fix field types for LoRaWAN EUI fields to display as EUI-64 little endian.
Change-Id: I584f338031a4bc87e127d35a7bf8751a60e93d55
Reviewed-on: https://code.wireshark.org/review/25199
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This interperates the main body of Lustre traffic.
This dissects all current Lustre OPCODES (as of Lustre 2.10.2)
This dissects MDS REINT sub-opcodes
This dissects LDLM Intent opcodes
This dissects LLOG EADATA
Conversation matching is just IP based and not IP/port based.
Only one lustre "instance" can be running on a given host at a given time,
and request / reply pairs aren't don't always match by port numbers.
Add exception for lustre_* structure names in PROTOABBREV.
We have several lustre.lustre_* because the internal lustre structre is
named lustre_ (i.e. lustre_handle or lustre_msg_v2)
This is still a work in progress, as there are missing FLAG values
and some LLOG EADATA structures that aren't fully decoded.
Change-Id: If57085e2692565336e49f40fb475ca1035da7a35
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24800
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the addition of power values to the top-level item for the TLV so
that it actually adds power values.
Make the list of power values in that item display correctly, without
extra commas.
Fail if the length of the TLV is less than 8. (We should really add an
expert info item for that.)
Change-Id: Ic4229c0652306f69156b8341c9fbb67cacc8154c
Reviewed-on: https://code.wireshark.org/review/25215
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a recursion check to tvbparse so that we don't overflow our stack.
Bug: 14253
Change-Id: I0f667c3720311318267a1184b33e33253f8ff729
Reviewed-on: https://code.wireshark.org/review/25202
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dissecting of LS Types bytes for LS Requests was missing.
Dissecting of LS Types bytes for LS Acknowledgments have been implemented.
Bug: 14310
Change-Id: I13d5b564a1e97f0c5a33c749273b11f94c90cbc0
Reviewed-on: https://code.wireshark.org/review/25183
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>