This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add also special case on hello key_share extension
Ping-Bug: 12779
Change-Id: Ib8e2dd060f322c2404a8afa9b8cb70de7c2c65b7
Reviewed-on: https://code.wireshark.org/review/18093
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The preferences subsystem knows/stores the default values for all preferences;
maybe we should use that to show the default values for all preferences.
Change-Id: I562ce9f129c8dfd8378aeb425f70f21b4cf59230
Reviewed-on: https://code.wireshark.org/review/18094
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add Connection ID to tree
2. Remove unused defines
3. Fix Typo
Change-Id: I25b76057d5c482c73f22e45cc38d5dceb68feca6
Reviewed-on: https://code.wireshark.org/review/18099
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP Safety: Exception Detail Alarm and Exception Detail Warning both were not parsing their 3 parts because the offset was not increased. Fixed the offsets and combined the functions because they have the same format.
2. CIP: Forward Open Safety Response had wrong offsets so it was parsing incorrectly. This incorrectly showed as Malformed.
3. CIP Safety: Pass in tvb to proto_tree_add_subtree() instead of NULL. This was causing a Dissector bug (seems only on trunk, not 2.2). This was already done for packet-cip.c under https://code.wireshark.org/review/#/c/16748/
4. Some minor typos
Change-Id: I63e8d200cd3408c16ca0a1edbc483c3bb8298d3b
Reviewed-on: https://code.wireshark.org/review/18100
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I667c00a8093896984dbf75fa20bec86304706886
Reviewed-on: https://code.wireshark.org/review/18101
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12984
Change-Id: Ie7d74a99807cfc77b0c444d79e21b64e1612ac90
Reviewed-on: https://code.wireshark.org/review/18088
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12982
Change-Id: Iaf816247d49b2f869dc19f64cb0a24247fb38169
Reviewed-on: https://code.wireshark.org/review/18087
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Both 29.060 and 29.274 reference to 24.008 for TFT filter.
Remove redundant part and switch to common TFT encoder.
Second reason: decode_gtp_tft didn't encoder all correct,
missed direction and filter index.
Change-Id: I9691dcb5a9d151f181a3531145ac339fcc7ba245
Reviewed-on: https://code.wireshark.org/review/18082
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Derive the dissection functions from
dissect_ike_attribute() and dissect_ipsec_attribute():
* Add dedicated header fields.
* Remove attribute types not applicable in Responder Lifetime context.
Clean up the field name "isakmp.ipsec.attr.type".
Bug: 12963
Change-Id: I486380836d915255812098be2190bcc77ec13c00
Reviewed-on: https://code.wireshark.org/review/17970
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
g_malloc() may abort(3) the program when the comprlen is insanely large so use tvb_memdup() instead.
Change-Id: I23fbdc2362900030c41da1c297ab0c787de7c5ca
Reviewed-on: https://code.wireshark.org/review/18043
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I077c21eb213435e7ed0e9ac0b9a8f95aa9dd6f3d
Reviewed-on: https://code.wireshark.org/review/18075
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7846dd04c45d0398ded8345b6a2794d6f851cb64
Ping-Bug: 12979
Reviewed-on: https://code.wireshark.org/review/18065
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic9923d93d74a40da2a4009f8b27d8a5ae9803833
Reviewed-on: https://code.wireshark.org/review/18064
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As an FT_NONE field, you can't filter/use the message it contains.
Bug: 12960
Change-Id: Icaa9a260195711f1bd90f5ed14797c0d0c46de9c
Reviewed-on: https://code.wireshark.org/review/18063
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure temp_dfilter is initialized so that we don't end up freeing
invalid memory.
Change-Id: Id31969573690574846422b67c950188fd6ee4ef3
Reviewed-on: https://code.wireshark.org/review/18066
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The PT_TXTMOD_HEXBYTES comment was misleading, edit it to reflect the
actual implementation in GTK+/Qt.
Change-Id: I1506ad9189296dcc09cc20eafb0d65eaf291d79f
Reviewed-on: https://code.wireshark.org/review/18058
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The retured-content is defined as IMPLICIT Content (octet string),
so ensure we handle this correctly.
Bug: 12976
Change-Id: I4bcce67cea97142bf3312e1a5c2aeb169c7a69d2
Reviewed-on: https://code.wireshark.org/review/18054
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Move the modification of the content item (which adds the length)
inside the check for a valid tvb to avoid calling tvb_reported_length()
with a NULL parameter.
Bug: 12976
Change-Id: I54368584b7c00f7a2937eaec772533ae73d98f80
Reviewed-on: https://code.wireshark.org/review/18050
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
In ColoringRulesDialog:
Only check a rule's display filter if that rule is enabled. This keeps
us from disabling the OK button when we shouldn't.
Adjust the "Your coloring rules file contains unknown rules" dialog text
and buttons for accuracy.
In color_filters.c:
Don't try to compile disabled filters in color_filters_apply. Don't warn
about disabled and invalid filters in read_filters_file.
Bug: 12814
Change-Id: I7143bf8e7a6162d296f1e93769344b69763195c8
Reviewed-on: https://code.wireshark.org/review/17823
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I947dc83e3b1b853873b5158f234e44ef933c3bcc
Reviewed-on: https://code.wireshark.org/review/17982
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ia8d4d74a7f0f5795790f930fc1e894a7ee202da7 didn't have proper bit comparison.
Change-Id: I5b7e431745aff7ca895b6b83500bd7e8f1039fde
Reviewed-on: https://code.wireshark.org/review/18038
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Support collection values
- Support out-of-band values
- Support unknown values
- Support detail for octetString/collection values
- Support symbolic enum keywords for member attributes
- Update detail format to be more compact, normalize format to match IPP
syntax descriptions
Change-Id: I76295221901fa88250a2e9ef099eca2c53b20132
Reviewed-on: https://code.wireshark.org/review/17693
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also get rid of two global variables
Change-Id: I8c20decb76f5c1773f58efd24d2e1e7d1177d358
Reviewed-on: https://code.wireshark.org/review/18029
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Lua 5.2.4 built with -DLUA_USE_APICHECK detected a stack issue:
tshark: lapi.c:175: lua_settop: Assertion `(-(idx+1) <= (L->top - (func + 1))) && "invalid new top"' failed.
