Add a common large length reporting function. Add a length check to
dissect_ber_set.
Bug: 14444.
Change-Id: I6093b5342439cd0ee08f060b8d74b3ae54b3b8f8
Reviewed-on: https://code.wireshark.org/review/25931
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Preamble duration calculation duplicated the number of HT-LTF symbols
resulting in an incorrect preamble calculation. This fix removes the
duplicated code in file: epan/dissectors/packet-ieee80211-radio.c.
Bug: 14439
Change-Id: I550066a41c24948e16da6a43cf403cf206b7f32d
Reviewed-on: https://code.wireshark.org/review/25903
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
We *do* support units for FT_FLOAT and FT_DOUBLE, so use them.
Change-Id: I94dbce89c785109b2c6ef89243f5611963e63dc8
Reviewed-on: https://code.wireshark.org/review/25917
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The current concatenation PDU support has had serious, repeated problems
over the years:
fb1ef7b8daf6d48e45c83e1828e35126a6881014625bab309d
Remove it and add a comment recommending iteration.
Bug: 14446
Change-Id: I947ff8e40e18c4628c9df9233b72dd7776e8233d
Reviewed-on: https://code.wireshark.org/review/25905
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There's no guarantee that it'll be integral, and the spec doesn't seem
to imply that it's necessarily integral, so don't convert it to an
integer.
Given that it's a floating-point number, we might as well represent it
as an FT_DOUBLE. (XXX - we should support units for FT_FLOAT and
FT_DOUBLE.)
Change-Id: Ica43510ac147231f5530359cc78bb467f8d3be24
Reviewed-on: https://code.wireshark.org/review/25915
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it much clearer what's being done here; it matches what the
802.11ac spec actually says (we have an array of bits and an array of
2-bit items).
Clean up indentation while we're at it.
Change-Id: I8a4640662c54d6a2621990df778fd2d2c2695b78
Reviewed-on: https://code.wireshark.org/review/25914
Reviewed-by: Guy Harris <guy@alum.mit.edu>
You don't need floating-point, you can just calculate 1<<2N.
Change-Id: Iec9ebf02bba3e8bcce344be7f0366f7f258da403
Reviewed-on: https://code.wireshark.org/review/25912
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I38381800c8cb227146e9a18285d2b73aec7a97d5
Reviewed-on: https://code.wireshark.org/review/25898
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make sure a length value isn't too large.
Bug: 14445
Change-Id: Ie630d59aea744554da22a2b904aca06624c73f7a
Reviewed-on: https://code.wireshark.org/review/25908
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some servers send Server-Greeting split into multiple packets.
Change-Id: I56155eef1a20ded5c06c4a43cbc8d52961d029d0
Reviewed-on: https://code.wireshark.org/review/25896
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Requests packets have a minimum length of 14 bytes and only
responses have additional 27 bytes of fields. Without this
patch short packets generate an exception and get reported
as malformed.
Change-Id: If75fa5556059b13f40fc49273edcbd32508fa0fc
Reviewed-on: https://code.wireshark.org/review/25897
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are no "old" versions of them that we're keeping around.
Change-Id: I3c76a14d0ec1a06df39c547da37f4dea9987df4d
Reviewed-on: https://code.wireshark.org/review/25892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bug: 14419
Change-Id: I1adf186a56e87a043077d330d59f18b8e5823cd7
Reviewed-on: https://code.wireshark.org/review/25871
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
uint32 value could wrap around, resulting in infinite loop.
Bug: 14411
Change-Id: I26c73f74adc65c7a5acf22970a54c93a7f7a2344
Reviewed-on: https://code.wireshark.org/review/25873
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 14421
Change-Id: Ifb492b776182507c10664d067f99312af250e6ff
Reviewed-on: https://code.wireshark.org/review/25872
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
While we are at it, fix identification of not last element in a few
places
Bug: 14423
Change-Id: I568530949d09ddfd8c5c58d24050dfed32ce10f5
Reviewed-on: https://code.wireshark.org/review/25851
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add prototypes for the registration routines.
Make routines not used outside this file static.
Change-Id: Icaa7e5877888a0e0299cfd94d7921df8a138d0e1
Reviewed-on: https://code.wireshark.org/review/25854
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This squelches a bunch of "constness casted away" warnings.
