Whether over RTP or just UDP, it's possible to get multiple simultaneous MP2T
transport streams between the same pair of IPs but on different ports. They
will not be part of the same reassembly. Thus the reassembly table functions
that use ports as well should be used to avoid ressembly errors and overlaps.
In the heuristic function we don't know the length of the CID in the short
header, so we assume the worst case scenario compatible with packet length
(no more than 20 bytes)
There's a check for adding a zero length fragment to a reassembly in progress,
but it accidentally checks fd_head->tvb_data (the reassembly in progress)
instead of fd_i->tvb_data (the new fragment) before calling tvb_get_data() on
fd_i->tvb_data. (Note that data / fd_head->tvb_data is created based on the
sum of the lengths of all the fd_i->tvb_data, so the former can only be NULL
if all the latter are, but it's possible for one fragment to be zero length
but not the entire reassembly. Thus this is the necessary and sufficient check.)
Fixes#15569
Request-response tracking of STUN messages encapsulated in CLASSIC-STUN
packets (via DATA attribute) doesn't work right now.
The reason for this is that req-resp tracking is usually performed on
first-pass, but CLASSIC-STUN attributes are not dissected on first-pass
(on wireshark, at least). So the encapsulated STUN messages are never
elaborated on first pass, either.
Add Ethertype for Cisco ACI ARP gleaning and dissect its payload
Improve some Cisco ACI vendor specific DHCP options
Update mcp after looking at knet_parser.py
Update lldp after looking at knet_parser.py
Also reorder some ETHERTYPEs by value
Add a check for valid CoAP info in dissect_thread_coap() before use.
It may happen that this is NULL because setting a decode_as rule
for application/octet-stream will also catch other packets.
The Diameter type Address hase a two byte address type family field
previously only IPv4 and IPv6 was handled. Add handling of E.164 when
encoded as a string.
It is called as a protocol by GTP as before, but making it separate
and findable by name protocol allows for that layer to be logged and
dissected separately.
With the current return parameter of dissect_hs20_osu_provider() function, the dissector only show the first
osu_provider of the list. Changing the return end by return offset, the
dissector show all osu_provider of the list.
Exablaze and Metamako ethernet trailer dissector heuristics are not
specific enough to limit the data they comsume and identiy as the
respective trailers. Disable by default.
Fixes: #16898
Update some field names and capitalization in the IPv4, IPv6, ICMPv4,
and TCP dissectors to match the names documented in their respective
RFCs. This is in no way comprehensive, but it ensures that the packet
diagram more closely matches the RFC diagrams for those protocols.
(I haven't found a document that explitly says so, but protocol field
names in IETF RFCs seem to follow Chicago Manual of Style capitalization
recommendations in section 3.4 of the RFC Style Guide[1] for the most
part.)
[1]https://tools.ietf.org/html/rfc7322#section-3.4
According to 3GPP TS 48.006, section 9.3.2, Data Link Connection
Identifier (DLCI) is coded as follows:
.... .SSS - SAPI value used on the radio link;
CC.. .... - control channel identification:
00.. .... - indicates that the control channel is not further specified,
10.. .... - represents the FACCH or the SDCCH,
11.. .... - represents the SACCH,
other values are reserved.
The following values in value_string 'bssap_cc_values':
{ 0x80, "FACCH or SDCCH" },
{ 0xc0, "SACCH" },
are valid before applying CC_MASK (0xc0) mask, but not after.
Commit 3a5d0569d7 added support for different STUN protocol versions;
a global preference allows the user to select the desired flavour.
Unfortunately, it is pretty common to have different flavours in the same
capture file, or even in the same packet (with STUN messages encapsulated
in a TURN tunnel), so a global preference applied to the entire file might
not provide enough flexibility.
Add a basic auto-detect algorithm to identify the STUN version specific to
each STUN message (the users will still have the option to force a global
version)
New dissector for MC-NMF (.NET Message Framing Protocol) and
MS-NNS (.NET NegotiateStream Protocol).
TLS implementation is not tested due to the lack of a sample capture.
Fixes: wireshark/wireshark#16861
John Thacker
Vadim Yanitskiy