Function File_read always assumes that File_read_line pushes a value on
the stack (which clearly did not happen). On read failure, it would then
pop the stack (tripping the assertion) to push nil.
The other user (File_lines) is also affected by this change, but the Lua
5.2.4 documentation says that it should also return nil on EOF, fitting
this implementation.
Change-Id: I9cc8a5319523b2b56f4ae4735bbdbc1196387386
Reviewed-on: https://code.wireshark.org/review/18016
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I874314ac736ad94bfaf15665ee7b030382e9bdf3
Reviewed-on: https://code.wireshark.org/review/18015
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This changes the underlying model of the main interface tree.
Because of that, we can resort to a view/model approach, enlisting
the global interfaces list as only data source.
The interface list works identical to the old list, but allows
for filtering of the displayed interfaces by type. Only types, which
are present and whose interfaces are not hidden, are being displayed
for selection.
Change-Id: If8475b227daa026dc0ad3d25bc7fe050d5bf2ac3
Reviewed-on: https://code.wireshark.org/review/17940
Reviewed-by: Roland Knall <rknall@gmail.com>
Add expert info when conversion fails.
Change-Id: Ic13cb90abddd08218a957cd771bd5a4fab5a413e
Reviewed-on: https://code.wireshark.org/review/17839
Reviewed-by: Michael Mann <mmann78@netscape.net>
This should make drag-and-drop support (reordering) in Qt easier. It
also ensures that memcpy is used as fallback if copy_cb does not exist.
Change-Id: Iefe358890c49dcda4727054f7a2cee05614a36f6
Reviewed-on: https://code.wireshark.org/review/17992
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
for avoid conflit with heimdal lib
Bug:12831
Change-Id: Ic244b6b8dc4f68a0f782b88984ad7857ceb02e25
Reviewed-on: https://code.wireshark.org/review/17989
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and for heimdal lib add the value
Bug:12831
Change-Id: Ibf04560867acfe2a430034248ce2a386ea89b668
Reviewed-on: https://code.wireshark.org/review/17988
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. CIP: dissect_cip_set_attribute_list_req - Too many bytes highlighted. Could cause malformed packet
2. CIP: dissect_cip_cco_all_attribute_common - Too many bytes highlighted
3. CIP Motion: dissect_cntr_service - Wrong size passed in which tried to highlight too many bytes. Would cause malformed packet.
4. CIP: Some minor formatting/whitespace changes.
Change-Id: I5899888a3e58452945c8546cf635768cdd3cf738
Reviewed-on: https://code.wireshark.org/review/18000
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The libjsmn was imported into the tree and enhanced with a new
function. This change splits it into the "original" libjsmn and
an addictional module wsjsmn that contains the new function.
This will make easier to port within the tree future versions
of the library.
Change-Id: I3f1caa91bee462e0767e5e18d0b6a10f0b1cad32
Reviewed-on: https://code.wireshark.org/review/17963
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Instead of checking for the boolean "FALSE", just set an empty string.
This avoids the need to check for WERROR_COMMON_FLAGS before using it.
The transformation is the same for all files, remove
"if (WERROR_COMMON_FLAGS)" and "endif()", reindent and add quotes (since
we have a string here and not a list).
Modelines have been added where missing.
Change-Id: I0ab05ae507c51fa77336d49a99a226399cc81b92
Reviewed-on: https://code.wireshark.org/review/17997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Fix the warning:
packet-kismet.c: In function 'dissect_kismet':
packet-kismet.c:242:58: error: passing argument 3 of 'ws_strtou64' from incompatible pointer type [-Werror]
if (ws_strtou64(format_text(line, tokenlen), NULL, &t.secs)) {
^
In file included from packet-kismet.c:34:0:
../../wsutil/strtoi.h:49:24: note: expected 'guint64 *' but argument is of type 'time_t *'
WS_DLL_PUBLIC gboolean ws_strtou64(const gchar* str, const gchar** endptr, guint64* cint);
Change-Id: Ifd31de22db22f39f78359cc9432eb7da187f73a6
Reviewed-on: https://code.wireshark.org/review/17990
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The Osmux protocol bundles multiple AMR frames inside one UDP packet to avoid
the overhead of having one IP/UDP/RTP packet per AMR frame. It is used by the
osmocom project.
Sponsored-by: On-Waves ehf
Change-Id: I8fb21e54adec8d8bd7ac5ebd2154100a73ab71c9
Reviewed-on: https://code.wireshark.org/review/16996
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Column information of LLDP frames should be updated according to PROFINET
requirements without changing the default behavior of column information.
Therefore, a new protocol setting is added.
This setting is used to display PROFINET specialized column information:
Edit-> Preferences -> Protocols -> Select LLDP
Bug: 12937
Change-Id: I48b78d0a3f6b3425f6f9c1d4be20dc24b143346d
Reviewed-on: https://code.wireshark.org/review/17081
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add also an expert info when the time is invalid.
Change-Id: I8b3639aade41574cf1bda38f3ae1d02b09d0711c
Reviewed-on: https://code.wireshark.org/review/17678
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Bug: 12942
Change-Id: I69ab22caa9938167db421ca2f0346ca086280823
Reviewed-on: https://code.wireshark.org/review/17890
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The next sequence number is off by one when there is TCP payload
in a SYN or FIN packet (e.g. when using TCP FastOpen).
Bug: 12579
Bug: 12838
Change-Id: Idb68cea4b4dcba39461019c08db09367cbfc6d68
Reviewed-on: https://code.wireshark.org/review/16239
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Icbadcc83b5fedea4373d4c65a11700d73b3dc32e
Reviewed-on: https://code.wireshark.org/review/17972
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I57dbb27cbf935dd31342639b315d1fc98bd27d77
Reviewed-on: https://code.wireshark.org/review/17895
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Updated PCEP-ERROR Object Error Types and Values base on Path Computation Element Protocol (PCEP) Numbers 2016-08-09 version
Change-Id: Ife0b49119a2b634279e33ab8f699a5dc57ecb34b
Reviewed-on: https://code.wireshark.org/review/17957
Reviewed-by: Anders Broman <a.broman58@gmail.com>
new taps.
