Commit Graph

86484 Commits

Author SHA1 Message Date
John Thacker bf8f30eba4 Qt: Fix test for appending rows to UAT tables
We want to return with failure when the number of entries in
the row we're trying to append is greater than the number of
columns, not less than the number of rows in the table.

The IO Graph is the only place that uses appendEntry, and this
allows adding IO Graphs past the tenth graph.

Fix #18762
2023-01-13 09:02:47 +00:00
Louis Scalbert 764890d159 BGP: fix BGP-LS IPv6 Neighbor Address TLV s length 2023-01-13 09:02:02 +00:00
Gerald Combs 34ce99f32e AppImage: Switch to linuxdeploy
Linuxdeployqt resists running on newer versions of Linux to the extent
that you can't even use "-h" or "--help":

https://github.com/probonopd/linuxdeployqt/issues/340

Switch to linuxdeploy (https://github.com/linuxdeploy/linuxdeploy).
2023-01-13 08:59:30 +00:00
Joris Peeraer 6281ad450b PFCP: refactor dissecting of enterprise IEs
The code for dissecting enterprise IEs has been reworked.

Previously, each enterprise was registered by its enterprise-ie in a
dissector-table. The per-enterprise dissector would index into an array
of IEs in order to find the correct IE-dissector.

Using this method has following drawbacks:
- IEs had to be defined in two arrays (value_string and dissector),
  possibly causing these two arrays becoming out-of-sync,
- the array only can be indexed if all IE-types are contiguous or gaps
  are maintained, which would be wasteful in case of bigger gaps
- individual IEs cannot easily be added outside of the source of this
  file

This commit implements a new approach that addresses above drawbacks by:
- defining all IE information together in one array,
- using per-vendor dissector_tables containing per-IE dissector handles,
  allowing both for arbitrary ie-types and adding individual
  enterprise-IEs separately from external code

This method does a two-level lookup for the IES:
- first looking up a vendor-dissector in the pfcp.enterprise_ies table
- if using the generic-ie-dissector a lookup in the per-vendor table to
  find the IE-dissector

A vendor-dissector receives the whole IE including header and has to do
all the work. An IE-dissector receives only the data-part and
a tree + header-fields have already been created.

The code for registering the per-IE tree-types has been modified as
well, because these tree-types are now stored together with the
IE-definitions. (Getting rid of the hardcoded indexes is also a plus.)

The 3GPP example enterprise dissector has been removed, as there are two
other enterprises which can serve as example.
2023-01-13 08:57:58 +00:00
Joris Peeraer b782c599ae Provide create_dissector_handle_with_data
Provide function create_dissector_handle_with_data that creates an
anonymous handle that uses a dissector with callback argument.
2023-01-13 08:57:58 +00:00
Alexis La Goutte f908bfa821 ciscodump(.c): Fix Null pointer passed to 1st parameter expecting 'nonnull' 2023-01-13 08:06:02 +00:00
Alexis La Goutte 5766002231 proto(.c): Fix Argument with 'nonnull' attribute passed null 2023-01-13 08:06:02 +00:00
Ivan Stanoev cc9f5aed2b PFCP: Fix QFI bitmask
QFI field is 6-bit long but in PFCP dissector bitmask was set to 0x7f.
It needs to be 0x3f
2023-01-13 08:05:07 +00:00
João Valverde aff45e6318 MSYS2: Update GitHub action 2023-01-12 21:04:37 +00:00
Gerald Combs a07265f3c4 GitHub: Add FUNDING.yml 2023-01-12 20:42:13 +00:00
Tomasz Moń 500b514b59
USBLL: Dissect USB 2.0 LPM Extended Transaction
Implement USB 2.0 Extension Transaction specified in USB Engineering
Change Notice: USB 2.0 Link Power Management Addendum.

