AMQP calls a subdissector table before tcp_dissect_pdus() is used to
desegment PDUs (see commit 27c10ed72e),
so pinfo->can_desegment needs to be restored before it is decremented
a second time. Fixes#14217.
Windows can allow Unicode in filenames now, and export_object.c
has its own eo_massage_str function that the GUI and CLI already
call to create safe filenames when they are saved. There's no need
for an individual dissector like SMB to have its own (worse)
implementation of the same functionality, and to call it before
filenames are displayed. Fix#17530
- Make sure reassembly requests & errors are properly propagated from
any point in the PDU, no matter how many sub-structure levels.
- Handle the sub-dissection methods as well:
- Ensure the sub-dissection methods handle errors from previous calls.
- Reduce the error handling needed in sub-dissector implementations.
- Add missing sub-dissection methods for list, set, and map.
- Add the handling of sub-structure.
- Handle Compact protocol in addition to the existing binary protocol.
- Include and improve MR !3171
- Handle reassembly the same way as for binary protocol.
- Handle sub-dissection with the same functions.
=> Sub-dissectors only depend on .thrift files.
Additional changes:
- Use of constants instead of hard-coded values.
- Removed U64 support (never supported by thrift code generator, only
referenced in the C++ thrift library header but not supported in reality.
- Removed references to UTF-8 and UTF-16 string for the same reason.
- Replaced references to UTF-7 string with just string (same reason).
- Replaced references to byte with i8 as the documentation explicitly
states that byte is a compatibility name.
Documentation reference:
- https://thrift.apache.org/developers
- https://thrift.apache.org/docs/idl.html
- https://github.com/apache/thrift/blob/master/doc/specs/thrift-compact-protocol.md
- https://erikvanoosten.github.io/thrift-missing-specification/
- https://diwakergupta.github.io/thrift-missing-guide/Closes#16244
Additional changes:
- Add authors and improve consistency
- Fix typo and clarify documentation
Create pseudo URB and pass the reassembled data to USB URB dissector.
Reassembly for control transfers is not problematic as the transfer
length is known. For bulk transfers assume the transfer can span across
multiple transactions, however for periodic (interrupt and isochronous)
assume the transfer never spans across multiple transactions.
Rely on USB dissector to provide endpoint maximum packet size. Actual
interface/configuration handling in USB dissector needs to be reworked
as the code assumes that there is only one configuration and alternate
interface configurations have matching endpoints.
While the reassembly bulk transfers and never reassemble periodic
transfers result in pretty good dissection, the USB class dissectors
need a mechanism to provide transfer size hints to USBLL dissector.
Such hint is not needed for software USB capture as software sniffers
essentially capture URBs and every transfer is associated with one URB.
The problem can be seen for example in Mass Storage Class where it is
common for data transfers length to be multiple of endpoint maximum
packet size. Because USBLL dissector doesn't know expected transfer
size, it combines together data and status transport.
Related to #15908
Add support for decoding instruction byte 78 (GET IDENTITY) from
TS 102 221 v15.11.0 and instruction byte CA (GET DATA) which is used to
retrieve the EID for eSIMs according to GSMA SGP.02 v4.2 available from
https://www.gsma.com/esim/esim-m2m-specifications/.
Closes#17548.
All fields with GSN address were decodes as common hf_gsn_addr. But if
ETSI order is used, it's possible to specify alternative decoder
depending on message type and field position.
Alternative decoder for GSN address was added for mandatary fields and
optional/conditional field in the case there is single GSN address in
message.
Added new function as common dissector for all addr types.
This patch speeds up the dissection of signal pdus, if not filtering.
With an example trace file full of signal PDUs, I gained about a 4x
speed up in opening the trace.
Define dissect_http3_settings only if HAVE_LIBGCRYPT_AEAD is defined.
This should hopefully fix
```
epan/dissectors/packet-http3.c: In function 'dissect_http3_settings':
epan/dissectors/packet-http3.c:212:9: error: implicit declaration of function 'http3_is_reserved_code' [-Werror=implicit-function-declaration]
if (http3_is_reserved_code(settingsid)) {
^
epan/dissectors/packet-http3.c: At top level:
epan/dissectors/packet-http3.c:200:1: warning: 'dissect_http3_settings' defined but not used [-Wunused-function]
dissect_http3_settings(tvbuff_t* tvb, packet_info* pinfo _U_, proto_tree* http3_tree, guint offset)
^
cc1: some warnings being treated as errors
```
on the CentOS 7 builds.
If a "NT Password" value is provided by the user, the NTLMSSP decryption
should take place, whether or not Kerberos decryption option is enabled
(disabled by default).
NT Accounts may have empty passwords; this allows the dissector to try
decrypting the NTLMSSP session using an empty password (when "NT
Password" preference is left blank).
Rewrite storage and retrieval of `endpoint_guid`s to use private proto
data instead of `pinfo->private_table` which was meant solely for Lua
use.
Closes#17156
Small payload packets that fit into a single TSP without
fragmentation are dissected without ever being placed in
the reassembly table, so fragment_get_reassembled_id returns
NULL even on the second pass and later. Handle them (and
distinguish that case from packets not reassembled because they
were at the end of a capture.)
Add a few comments to clarify what's going on.
Use the non-stub versions even if we don't have libgcrypt 1.6.0 or
newer; yes, it's code that won't ever be used, but if you want to
eliminate waste, remove all the fields that aren't used if we don't have
libgcrypt 1.6.0 or later.
This avoids the need to create stub routines, making the code a bit less
confusing (and avoiding the risk of using those fields with
non-functional formatting routines).
It also eliminates "function argument unused" warnings when building
with an older version of libgcrypt, and does so more cleanly than adding
a bunch of _U_s to the stub functions.
Introduced new submessage DATA_FRAG_ASESSION (id 0x81). It is the same
as a DATA_FGRAG_submessage but with an extra sequence number field
called "virtualSeqNum".
This is a new check added to check_typed_item_calls.py --label
Ignoring cases where item type is FT_NONE, as fpr tjpse
text was appended that otherwise would lack a colon.