Change-Id: Ida5ad2375c95664ee1b911d265cb69672db2be2d
Reviewed-on: https://code.wireshark.org/review/17964
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apply mask and bit shift on the returned value.
Change-Id: I00aebc854756f01a25199a259d6d5252abea4349
Reviewed-on: https://code.wireshark.org/review/17958
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If ssl_association_add is passed a NULL app_handle argument, it will
trigger DISSECTOR_ASSERT which fails due to the bad wmem scope
(wmem_packet_scope). Arguably DISSECTOR_ASSERT should not be used there,
but its alternative is g_warning/g_assert are not much different...
Fix the crash (assertion failure) by checking that the UAT-supplied
protocol is really valid. Normally the post_update_cb should not be
invoked if any of the fields are invalid, but that requires larger
changes in the Qt UAT dialog code.
Change-Id: Ie245213b650b1de9640db8dadd08f3ed2bff335f
Reviewed-on: https://code.wireshark.org/review/17906
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added display Object-Type number in string.
Change-Id: Icbb44aae2379f308f49bef7355e8c8c901889c15
Reviewed-on: https://code.wireshark.org/review/17910
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename identifiers and change item labels to reflect their purpose:
* ISAKMP Phase 1 = IKE
* ISAKMP Phase 2 = IPsec
* IKEv2 Attribute = Transform Attribute
Remove "transform" and "type" where they do not apply.
External users of isakmp.tf.* field names, such as display filters,
have to be updated after this commit to use isakmp.ipsec.* instead.
old new
--------------------------------------------------------------------
dissect_transform_attribute() dissect_ipsec_attribute()
dissect_transform_ike_attribute() dissect_ike_attribute()
ISAKMP_ IPSEC_
hf_isakmp_tf_attr hf_isakmp_ipsec_attr
isakmp.tf. isakmp.ipsec.
transform_ike_attr_type ike_attr_type
transform_isakmp_attr_type ipsec_attr_type
transform_attr_sa_life_type attr_life_type
transform_dh_group_type dh_group
transform_attr_encap_type ipsec_attr_encap_mode
transform_attr_auth_type ipsec_attr_auth_algo
transform_attr_ecn_type ipsec_attr_ecn_tunnel
transform_attr_ext_seq_nbr_type ipsec_attr_ext_seq_nbr
transform_attr_addr_preservation_type ipsec_attr_addr_preservation
transform_attr_sa_direction_type ipsec_attr_sa_direction
transform_attr_enc_type ike_attr_enc_algo
transform_attr_hash_type ike_attr_hash_algo
transform_attr_authmeth_type ike_attr_authmeth
transform_attr_grp_type ike_attr_grp_type
Type Payload Payload
Transform IKE Attribute Type IKE Attribute
Transform Attribute Type IPsec Attribute
Transform IKE2 Attribute Type Transform Attribute
Config Attribute Type Config Attribute
ISAKMP (v1) IKEv1
ISAKMP (v2) IKEv2
--------------------------------------------------------------------
Change-Id: Ib02a0bad100f932a290cae35ea4bd75b191f797b
Reviewed-on: https://code.wireshark.org/review/17914
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For the different classes of generated dissectors, have
CLEAN_xxx_DISSECTOR_SRC with the ones that compile without warnings,
DIRTY_xxx_DISSECTOR_SRC for the ones that get warnings, and
xxx_DISSECTOR_SRC which is the combination of the two.
Add a new NCP2222_DISSECTOR_SRC for the packet-ncp2222.c dissector
generated by tools/ncp2222.py. Add a new source group for it.
Move register.c to DISSECTOR_SUPPORT_SRC. Get rid of
DISSECTOR_GENERATED_FILES; it's kind of a "none of the above" category,
and we now have an "above" for all files.
Include NCP2222_DISSECTOR_SRC in DISSECTOR_FILES.
Add an ALL_DISSECTOR_SRC that includes DISSECTOR_FILES and
CORBA_IDL_DISSECTOR_SRC (why are those kept separate?). Use it for the
list of files we use to generate register.c.
Add NCP2222_DISSECTOR_SRC to CLEAN_FILES.
(Hopefully this makes it less likely that we'll forget to use -Werror
for clean dissector files or forget to use them to generate register.c.)
Change-Id: Ib9a7d10e1b9045516ef1f014046c6ff777c42be2
Reviewed-on: https://code.wireshark.org/review/17944
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Otherwise a lot of ncp fields are missing.
Bug: 12945
Fixes: v2.1.0rc0-2918-g2e23b50 ("Add checkAPI calls to CMake.")
Change-Id: Ic46dc12c9a98b38d78ef988c0ce71f38e3163549
Reviewed-on: https://code.wireshark.org/review/17941
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 12891
Change-Id: I70ed7f8a08122c559128b8df4d65e03be8201e1a
Reviewed-on: https://code.wireshark.org/review/17683
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Palúch <Peter.Paluch@fri.uniza.sk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The BT spec does not specify a bitmask for Subversion Number.
Change-Id: If6f384badc4228ea1e1c30ec8156f382ca5959e0
Reviewed-on: https://code.wireshark.org/review/17936
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The NCP dissector relies on those filters being compiled, and we end up
doing a g_assert() anyway; use g_error() to make sure the error gets
printed.
Change-Id: Ibc20407c1c08f0baaa626f269e9552ae11b36083
Ping-Bug: 12945
Reviewed-on: https://code.wireshark.org/review/17921
Reviewed-by: Guy Harris <guy@alum.mit.edu>
conversion from 'size_t' to 'guint', possible loss of data"
Change-Id: I63ddf1384acdebc176a052489891d55d7a1b21ce
Reviewed-on: https://code.wireshark.org/review/17920
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ia8d4d74a7f0f5795790f930fc1e894a7ee202da7
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17550
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixed short command 0 short address,
command 0 that has less bytes,
command 9 byte count,
command 48 parse first 6 bytes instead of 5 and
the command may has less bytes, pass correct byte count into the
dissect_parse_hart_cmds() function.