Change-Id: I95949ccbecceea651e7e4acb99f8e69ee0bfc475
Reviewed-on: https://code.wireshark.org/review/25843
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This means we don't lose alignment information that causes spurious
compiler warnings.
Change-Id: I721f180c137bcffbcf7edf88cf8caf52c33fa545
Reviewed-on: https://code.wireshark.org/review/25842
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The search doesn't use the fields we change (if it did, we probably
shouldn't change them, as the old binding might not be found), so don't
change them.
Instead, when we allocate a *new* binding structure, put the new values
into *that* structure.
Squelches a "casting away constness" warning.
Change-Id: I6dbd1a4cbc2415373f4926f443f9756c8113c0be
Reviewed-on: https://code.wireshark.org/review/25841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This lets us get rid of some casts that provoke "drops const qualifier"
warnings.
Change-Id: Ia7e0863bd97bc20dbbb810e13778ec78d0cf3c91
Reviewed-on: https://code.wireshark.org/review/25837
Reviewed-by: Guy Harris <guy@alum.mit.edu>
During an EDFE exchange the source addresses are omitted after the first frame.
Restore the information to enable decryption and 6LoWPAN reassembly.
Change-Id: I9660c81e0536cea56caf104a16e41eaf6c123e09
Reviewed-on: https://code.wireshark.org/review/25819
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Use format_text() on strings from packet used in COL_INFO to
show non-printable characters as C-style escapes.
Bug: 14424
Change-Id: Ibeb18958e0c5877681a18873377ad96d7237490c
Reviewed-on: https://code.wireshark.org/review/25808
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use AM_CFLAGS for everything except for libdirtydissectors in
epan/dissectors. Rename GENERATED_CFLAGS/GENERATED_CXXFLAGS to
DIRTY_CFLAGS/DIRTY_CXXFLAGS, as it doesn't apply to all generated files.
Change-Id: I702b53e185d6972c08d68ef31c05df7b03669daa
Reviewed-on: https://code.wireshark.org/review/25829
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
in accordance with 3GPP 29.244 v15.0.0
Change-Id: I27d65d591976edfef13a713cf3a0768915e29256
Reviewed-on: https://code.wireshark.org/review/25803
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found by LeakSanitizer with "tshark -i dbus-session -c1".
Change-Id: Icef967755088ef25a9b1f2cd7def97078b274966
Fixes: v2.5.0rc0-1865-g52365a55e4 ("LTE L2 protocols: add FT_FRAMENUM_TYPE for most FT_FRAMENUM fields.")
Reviewed-on: https://code.wireshark.org/review/25818
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
HKDF-Extract is not used in TLS, but in QUIC. For reuse in OSCORE, move
it to wsutil. Adjust comments slightly to emphasize precondition.
Change-Id: I5105e7416037697b383ad58f62be285c2b7ab8b7
Reviewed-on: https://code.wireshark.org/review/25802
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Mališa Vučinić <malishav@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This adds a dissector for the Steam In-Home Streaming
Discovery Protocol by Valve Software.
Useful documentation can be found at:
https://codingrange.com/blog/steam-in-home-streaming-discovery-protocol
Change-Id: I26a79e201cfb0aad0ca702ac962e1e7b1b541517
Reviewed-on: https://code.wireshark.org/review/23615
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also extend the carrier id enum to r10 levels.
Change-Id: I1eac50c54801010f0ad7408debb80ad811e03fbe
Reviewed-on: https://code.wireshark.org/review/25793
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only reformated code (VS2017 with Ctrl K + Ctrl D)
No code logic change
Change-Id: If574c50cf0efb75984beb45df958be991ea63819
Reviewed-on: https://code.wireshark.org/review/25771
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All changes to the set of Wireshark source files must be done in both
Makefile.am and CMakeLists.txt files.
Change-Id: Iad0db912dcfd149d0f5acbb38489e0a34c6dac89
Reviewed-on: https://code.wireshark.org/review/25778
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the URL for the Cisco CMTS.
Remove the stuff about the Arris devices; the link doesn't work, their
site doesn't seem to mention "Cadant", and the C4 page I did find
doesn't say anything about how to do captures (that's probably hidden
behind a customerwall).
Emphasize that, if you can, and do, select "DOCSIS" as the link-layer
type when capturing on an Ethernet, the file (for pcap) or interface
(for pcapng) will be handled as DOCSIS, even if you don't set the "force
all frames to be dissected as DOCSIS" preference.
