Change-Id: I959729a8834054cf333ec2c47f9d93756eb94066
Reviewed-on: https://code.wireshark.org/review/1922
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I16e6fd4f2d9fb37539cfcb17c0ade1033aea2d6f
Reviewed-on: https://code.wireshark.org/review/1921
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
at first, read only the info required to fetch the conversation struct
Change-Id: I3becbb59bf6a55f07805ca9f3c24f015484fcd13
Reviewed-on: https://code.wireshark.org/review/1920
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
In the EIGRP packet dissector, the dissector routine for the Sequence TLV
dissected the TLV only up to the first address in the list. However, the
Sequence TLV contains a variably sized list of addresses. This patch
modifies the routine so that it processes the entire TLV, not just the
first address in the contained list.
Also, in the dissect_eigrp(), replaced calls to tvb_new_subset() with
the reported length set to -1 with the call to tvb_new_subset_length().
TLVs always carry information about their length. And this time,
correct truly ALL calls in the switch{} section.
Sample packet capture is available in BugZilla.
Bug: 10156
Change-Id: Idaaf182c05bcf799f770f23a2ce2b1e05a3d569a
Reviewed-on: https://code.wireshark.org/review/1911
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I8de7b63ca90803f8fc6333bbe43aeb94459e6363
Reviewed-on: https://code.wireshark.org/review/1918
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I796138bab6d4b75ade047f0706e68f301e4559df
Reviewed-on: https://code.wireshark.org/review/1919
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Make the check for a valid index range a macro, so the compiler doesn't
whine if it's not used, but it's available if it *is* used.
Change-Id: I3cee0460eacef23187c141458dc5ac7a7acbf7c8
Reviewed-on: https://code.wireshark.org/review/1914
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The main limitation that comes to mind for the length of "an Ethernet"
is that a 10BASE5 segment can't be longer than 500 m. :-) Say "a MAC
address" rather than "an Ethernet", as 1) we're fetching an address, not
an actual physical Ethernet and 2) FT_ETHER is really FT_MAC48 and it
used for protocols other than Ethernet.
Change-Id: I402341371006e7933faa5c60dab2e58cfb349eb3
Reviewed-on: https://code.wireshark.org/review/1913
Reviewed-by: Guy Harris <guy@alum.mit.edu>
While we're at it, get rid of duplicate #defines for some OUIs, sort the
OUI #defines, and fix some routine names.
Change-Id: I8f4e5408b44896c3629a0014299b060ebc15bab6
Reviewed-on: https://code.wireshark.org/review/1906
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Decode the HTTP/2 header block using nghttp2 HPACK decoder
In this patch, We use nghttp2 HPACK decoder to decompress HTTP/2 header
block. To make HPACK decompressor work, we need to track down HTTP/2
connection from the beginning. If we see the HTTP/2 magic (connection
preface), we initialize HPACK decompressor objects. We actually use 2
HPACK decompressor for both client and server. HPACK decompressor
objects are stored in hash tables using TCP stream index as a key.
Most code by: Tatsuhiro Tsujikawa
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Signed-off-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: Idb4dd4b0a200924820cb0b34db664cc37518168d
Reviewed-on: https://code.wireshark.org/review/1527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(No problem with gcc-4.7 or gcc-4.8)
Change-Id: Iae1f801abeb80429c08e93668133a9c5ac7977ef
Reviewed-on: https://code.wireshark.org/review/1898
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
in the linkage descriptor
Change-Id: I7ebca539076b2b881e82fd6baec5bb223e778a52
Reviewed-on: https://code.wireshark.org/review/1896
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
It'll be later used also for detecting sse4.2
Change-Id: I1930abb29026b455d453a79b5f301cdf37585160
Reviewed-on: https://code.wireshark.org/review/1803
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3381e1c35795ac33331cdddb8cefa8b0a16907cc
Reviewed-on: https://code.wireshark.org/review/1894
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Add a dissector table for the 802.3 "slow protocols" subtype, split the
dissectors for those protocols into separate files, and have them
register in that dissector table.
Remove some unnecessary #includes while we're at it.