Added support HART published and NAK message types and more HART commands.
Bug: 12817
Change-Id: I4a9e7f9b342346ff4ecdcd06a73238c1a08d00fc
Reviewed-on: https://code.wireshark.org/review/17325
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add expert info for failed conversion.
Change-Id: I03d5e2db791f81d43384bb047c268d07709a6099
Reviewed-on: https://code.wireshark.org/review/17863
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The C/D control flag was integrated in the subtype field of 1722 after
draft 6. These changes are now added to the 1722-1 and MAAP protocol.
Change-Id: I19b2e8237fb87d42ec7bcb6f9f53e8cc8605731d
Reviewed-on: https://code.wireshark.org/review/17664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "name_length >= alpn_proto->proto_name_len" condition always failed
to match for short names (like "h2" where the reported length is 2, but
the proto_name_len would be 3).
This fixes recognition of HTTP/2 traffic, without this patch it would be
interpreted as http-over-tls as reported on
https://ask.wireshark.org/questions/55720/how-to-install-http2-dissector-plugin
Change-Id: Idc3eae0b6d593c8f3c435230ef76da90a4b1e7fc
Reviewed-on: https://code.wireshark.org/review/17907
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A dissector bug was reported:
epan/dissectors/packet-ssl-utils.c:1615: failed assertion "data"
and fair enough, the MAC Key is indeed NULL because of our special
handling for NULL ciphers. Just ignore the MAC key then.
Change-Id: I12d2be5e84520badb44a99fc965c48c3afa89346
Fixes: v2.3.0rc0-697-gb1d36fe ("ssl-utils: remove block and key sizes from cipher suites table")
Reviewed-on: https://code.wireshark.org/review/17903
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Added capability to expand Private Enterprise Number to string.
Change-Id: Id3df604a47c3067febb878caf89087aa00ecf038
Reviewed-on: https://code.wireshark.org/review/17770
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
and also move on the top and not too far from ssl_version_short value_string
Change-Id: I9012d0d0839fd29da500a7f37a83ecc982f0fb5b
Reviewed-on: https://code.wireshark.org/review/17887
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
EAP identities can be of different kind. This change adds a sort
of heuristic that dissects the wlan identity in the form of
<imsi>@wlan.mnc<mnc>.mcc<mcc>.3gppnetwork.org. A general purpose
dissection function, acting as a proxy, has been created to make
room for other specific dissections.
Bug: 12921
Change-Id: Ic48aee004fa7df5ee4dbeca091ed31616d155890
Reviewed-on: https://code.wireshark.org/review/17796
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As all this information belongs together I'm moving it into a subtree.
Change-Id: I839a5a6294360976a78b4b43f219e30381b4f516
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17878
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I8d7ebc6dd46e0d6494d412653ec423b8c0fde9c8
Reviewed-on: https://code.wireshark.org/review/17203
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I2a9806026413c5971e5ecad17cd80787130cb9ed
Reviewed-on: https://code.wireshark.org/review/17803
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some sub protocols do not register fields
Follow-up of gf4a521e
Change-Id: Iec3165d6204cc6acc0ec31a7266f860012463cd0
Reviewed-on: https://code.wireshark.org/review/17868
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
to allocate the arry to hold them. This should be more efficient.
Change-Id: I84b1095b6eb110fdcc1b2630949c76b51f3a47b6
Reviewed-on: https://code.wireshark.org/review/17866
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto = -1
Change-Id: I60f899ad748b5d3e17f237552af7d2dbc8f27bd2
Reviewed-on: https://code.wireshark.org/review/17864
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These APIs can insert or remove a single value into a range structure.
Adding a value may extend an existing range or create a new one.
Removing a value may remove a range item.
Change-Id: Ia6995ecf7760aca1fb7fd9b4c53972298a57675f
Reviewed-on: https://code.wireshark.org/review/17836
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug:12928
Change-Id: Id3f9e41a62a90e36f19e1d55226826e7f9ffa3f4
Reviewed-on: https://code.wireshark.org/review/17855
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
commit b5aa0ff1a4
nfs: Add NFSv4.2 ops OFFLOAD_CANCEL and OFFLOAD_STATUS
As coded, the reply of the OFFLOAD_STATUS decodes a stateid.
However, in the spec, the reply is count and an array of
statuses. I propose the following fix to match the spec
for the OFFLOAD_STATUS.
Change-Id: Ibaddba96446b8d9b520ca977f0b1ed66749d3388
Reviewed-on: https://code.wireshark.org/review/17805
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The "Checksum incorrect" note in COL_INFO was inadvertently
broken in gad6fc87d6.
Change-Id: I064c3c79aa3e1ae72d3a8167538e709d0b5fe94a
Reviewed-on: https://code.wireshark.org/review/17842
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
also remove padding function (don't needed)
Bug: 12922
Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
Reviewed-on: https://code.wireshark.org/review/17825
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Otherwise a string shorter than 7 characters will trigger an out of bounds access
Bug: 12825
Change-Id: I54a7909d74838dcb56583374e5753f877ff74fe2
Reviewed-on: https://code.wireshark.org/review/17826
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Change-Id: I758ff81bdfcb9c18810baad12554d7f7f0e7705f
Reviewed-on: https://code.wireshark.org/review/17707
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Always give the netlink data struct to dissect_netlink_attributes() so
we can extract which endianness we should use. This fixes the netlink
dissector on big endian.
Change-Id: Ia485a29035c947908c29a9e30d0aba8d4fc94093
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17636
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no field which indicates which endianness is used for netlink
data, try to guess it by checking if the length in little or big endian
fits better.