Change-Id: Iec44d4b9c6af231e9b7f36962515b566b3433fb4
Reviewed-on: https://code.wireshark.org/review/25777
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The reserved bit positions should match the bit positions of the fields
that are reserved. Also, the hf_he_srg_information_present bit was nibble
reversed.
Errors found by George Baltatanu.
Change-Id: I218ff9aa7bdabc4ec6e470c3ef1be230ce341b34
Reviewed-on: https://code.wireshark.org/review/25760
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stuff that calls it is built in, and stuff it calls is built in, so
there's not much point in having it be a plugin; we already have
examples of plugin dissectors.
Change-Id: I512e0fda62faedb5f03f476fbece2e267e1d644f
Reviewed-on: https://code.wireshark.org/review/25775
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
build_label_func is a pointer type, pointing to a function that can be
used to generate a label for a "Decode As" entry. There's no need to
have pointers to those pointers; have register_decode_as_next_proto()
take a build_label_func, not a build_label_func *, as its last argument,
assign that value rather than dereferencing it, get rid of unnecessary
casts, and fix the comment in epan/decode_as.h for that argument.
Change-Id: Idc3cf18204c543a2191b122c8129b362562c0ecd
Reviewed-on: https://code.wireshark.org/review/25773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also show the seconds in a human readable string.
Change-Id: I124bfc12954fb7c2c65777c028986d18c5686c7b
Reviewed-on: https://code.wireshark.org/review/25772
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add wmem versions corresponding to g_strjoin() and g_strjoinv().
Modify packet-rtps.c to use wmem routines_ where it is now using g_ routines causing mallocs.
Change-Id: I92c890a8b8f29a973e103676d8e5a681ee5abd50
Reviewed-on: https://code.wireshark.org/review/25764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Parsing of complete-sib-short was wrong - did not consider the 8 bits of length in the begining
2. Added re-assembly logic for SIBs segmented into first/subsequent/last payloads
Change-Id: I2c4aab2cace795c3e47a22921a34efc4ee26a25f
Reviewed-on: https://code.wireshark.org/review/25598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
next_tvb_add_handle() allocates memory in packet scope.
When dissecting another packet from dissect_h225_h225_RasMessage() handler [it don't call next_tvb_init()]
next_tvb_add_handle() will write to freed pointer.
Fix by calling next_tvb_init() after leaving scope in order to clear list->last pointer.
ASAN report:
ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000854f0 at pc 0x00000208574a bp 0x7ffca839cf00 sp 0x7ffca839cef8
WRITE of size 8 at 0x6070000854f0 thread T0
#0 0x2085749 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c
#1 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3
(...)
#21 0x168f460 in dissect_per_sequence /src/wireshark/epan/dissectors/packet-per.c:1920:12
#22 0xef31d3 in dissect_h225_InfoRequestResponse /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:910:12
#23 0x168e7db in dissect_per_choice /src/wireshark/epan/dissectors/packet-per.c
#24 0xeed6e3 in dissect_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:298:12
#25 0xef97af in dissect_RasMessage_PDU /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:339:12
#26 0xeef872 in dissect_h225_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/packet-h225-template.c:385:12
0x6070000854f0 is located 0 bytes inside of 72-byte region [0x6070000854f0,0x607000085538)
freed by thread T0 here:
#0 0x4e2528 in __interceptor_cfree.localalias.0 /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:76
#1 0x21263a1 in wmem_simple_free_all /src/wireshark/epan/wmem/wmem_allocator_simple.c:107:9
#2 0x205aa4d in wmem_leave_packet_scope /src/wireshark/epan/wmem/wmem_scopes.c:81:5
(...)
previously allocated by thread T0 here:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225c588 in g_malloc (/out/fuzzshark_test+0x225c588)
#2 0x20855e0 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c:40:10
#3 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3
Found by oss-fuzz/5921
Change-Id: Iea006914a9e0c433d2073f6f4c7a2973d5a33a11
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5921
Reviewed-on: https://code.wireshark.org/review/25593
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They are copied in structures using pinfo lifetime. Let's use the same scope.
Bug: 14416
Change-Id: I5f8ee6fff49d63584a246936f551db1803ff9816
Reviewed-on: https://code.wireshark.org/review/25748
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
HKDF (RFC 5869) is a standard construct used in TLS 1.3, QUIC and
OSCORE, generalize it for use outside the TLS dissector.