Display Best Effort Service Latency (BESL) instead of Host Initiated
Resume Duration (HIRD) when dissecting LPM Token to align with USB 2.0
ECN Errata for Link Power Management.
2023-01-12 21:03:02 +01:00
Gerald Combs c14eb1767c E2AP: Use tvb_memcpy instead of memcpy(...tvb_get_ptr()) 2023-01-12 18:09:07 +00:00
Gerald Combs 9700b8cf8b LoRaWAN: Use tvb_memcpy instead of memcpy(...tvb_get_ptr()) 2023-01-12 18:09:07 +00:00
Michal Ruprich 2a285b75a1 capinfos: Removing RIPEMD160 hashes
When reading a packet capture with capinfos on a system with
FIPS 140-2 enabled, libgcrypt will abort for any non approved
algorithm. In this case the RIPEMD 160.
2023-01-12 18:07:41 +00:00
João Valverde 5ab3bb222d MSYS2: Update README 2023-01-12 17:08:38 +00:00
João Valverde 1229b0a999 MSYS2: Add PKGBUILD 2023-01-12 16:35:46 +00:00
João Valverde d00bd20fea MSYS2: Fix system installation
Make the "ninja install" target in the MINGW64 shell work and
allow Wireshark to run from the msys2 installation, besides
the build directory.

To clarify the names used here MSYSTEM is the distribution with a
Linux-like environment for Windows. MINGW is the toolchain.

It is possible to use MinGW without MSYS2 and we generally select
the CMake variables WIN32/MSVC/MINGW/USE_MSYSTEM taking that into
consideration but that WIN32+MINGW platform is not supported at the
moment and it's unlikely to be supported in the near future.
2023-01-12 14:30:41 +00:00
YDKK b0cb719672 opus: Fix TOC configuration parameter definitions 2023-01-12 12:41:56 +00:00
Martin Mathieson a88545ae95 Mysql: fix a couple of typos 2023-01-12 10:40:26 +00:00
Marius David 25311c6cfa netflow: Update Keysight netflow fields - pick up new fields added in Appstack 4.4 release 2023-01-12 09:34:47 +00:00
Gerald Combs 11983087ed Falcodump: More scap event code handling fixes
We don't need to do anything special for timeouts.
2023-01-12 02:36:41 +00:00
Gerald Combs de16040021 CMake: Rename SINSP_PLUGINS to FALCO_PLUGINS 2023-01-12 02:21:15 +00:00
João Valverde 4c9b0d846c CMake: Reverse debug macros
Originally WS_DISABLE_DEBUG was chosen to be
similar to G_DISABLE_ASSERT and NDEBUG.

However generator expressions are essential for modern CMake
but the syntax is weird and having to use negations makes it
ten-fold worse.

Remove the negation. Instead of changing the CMake variable
reverse the macro definition for WS_DISABLE_DEBUG.

The $<CONFIG:cgs> generator expression with multiple config arguments
requires CMake >= 3.19 so we can't use that yet for a further
syntactical simplification.
2023-01-12 00:59:15 +00:00
João Valverde 25d4a099f7 Remove WS_DISABLE_ASSERT
Assertions can be enabled/disabled using WS_DISABLE_DEBUG. The extra
granularity afforded by WS_DISABLE_ASSERT seems unnecessary.
2023-01-12 00:59:15 +00:00
Gerald Combs 640c44f24e CMake: Specify Falco plugins manually.
Falco plugins don't yet have a standard installation location, and even
when they do we might not want to install all of them. Remove plugin
detection from FindSinsp.cmake and note that you should just pass the
paths to your plugins in SINSP_PLUGINS.
2023-01-11 15:37:46 -08:00
John Thacker 06ba704058 Qt: Accept ColoringRulesDialog after writing colors
Instead of connecting ColoringRulesDialog's buttonBox accepted()
signal to two different slots (once in the .ui file, and one
automatically from a name), accept the dialog only after writing
the colors.

This prevents starting to recolor the PacketList before the new color
list has been been written.