Change-Id: I02884763931f3f3589b7ac5bff2781797c1d0f87
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Reviewed-on: https://code.wireshark.org/review/17635
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I35db77ee05c3c873577b4f40c41f283e5666a4e2
Reviewed-on: https://code.wireshark.org/review/17701
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I28325d655ccd5d363aac89e49e5333b3d75f68a2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17810
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ieeb9de0f54a22afc3adcd52d8af2c45e8b82b0ab
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17808
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I951a317da795c94ac6518be73cb2c836e7afb836
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/17807
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not found in any specification, but it appears to be implemented by
kubernetes (using "SPDY/3.1" value).
Ping-Bug: 12874
Change-Id: I9fc7ad2f657a739b415f6801fe0f43f6ef75ca70
Reviewed-on: https://code.wireshark.org/review/17786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add an FT_CHAR type, which is like FT_UINT8 except that the value is
displayed as a C-style character constant.
Allow use of C-style character constants in filter expressions; they can
be used in comparisons with all integral types, and in "contains"
operators.
Use that type for some fields that appear (based on the way they're
displayed, or on the use of C-style character constants in their
value_string tables) to be 1-byte characters rather than 8-bit numbers.
Change-Id: I39a9f0dda0bd7f4fa02a9ca8373216206f4d7135
Reviewed-on: https://code.wireshark.org/review/17787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
as defined in RFC6925
Bug: 12907
Change-Id: I546d243f4b188025d8c96a1eaa0798b70a847a25
Reviewed-on: https://code.wireshark.org/review/17775
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add decoding of the upcall->flags value. This mask currently used do
give hints about the cache-invalidation structures.
Change-Id: I4a3ab03bec6e2a2c9f8c7bbf17babb2bc93c9d7b
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17776
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Equalize attribute dissecting functions:
* Convert all attribute type names to range_string.
Add "Unassigned" and "Private use" ranges while we are at it.
* Swap the order of format and type fields for config attributes.
Move common code into the new function dissect_attribute_header().
Try to keep the parameter list short:
* Group the hfindex values for attribute details into a struct.
* Merge attribute subtree types.
Add a colon in the main attribute item label for visual separation.
Skip dissection of config attributes for unknown IKE versions.
Change-Id: I6e6286f3d4cf16f3cd16a23aca540c4af72f3442
Reviewed-on: https://code.wireshark.org/review/17663
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In one of the two cases where we treat the first byte of an identity as
a prefix, we know it's EAP-AKA. (In the other, we do *not* know that!)
Change-Id: I16625f7193eb3ab0840739ec37dbd64e2a5a0fb5
Reviewed-on: https://code.wireshark.org/review/17767
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There's no guarantee that the identity is a string whose first character
is a prefix indicating the type of identity; only display it as a prefix
if it's one of the known types. We really may need some other mechanism
to determine how to parse the identity, perhaps based on what the
protocol layers below it are.
Put back the display of the full string in one case where that was
inadvertently removed.
Change-Id: I2e3324f964fa25ebd7065ddb0de82ffae6597509
Reviewed-on: https://code.wireshark.org/review/17764
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This used to be string item, its value was not 0-terminated. This
resulted in out-of-bounds mem acceess when eap_identity_prefix was used
by proto_tree_add_string_format().
==14744== Conditional jump or move depends on uninitialised value(s)
==14744== at 0x4C294F8: strlen (mc_replace_strmem.c:390)
==14744== by 0xC19C97F: g_strdup (gstrfuncs.c:355)
==14744== by 0x739CA75: string_fvalue_set_string (ftype-string.c:51)
==14744== by 0x67136A9: proto_tree_add_string (proto.c:3515)
==14744== by 0x6713870: proto_tree_add_string_format (proto.c:3547)
==14744== by 0x69BB494: dissect_eap (packet-eap.c:838)
==14744== by 0x66FD0B4: call_dissector_work (packet.c:649)
As the content is a number anyway, the simplest solution is to make
eap_identity_prefix a numeric item and use
proto_tree_add_uint_format_value().
Bug: 12913
Change-Id: I907b1d3555a96e9662b1d8253d17d35adfdada48
Reviewed-on: https://code.wireshark.org/review/17760
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Those are the only ones meaningful. Let's convert the buggy dissectors
and add an assert to avoid the misuse of the pool parameter in the future
Change-Id: I65f470b757f163f11a25cd352ffe168d1f8a86d3
Reviewed-on: https://code.wireshark.org/review/17748
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
with TLS 1.3, there is a new 'Hello' type (Hello Retry Request)
Change-Id: If7a11b70a5b0a69044126c50e1d6ab4e1d443f77
Reviewed-on: https://code.wireshark.org/review/17573
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is no session_id and compression method with TLS 1.3 Server Hello
Also no time on first bytes of random field
Bug: 12779
Change-Id: Id79221c2ad50695cf6d46cd5c9255deab99e2d2c
Reviewed-on: https://code.wireshark.org/review/17225
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There are a number of dissectors who are subdissectors of TPKT (and OSITP) that are
not called by TCP dissector directly, yet can possibly register a TCP port "on the
behalf" of TPKT. Just allow TPKT to support a range of ports to possibly include
these protocols.
Remove the preferences from these dissectors, but add backwards compatibility for
the preferences by hooking into set_prefs and have the preferences just hook into
Decode As functionality directly.
Change-Id: Ic1b4959d39607f2b6b20fa6508da8d87d04cf098
Reviewed-on: https://code.wireshark.org/review/17476
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The unsigned variable num_blocks was initialized to -1. Which caused the
dissector to set the total length to 4294967295 fragments when the second
fragment was processed. This made the dissector unable to reassemble data
made of more than two fragments.
Change-Id: I120af090ed29ac73a1fa699bea2bfc91798ef92b
Reviewed-on: https://code.wireshark.org/review/17712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gcry_cipher_get_algo_keylen() returns a size_t, which is bigger than a
guint on most if not all 64-bit platforms; however, if the key is bigger
than 2^32 bytes, we have bigger problems, so just cast it down.