Since none of the users need the "context" (formerly "hash_value")
field, remove the parameter.
Change-Id: Id952de8cb3000f6f6eda844d17c78bbd3906a84d
Reviewed-on: https://code.wireshark.org/review/25723
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use copy_address_swallow() instead of copy_address().
When inserting the key in the hash map, copy it in wmem file scope.
Bug: 14407
Change-Id: Ida524d314c943f480dd0e1bf44fd0ded01aafaeb
Reviewed-on: https://code.wireshark.org/review/25731
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Crafted packets may not have ipmi_header.
Bug: 14409
Change-Id: Ib6a8eceab13525c6c8dca5cef8bce3532dc50911
Reviewed-on: https://code.wireshark.org/review/25745
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Sanity check the total_length to make sure it doesn't go negative.
Bug: 14412
Change-Id: I87e38f6c792fa81184e4c412d6433fbbf2060f28
Reviewed-on: https://code.wireshark.org/review/25744
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fields are 16-bit values and large 16-bit values can be incorrectly
treated as negative, causing infinite loops in offset calculations.
Bug: 14413
Change-Id: I44334c3e9ced0734f4e1a70720859c0abf4a05c8
Reviewed-on: https://code.wireshark.org/review/25743
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14414
Change-Id: I39843e8959510a0efa1add51a16e207fc63f88b1
Reviewed-on: https://code.wireshark.org/review/25742
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
oss-fuzz triggered: set_address: assertion failed: (addr_data == NULL).
Valgrind confirms that ceph was passing uninitialized value to set_address()
==16301== Conditional jump or move depends on uninitialised value(s)
==16301== at 0x6C37762: set_address (address.h:78)
==16301== by 0x6C37762: copy_address_shallow (address.h:253)
==16301== by 0x6C37762: c_node_copy (packet-ceph.c:1433)
==16301== by 0x6C37F72: c_conv_data_copy (packet-ceph.c:1455)
==16301== by 0x6C37F72: c_conv_data_clone (packet-ceph.c:1464)
==16301== by 0x6C37F72: c_pkt_data_save.isra.4.part.5 (packet-ceph.c:1593)
==16301== by 0x6C40EAE: c_pkt_data_save (packet-ceph.c:1561)
==16301== by 0x6C40EAE: dissect_ceph.isra.60 (packet-ceph.c:7046)
==16301== by 0x6C4186A: dissect_ceph_heur (packet-ceph.c:7111)
Found by oss-fuzz/6148.
Change-Id: I8ec762d541fd8cfd919710cf460c44968707dcc5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6148
Reviewed-on: https://code.wireshark.org/review/25736
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Since g2a80fe283c (2005-10-06!) length initialization was moved, and
the message length is no more correct (previously tvb_length_remaining()
was called with offset equal to 0, which is no more the case after the
change).
Bug: 14410
Change-Id: I2f00be83fa17ad7344d0d75f4a899f169d7a622b
Reviewed-on: https://code.wireshark.org/review/25735
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
These were initially coded incorrectly. The problem was found by
George Baltatanu and a fix supplied by him.
Change-Id: I1de86ca7c5428efbcdd0fb39244a1cafbbcd32ab
Reviewed-on: https://code.wireshark.org/review/25724
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Previously, dissect_cip_generic_service_req and dissect_cip_generic_service_rsp
set lengths at different levels of the packet. In some cases, this would
cause a malformed packet when the data length was zero. This fixes the
malformed error by explicitly setting the length, instead of using -1.
The length of the service data set is not the data paylod for both
cases. Previously, for requests, it attempted to highlight the whole CIP
layer, but this was already covered by the full CIP protocol layer
length.
Change-Id: I4b4a99d30b9e04872fcf7ffb127c496e6062856c
Reviewed-on: https://code.wireshark.org/review/25672
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Add Decode Options for 4 Safety I/O types. Previously, you could only decode as "CIP Safety", which only showed as a generic data block (because all important things for parsing are in the FwdOpen).
2. Change some timestamp display formatting to match other related timestamp fields (now all Dec)
3. Don't create connections for Null Forward Opens.
Change-Id: Ia1031b3887739a864a453b9e566ebe6f29fa5b8b
Reviewed-on: https://code.wireshark.org/review/25664
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
They were used by the now-removed draft-07 support.