Fix #12475. Fix #15471.
2023-01-11 17:11:49 -05:00
Gerald Combs 809b34455e Falcodump: Improve scap event code handling
Check timeouts and filtered events.
2023-01-11 22:04:41 +00:00
João Valverde 943bede110 version info: Strip whitespace from a string 2023-01-11 18:52:06 +00:00
Gerald Combs 29ca9c289f macOS: Add an initial donation page to the .dmg
Add a donation page to the .dmg package.
2023-01-11 18:42:39 +00:00
Philipp Dittmann 9c68879a27 Windows: Fix Release (unused variables)
- ws_assert does not work, because _ASSERT_ENABLED is false and gets optimized
- add _U_ to unused variables because of compile flag /W3
- local variables need suppression of warning 4189
2023-01-11 17:50:42 +00:00
Joakim Karlsson 02894b1cb9 Diameter: correction of copy-paste error 2023-01-11 16:16:29 +00:00
Pascal Quantin ce9689da01 F1AP: upgrade dissector to v17.3.0 2023-01-11 16:57:49 +01:00
Pascal Quantin b1482084b3 E1AP: upgrade dissector to v17.3.0 2023-01-11 15:24:47 +00:00
Pascal Quantin c15189981e NRPPa: upgrade dissector to v17.3.0 2023-01-11 16:06:33 +01:00
Daniël van Eeden 3e4d6a59aa MySQL: Complete dissection of zlib compressed 2023-01-11 14:50:59 +00:00
Pascal Quantin 56dfcccc48 XnAP: upgrade dissector to v17.3.0 2023-01-11 15:06:06 +01:00
Pascal Quantin 92d4052cf8 extract_asn1_from_spec.pl: add support for M2AP and M3AP specs 2023-01-11 12:52:23 +01:00
Pascal Quantin 20a8a8eb0f NGAP: upgrade dissector to v17.3.0 2023-01-11 10:42:15 +00:00
Pascal Quantin f2cdd8bbc3 M2AP: upgrade dissector to v17.0.1 2023-01-11 10:17:49 +00:00
Martin Mathieson fc013d9bd6 Set unique exit codes for processes 2023-01-11 09:56:26 +00:00
Pascal Quantin 4f7c3ab16a X2AP: upgrade dissector to v17.3.0 2023-01-11 09:50:18 +01:00
Pascal Quantin 0611f92317 S1AP: upgrade dissector to v17.3.0 2023-01-11 09:06:10 +01:00
João Valverde 313fed6db0 dftest: Add --types option 2023-01-11 01:00:41 +00:00
João Valverde 70e006fc42 dftest: Revert to using "->"
">>" looks like a bit shift. Revert back to "->".
2023-01-11 00:37:44 +00:00
Sergey V. Lobanov 8a4f22be61 ALP: fix issue #18795 (memory management issues)
This patch replaces memcpy to tvb_memcpy, also fixes while() loop over numts
2023-01-10 22:37:11 +00:00
Pascal Quantin 5e3dba3da0 NAS 5GS: upgrade dissector to v17.9.0 2023-01-10 22:01:32 +00:00
Sergey V. Lobanov 42f7ee88c6 LLS: fix msvc warning: possible loss of data 2023-01-10 22:07:57 +01:00
Sergey V. Lobanov 60912daef9 LLS: add dissector for ATSC3 Low Level Signalling (LLS) Protocol
LLS dissector is implemented according to A/331:2022-11.
.pcap sample: https://wiki.wireshark.org/SampleCaptures#lls-low-level-signalling-protocol
2023-01-10 09:49:18 +01:00
Kevin Albertson 3c9662b1d2 note that tvb_child_uncompress attaches to parent 2023-01-10 01:34:44 +00:00
Kevin Albertson 8bf015034e note to use the tvb_child_uncompress* alternative 2023-01-10 01:34:44 +00:00