Change-Id: Ia7c97d2742686daf2e42f634c6e349cb580fa9df
Reviewed-on: https://code.wireshark.org/review/17731
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ensure that Libgcrypt and zlib memory are freed when closing a pcap.
Change-Id: I420f9950911d95d59ff046fee57900ca6f7e9621
Reviewed-on: https://code.wireshark.org/review/17718
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There was an implicit dependency between the block size in the cipher
suites table and the size expected by Libgcrypt. Just remove the block
size from the table and rely on the value from Libgcrypt to avoid the
risk of mismatching values (which could lead to a buffer overflow).
While at it, remove the size of the key ("bits") and the size of key
material ("eff_bits") too. Move the key material sizes for export
ciphers away from the table and use byte quantities instead of bits.
Additionally, this fixes an issue where 8 bytes of uninitialized stack
memory is written to the SSL debug log for stream ciphers like RC4.
The size of the Write Key is also corrected for export ciphers, now it
prints the actual (restricted) number of bytes that are used.
Change-Id: I71d3c83ece0f02b2e11e45455dc08c41740836be
Reviewed-on: https://code.wireshark.org/review/17714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
ssl_cipher_init should only set the IV for CBC cipher suites. NULL
cipher suites will not invoke gcry_cipher_setiv and AEAD ciphers will
set the nonce in a different place anyway.
Fixes a buffer overrun (read) by 12 bytes for any AES-CCM and AES-GCM
cipher suite because the "block size" is set to 4 bytes while the
reported block size for AES is 16 bytes (128 bit). (The four bytes are
the "salt" part of the nonce that is extracted from the "client/server
write IV" part of the key block.)
Observed with the DTLS packet capture from
https://ask.wireshark.org/questions/55487/decrypt-application-data-pending-dtls-abbreviated-handshake-using-psk
Change-Id: I4cc7216f2d77cbd1eac9a40dca3fdfde7e7b3680
Reviewed-on: https://code.wireshark.org/review/17713
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
To do so, memorize whether a given eNB UE S1AP ID belongs to a NB-IoT
TAI or not.
Also add a preference allowing to force dissection as legacy LTE or
NB-IoT if automatic mode fails.
While we are at it, let's remove the global variables and introduce
a S1AP private data info stored in pinfo.
Change-Id: I7e30b3d59d909684e5cfe13510293ed38ad52574
Reviewed-on: https://code.wireshark.org/review/17709
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Use new heuristics based on the EAP Code field to determine whether a
field originates from the client or server. This is more reliable than
using "pinfo->match_uint" for two reasons: (1) the heuristics dissector
does not set "match_uint" (resulting in an arbitrary match on the
previous value) and (2) with EAP over EAPOL, there is no matching port
number (resulting in two conversations with different addresses and port
number zero).
To fix TLS decryption, make sure to create a single conversation for
both direction and allow the port type to be PT_NONE (to avoid reporting
all packets as originating from the server).
Bug: 12879
Change-Id: I7b4267a27ffcf68bf9d3f6a90d6e6e2093733f51
Reviewed-on: https://code.wireshark.org/review/17703
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change prevents to accept netmasks as /24x. The
mask must be an clean integer.
Change-Id: I46aeb089dd6538b5cc4bde7efd4dc317621a5245
Reviewed-on: https://code.wireshark.org/review/17612
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This change based on BlueZ code on the same license that Wireshark is.
It seems that a lot of commands/events are incomplete or unknown,
however better to have them.
Also rename variables (etc.) of the first dissector to contain
vendor name like new one, to distinguish them.
Change-Id: I2db3ed73d477699032a44bac2d3c88a9230b0095
Reviewed-on: https://code.wireshark.org/review/17657
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The structured id handling is not in use by anyone.
Change-Id: I643fb03f642a5c1900aaec7d41e2b66dba5a2b05
Reviewed-on: https://code.wireshark.org/review/17655
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
length of the PDU is not known(length is exluding escape bytes).
Change-Id: I762419f12ca80f6597163e232c4b853819927b65
Reviewed-on: https://code.wireshark.org/review/17302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While we are at it, let's reorder them in the .cnf file to match their
definition in S1AP-PDU-Contents.asn and ease review
Change-Id: I4c433fa862d83053d8b01cc951e756379356fa57
Reviewed-on: https://code.wireshark.org/review/17649
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tried to poke various fields (including the capture filter field), this
revealed some memleaks.
Change-Id: I1eca431a09839906a4b3c902ad85e55bffc71ca8
Reviewed-on: https://code.wireshark.org/review/17648
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fixes a memleak that occurs on (re)loading a pcap. While at it, remove
some unnecessary variables.
Change-Id: Ibb662e5c608881bc7dfde9d12cdb77f699ff6542
Reviewed-on: https://code.wireshark.org/review/17639
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added version 3.1.1 CONNACK session present flag and SUBACK failure
indication. Adjusted SUBSCRIBE and SUBACK QoS values.
Added string length values. Removed the message type subtree as it
had no purpose. Put the message type in the top tree mqtt node instead.
Removed unused code and fixed code layout.
Change-Id: I8a9ae26ac9a2af04dc6f8d08ac46aa305c225c4f
Reviewed-on: https://code.wireshark.org/review/17590
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There is a v4 (and v5) with some change (patches coming !)
Change-Id: I3107727e2b86f7f6c0019ba6f2638bb40b41c0fb
Reviewed-on: https://code.wireshark.org/review/17626
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Append the length to the extension and display the contents of
unknown extensions as bytes.
Change-Id: Iba1204a1d5e187f28cb41c4369b10eeb86e6b43a
Reviewed-on: https://code.wireshark.org/review/17265
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The bytes that are not part of the address are not dissected.
Added them to the tree as "unused", to have a complete dissection
of the packet.
Found by incomplete dissector check.
Change-Id: Iafffebe8bc0f8254ac0b451d007e0a99aab91924
Reviewed-on: https://code.wireshark.org/review/17608
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12687
Change-Id: Ib489b4c6aff1e0611e9b8a086054e56284f24b84
Reviewed-on: https://code.wireshark.org/review/16787
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It was just a wrapper over regular HTTP dissector, which can already
pick its own ports to use.