Change-Id: Ic36c9c255efdd348055fa4f21fd6cc094f74e378
Reviewed-on: https://code.wireshark.org/review/1891
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I27656eacb698f8db7bfbe4f5502658c78b03fc13
Reviewed-on: https://code.wireshark.org/review/1890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ief46b7b53ddecd649e54d3c23a3504c4165c812f
Reviewed-on: https://code.wireshark.org/review/1855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I007ff5215f52f80f25622cab6980128eabd39c5f
Reviewed-on: https://code.wireshark.org/review/1888
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I18c2b7992b237eaaacbec04d504fc293b03558a3
Reviewed-on: https://code.wireshark.org/review/1887
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Icccc07706287df4b6a7481108f9921b939aae2d5
Reviewed-on: https://code.wireshark.org/review/1886
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I19b163913f8f6521a34d94d130e2ae74546a615a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1821
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I95ad8cb5857794608f0f8db5c2dfd4b16e6578d5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1820
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It is helpful to find and build this optional dependance.
Change-Id: I73d7a7bb730778bc8b9a54d6560f7f42f1e23bc0
Reviewed-on: https://code.wireshark.org/review/1876
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The MN interprets the CMD layer data only if the CN increments
the Send-Sequence-Counter => new data. The MN interprets the
data only once, if the same frame is sent again the MN ignores
the data.
The behaviour is described in the powerlink specification 301 v1.2.0
chapter 6.3.2.3.2.3 Error: Duplication of Frame
Frames which duplicate previous sent data are now marked as
duplicated frames.
Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ef24b52712bfd3c735856b0cd5747c47aeef72a
Reviewed-on: https://code.wireshark.org/review/992
Reviewed-by: Evan Huus <eapache@gmail.com>
Puts a tag in the info column when multiple MAUSB packets are in a
single TCP packet.
Change-Id: Ib20e5e30474d93270dd24e203ab96f64f5cc77ad
Reviewed-on: https://code.wireshark.org/review/1658
Reviewed-by: Sean Onufer Stalley <sean.stalley@intel.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
packet-btavdtp.c: In function 'dissect_bta2dp':
packet-btavdtp.c:2796:36: error: 'sep_data.vendor_codec' may be used uninitialized in this function [-Werror=maybe-uninitialized]
packet-btavdtp.c:2799:12: error: 'sep_data.vendor_id' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Change-Id: I5b9e22e7ec787430ee25d2cd7dbe13f854f9eaa2
Reviewed-on: https://code.wireshark.org/review/1884
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Not all system have HtmlViewer, but we support that case
by inform user about file/website, so we "have" HtmlViewer.
Change-Id: I46e16a86b5c7f9dd47e1d1ded9d10fd4f565660f
Reviewed-on: https://code.wireshark.org/review/1875
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Session should be finished too on HCI Disconnect and Adapter disappear.
Change-Id: I0823872e60ec932fc0831975e54dc33d49fb5dbc
Reviewed-on: https://code.wireshark.org/review/1882
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Also add Service informations to Info column and service item.
Change-Id: I0a565df94d7980432c524bd675b291f0e80704e5
Reviewed-on: https://code.wireshark.org/review/1881
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Fix warnings and try to inform user about unknown values in
"Decode As".
Also use define instead of magic number for Unknown L2CAP CIDs.
Change-Id: Ie6f26a9e3330b84cef14bbf8861ffbdbdb789225
Reviewed-on: https://code.wireshark.org/review/1880
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Michal Labedzki <michal.labedzki@tieto.com>
Example: if there is Connection Request than field with CID always
is called SCID. If we Sent this packet, it is okay, but if we Receive
it, then it is not SCID for us, but DCID. If we receive
Connection Request (DCID) and than we want to make disconnection,
so we send Disconnection Request with DCID that is SCID in
Connection Request... etc.
I try to clarify this, so rename stored SCID to Local CID
and DCID to Remote CID.
Change-Id: Idde0939a03955d8f4a10d8c9f7c43fd364254460
Reviewed-on: https://code.wireshark.org/review/1879
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>