Also some other minor cleanup related to removal.
Change-Id: I20dd37670c676551a06aaeb69fd657684af9685d
Reviewed-on: https://code.wireshark.org/review/17567
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-Manufacturer error field has 5 bytes (not 4)
-corrected two descriptions
Change-Id: Ic6f3e8fdf08c52f1d4f987410e1e0597a9f6aaed
Reviewed-on: https://code.wireshark.org/review/17575
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The protocol version from a SSL/TLS record contains the minimum
supported SSL/TLS version and is the best guess for Client Hello
handshake messages if no authorative version is available.
By considering the version from the conversation for the initial
col_set_str call, we can also remove some other calls down the road.
Change-Id: I4be25f5c9057ffd0abcea7280d826867c135fed7
Reviewed-on: https://code.wireshark.org/review/17490
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Show the filehandle and lockowner for the callback.
Change-Id: Id09b260d4b31f8fa35ba8452dc143095e5cc88ec
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-on: https://code.wireshark.org/review/17574
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some messages related to LVB data are mistakenly treated as malformed.
This patch fixes it by checking LVB flags before parsing LVB data.
I found that "Convert lock" and "Unlock" use PUT_LVB flags, but "Proxy AST" uses GET_LVB flags.
Ping-Bug: 12122
Change-Id: I2c62c8cc9f9bd84abaf92de9f216550101962520
Reviewed-on: https://code.wireshark.org/review/17532
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- xxx-time values are not UNIX timestamps (that is a CUPS-ism - they are
time since bootup in IPP itself)
- Change all of the display strings to use the official IANA values
(confusing otherwise)
- Add support for newer value/group tags.
- Add support for all enum attribute values.
- Add request/response tracking so you can easily match things up.
- Decode octetString, rangeOfInteger, textWithLanguage, nameWithLanguage,
dateTime, and resolution values.
- Don't treat integers and enums as interchangeable (they aren't).
- Integers and enums are signed integers.
- Put operation id or status code in info column.
Change-Id: I9fb5cd89d3c386a2b3932ef4c75967ce2547bc22
Reviewed-on: https://code.wireshark.org/review/17192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Smith Kennedy <smith.kennedy@hp.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For debugging...
Change-Id: I23eb70c89ac95371e1d7b05a52ffeed4f993a52a
Reviewed-on: https://code.wireshark.org/review/17135
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch fixes incorrect endian conversion in pdu length.
Actually pdu length is big endian.
Ping-Bug: 12122
Change-Id: I9f8827293e684a5b4c957138f5879efdd140c500
Reviewed-on: https://code.wireshark.org/review/17533
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Keepalive req/resp messages are shown as "Unknown type (0x00)" in info column.
This patch fixes them to "Keepalive Request" and "Keepalive Response".
Ping-Bug: 12122
Change-Id: If09192067736b78c7785ba1ff05ae62a05d3dc23
Reviewed-on: https://code.wireshark.org/review/17497
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It contains the same password field that appears in the Registration
message. Make this field generic and reuse it here.
Change-Id: I7be9a99b5da1713937ffca5624be66150ff453d1
Reviewed-on: https://code.wireshark.org/review/17489
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
add the value for euro
Change-Id: Id8624e356ad4fcddcf77483a721428782c6bb0b2
Reviewed-on: https://code.wireshark.org/review/17487
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Implement the same changes in the ELEM_TLV() and ELEM_TV() macros as in
packet-gsm_a_common.h, to remove superfluous code and squelch about 50
Coverity issues.
Change-Id: I262dc60fdfa3482876d8525b34f6b1dbbe371257
Reviewed-on: https://code.wireshark.org/review/17478
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a function that dissects FILE_GET_QUOTA_INFORMATION
structure ([MS-FSCC] 2.4.33.1)
This structure is used to define a set of SIDs whose quota
is to be fetched.
Change-Id: I81f6bca98fb239935ca593bd8725cebbb2037fbe
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17445
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.
Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.
Update the User's Guide accordingly.
Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.
Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dissector abort on short tags.
Fix value typo in hash mode enum.
Differentiate unexpectedly short value, zero length (deliberate invalid)
and off-end-of-record tags through expertinfo.
Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly
long tags for now.
Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not
currently implemented outside Wireshark anyway.
Ping-Bug: 12303
Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816
Reviewed-on: https://code.wireshark.org/review/17382
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)
Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.
Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To be usable by SMB2 dissector
Change-Id: I7f5b9a021951c2529f8058cd2fc160eff2e865c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17441
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In SMB user quota records, parse unknown 8-byte field
as quota record's last change time
(source - [MS-FSCC] 2.4.33)
Change-Id: I1f2839934fc0ab8e3d38105e02ef91a547256a70
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As requested by bug 10969 add a link to OSM for locationEstimate.
Bug: 10969
Change-Id: I715b3b5eae9728999d5c8f8c155bbcef3911ee93
Reviewed-on: https://code.wireshark.org/review/17375
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Memleaks could occur in these scenarios:
- Two consecutive fields fail in their chk callback, overwriting the
first heap-allocated error message.
- After parsing one record, the internal record was never freed.
- Syntax errors abort the parsing process and leaks the record and
current field value.
These leaks will only happen at startup, when the UAT files are read or
when UAT strings are loaded (e.g. from the ssl.keys_list preference).
Change-Id: I4cf7cbc8131f71493ba70916a8f60168e5d65148
Reviewed-on: https://code.wireshark.org/review/17432
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
No functional change, fixes typos, adds some meaningful function
parameters and tries to clarify the memory management concerns.
Also fix a -Wdocumentation issue in epan/proto.h
Change-Id: I59d1fcd2ce96178e0a64a0709409a9a7a447c7c6
Reviewed-on: https://code.wireshark.org/review/17431
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Introduced with v2.3.0rc0-112-gdcb7b71, nxt is only a guint8* which
fails on 32-bit glib before 2.31.2.
Change-Id: Ide1816a971fa213f5669a7fa71bc111d5b1cc921
Reviewed-on: https://code.wireshark.org/review/17418
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
In commit v2.3.0rc0-121-gb6d13ef, GUINT_TO_POINTER(ah_nxt) was added,
but on 32-bit glib before 2.31.2 this results in a type error. Change
the type of ah_nxt since all its users take a guint anyway.
Change-Id: I2fb030f79011b8a7159a0b0df26d3545b0ce3c06
Reviewed-on: https://code.wireshark.org/review/17419
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Also manually add PLMN 460 02 (Chian Mobile) as it is not listed by ITU yet
Bug: 12622
Bug: 12798
Change-Id: I7c6fab9dcb9da90178186e94f624301ef1861421
Reviewed-on: https://code.wireshark.org/review/17428
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This should fix crashes on Windows, _strdup should not be mixed with
g_free. This was only uncovered in v2.3.0rc0-474-ga04b6fc, before that
ddict_free was never called.
Change-Id: I34111385c82715de70fb42fe44b99b89e132a374
Reviewed-on: https://code.wireshark.org/review/17423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The RFtap protocol is a simple metadata header designed to provide
Radio Frequency (RF) metadata about frames.
For official specifications see: https://rftap.github.io/
Signed-off-by: Jonathan Brucker <jonathan.brucke@gmail.com>
Change-Id: I0d008b2baadcc5cc9577113e9795eef2691b961a
Reviewed-on: https://code.wireshark.org/review/17355
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 5fea2b5f41.
I.e., it puts back the change; the reverted version passed the tests on which the versions with this change crashed.
Change-Id: Idcc0eb11588cf14e2fe666de1905ee63917b0fcf
Reviewed-on: https://code.wireshark.org/review/17413
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit a04b6fcb3d.
Temporary revert to see if this prevents the "tshark -G" crashes being seen on the 64-bit Windows buildbot.
Change-Id: I561439039ca2667b72d7e2319a6f3f5f97e18d15
Reviewed-on: https://code.wireshark.org/review/17412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove the debugging printouts.
The changes that were committed between the last build that didn't crash
and the first build that did were:
commit 961f743d69
Author: Peter Wu <peter@lekensteyn.nl>
Date: Mon Aug 29 01:34:22 2016 +0200
xml: fix some memleaks
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit a04b6fcb3d
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 22:19:29 2016 +0200
diameter: fix 400kb leaked memory on exit
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit 14312835c6
Author: Peter Wu <peter@lekensteyn.nl>
Date: Sun Aug 28 19:20:59 2016 +0200
pcapng: do not leak blocks
pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.
pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).
Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
*If* one of those is the cause, my guess is that it's the Diameter one,
as the crash happens before any file is read (so it's probably not the
pcapng one) and thus before any dissection is done (so it's probably not
the XML dissector one).
Change-Id: I816c1bbd6078eab251efd02ebb7c3195f6dd1483
Reviewed-on: https://code.wireshark.org/review/17411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Ifb68af443c6f13dfab99e32488d86c148621a316
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17399
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I72812fa0650da0cde37ea6cbef81a3c7a9ba333d
Reviewed-on: https://code.wireshark.org/review/17373
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The OMG standard has changed in this new version. I have fixed
the implementation.
Change-Id: Ie9054ed52c66580c76096af86e0fb8e34a44e9d1
Reviewed-on: https://code.wireshark.org/review/17348
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ica9fc960946542badb64af12769e7dfa3793db82
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17397
Reviewed-by: Michael Mann <mmann78@netscape.net>
Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.
When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.
For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.
This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.
Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We register dissectors for "Decode As" for {SSL,TLS}-over-TCP, so we
should actually set up the "Decode As" stuff for it.
Change-Id: I2a738667efdec1007069df74885a4fe8fc3fcbab
Reviewed-on: https://code.wireshark.org/review/17400
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dissection and display the problem more prominetly.
Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the heuristics fail to detect a resumed session, then it must mark
the session as a normal session. This will also prevent from
applying secrets that do not apply to this renegotiated session.
Bug: 12793
Change-Id: I90f794a7bbaf7f1839e39656ac318183ecf48887
Reviewed-on: https://code.wireshark.org/review/17376
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
No more memleaks reported for the attachment in bug 12790 :-)
Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Before:
SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).
After addressing to-do by calling ddict_free:
SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).
After fixing all remaining leaks cases in the flex file for diameter:
SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).
Not bad huh :-)
Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
strdup and strcmp is a recipe for leaking.
Change-Id: I522c71964e39f671a4101df9b2b432433fc1c12e
Reviewed-on: https://code.wireshark.org/review/17363
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use same wmem_epan_scope() as "w" (tvbparse_wanted_t).
Change-Id: I73fdb1fb3b55a91b7bb0fc36e435024c6f0b3d73
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17361
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix the "Number of SPIs" field name in the Delete payload.
References: RFC 2408, RFC 7296
Change-Id: I205fb830275fc011e6605fdae53c6b9141e1628b
Reviewed-on: https://code.wireshark.org/review/17353
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A XMPP stanza may be fragmented inside a conversation, so don't
check for this only when starting a new conversation.
Change-Id: I63b987184f52645e6c72c3c4155b39b7948de828
Reviewed-on: https://code.wireshark.org/review/17344
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Search address type by name iterates over an array, but fails to find its end.
Therefore it may dereference invalid pointers, or NULL.
Add the proper check in the for loop and make sure an end condition is always
there in the array searched.
Change-Id: I60ade9d438dc394340b6483b4fcb23e5ce432000
Reviewed-on: https://code.wireshark.org/review/17337
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some type changes were not carried forwared into the conversation
debugging code. These changes allow compilation again.
Change-Id: I90dde7cc94496828cf8931d74225773c2cea42a1
Reviewed-on: https://code.wireshark.org/review/17336
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added the dissection of three parameters.
Change-Id: I07e7b655ad7fd3462625c2fb565e41593c62f897
Reviewed-on: https://code.wireshark.org/review/17346
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>