Change-Id: I4762d2a6bb81e231010f1fd4b2b51278bb3c4329
Reviewed-on: https://code.wireshark.org/review/25695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
of Quick UDP Internet Connection
Change-Id: Ibe18191fca6495d817f6bc10ec4b5df552548396
Reviewed-on: https://code.wireshark.org/review/25690
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting an if_tsresol option in an IDB, calculate the resolution
from the base and the offset. If the result overflows, mark it as an
overflow; otherwise, mark it with the units for more values than 1
microsecond. Store the calculated resolution, which we initialize to
the default of 1 microsecond.
When displaying time stamps in blocks, use the calculated resolution,
rather than re-calculating it. If it's 0, it means the resolution is
too high, so don't calculate it and end up dividing by zero.
Bug: 14402
Change-Id: Idc34ededb4f7250b3604b14d4468c32f6592793f
Reviewed-on: https://code.wireshark.org/review/25673
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not check reported length but captured length, otherwise it can
can trigger an exception when trying to fetch at offset 4.
Once the (very basic heuristic) is verified, cann the right dissection
function.
Bug: 14399
Change-Id: Ie09d80e04f2501c940693a2ea9ecbd2f84d1e22f
Reviewed-on: https://code.wireshark.org/review/25666
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The main benefit of this feature is that it enables users to see the
succession of HTTP requests that led to a specific request.
A sample PCAP is available here:
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16085
Change-Id: I7c521315b848fbce659fdc01e43f261d804a3a48
Reviewed-on: https://code.wireshark.org/review/25319
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They changed when the spec was updated. This seems to be the last change
needed here.
Change-Id: Id47c1de5b5890bffa0842c33ae02033ddf6c8325
Reviewed-on: https://code.wireshark.org/review/25656
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fragmented FCP may not be called on the first pass, so add a NULL
check for proto_data that may not be there.
Bug: 14374
Change-Id: Icbbee8f0eb3a33655323283dbb5a01c350d784dc
Reviewed-on: https://code.wireshark.org/review/25649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Sgement -> Segment
Change-Id: Ibf4aa2db14fd87c854a65da0de979ad4772243d8
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-on: https://code.wireshark.org/review/25648
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will be restored after the 2.5.0 release is complete.
This reverts commit 61cc769169.
Change-Id: I0b7d2435fe010070aaced5f395c75a1cd65b3f83
Reviewed-on: https://code.wireshark.org/review/25645
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Sgement -> Segment
Change-Id: I275495fafdf76308ca36083256d6fcd2bed35203
Reviewed-on: https://code.wireshark.org/review/25640
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pinfo->pkt_encap is jsut a copy of pinfo->phdr->pkt_encap; no need for
the copy.
Expand a comment while we're at it.
Change-Id: I5fcfe694ecba42507f1d629d01440da0a0989501
Reviewed-on: https://code.wireshark.org/review/25643
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use the address type of the link-layer source address, rather than the
encapsulation of the outermost packet layer, to determine the type of
the physical client address in a Dead Station frame. That should, for
example, handle cases where the actual Ethernet packets are being
carried within packets on some non-Ethernet network, or where the
packets aren't Ethernet packets but are packets on some other network
using MAC-48 addresses.
Change-Id: Ibd2e2322b03e81aa52c71b080f3c91d2f83fc3b4
Reviewed-on: https://code.wireshark.org/review/25642
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That obviates the need to check pinfo->pkt_encap.
Change-Id: I038e065932282ce9d3362fbc9ba6ea653a63f399
Reviewed-on: https://code.wireshark.org/review/25627
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Let's add an expert info, and set offset to the end of the current tvb.
Bug: 14379
Change-Id: Iaccf862c451eef58aaed11b26fceebf26bc2c818
Reviewed-on: https://code.wireshark.org/review/25619
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
fixed an offset error for mqmo in gmo
Added value in comment when defining val_str
Change-Id: Ie29f65f96d2ffb96c0cc0623346432f1f8380168
Reviewed-on: https://code.wireshark.org/review/25604
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add support for collection commands
* SET/GET manifest
* DCP changes (mutation/deletion/system_event)
Add support for DCP delete_time, a new format for DCP deletion
Change-Id: Iec2000a40da37dcb1edf665a157dc7ab30d4c9d0
Reviewed-on: https://code.wireshark.org/review/25612
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining
Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.
Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134== by 0xA94E405: g_malloc (gmem.c:97)
==15134== by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134== by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134== by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134== by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)
Found by oss-fuzz.
Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
See Volume 9, version 1.2, sections "6-2.7.1.1" and "7-1.1"
1. Pass Connection Point from FwdOpen to Motion dissector, since that is now needed to parse I/O payload.
2. Move Run/Idle Header function to CIP dissector, since it's a CIP feature, not ENIP.
3. Add a protocol so that Format Revision 3 can be dissected without the Forward Open in the capture.
4. Minor: Highlight more bytes in some EPATH parsing.
5. Minor: Renaming some things to match spec wording.
Change-Id: I93626a6492be2675206d38c04fa1c7ce534c04ca
Reviewed-on: https://code.wireshark.org/review/25570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Valgrind report:
==642== 14 bytes in 1 blocks are definitely lost in loss record 5,705 of 49,814
==642== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==642== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==642== by 0x6D523F4: dissect_object_mapping (packet-epl.c:4216)
==642== by 0x6D56394: dissect_epl_sdo_command (packet-epl.c:3862)
==642== by 0x6D56394: dissect_epl_asnd_sdo (packet-epl.c:3572)
==642== by 0x6D59BC5: dissect_epl_asnd (packet-epl.c:3053)
==642== by 0x6D59BC5: dissect_eplpdu.part.21 (packet-epl.c:2627)
Found by oss-fuzz/5907.
Change-Id: I6f4d2cea761581260af396c848ab1fded5641b44
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5907
Reviewed-on: https://code.wireshark.org/review/25573
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Added support for IMS, TM, TMC2 Struct
Improve display some Flags in ID Struct
Fix display for FCNO Struct
Fix error in get_mq_pdu_len
Code reformat (VS2017)
Moved DEFINE to header file
More struct display fixed
Fix for IMS Msg len display
Change-Id: I80bfd25a5079598fc44124dc2c7b850640a38b00
Reviewed-on: https://code.wireshark.org/review/25295
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As stated in the #if 0ed out comments, It's not valid for a
soupbintcp subdissector to call conversation_set_dissector(), so
it shouldn't call try_conversation_dissector. Just remove the
call entirely so it doesn't look like the removal is temporary.
Change-Id: I68d9b72360b52002692c369d7b202a8a215c0a96
Reviewed-on: https://code.wireshark.org/review/25555
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The CAN-ETH protocol explicitly states that the CAN identifiers are
transmitted in little-endian order, and the dissector now decodes it as
little-endian rather than host-endian.
Change-Id: I92c44b809caace31726e0d355363355eb32efa3e
Reviewed-on: https://code.wireshark.org/review/25549
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Otherwise we use an uninitialized variable
Bug: 14372
Change-Id: Idacdb40569421f7e41e181c14fb2bc033b0645b8
Reviewed-on: https://code.wireshark.org/review/25529
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Adding Session Multiplex Protocol SMP
SMP is used by TDS when MARS in enabled.
Bug: 14110
Change-Id: Ia4113c627d107da6c3d51e4004265efb228a297b
Reviewed-on: https://code.wireshark.org/review/25509
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
bf_arr is used as %s argument to proto_tree_add_subtree_format(), so it need to be NUL terminated.
Add + 1 to bf_arr size, and use sizeof() in memset() calls.
ASAN report:
ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ff1b179f150 at pc 0x00000044cf31 bp 0x7ffdc7493cf0 sp 0x7ffdc74934a0
READ of size 258 at 0x7ff1b179f150 thread T0
SCARINESS: 41 (multi-byte-read-stack-buffer-overflow)
#0 0x44cf30 in printf_common(void*, char const*, __va_list_tag*) /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_format.inc:548
#1 0x498cfc in __vsnprintf_chk /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1558
#2 0x5775cf in proto_tree_set_representation /src/wireshark/epan/proto.c:5508:9
#3 0x577eb1 in proto_tree_add_text_valist_internal /src/wireshark/epan/proto.c:1226:2
#4 0x5782d5 in proto_tree_add_subtree_format /src/wireshark/epan/proto.c:1249:7
#5 0x73c73f in fBitStringTagVS /src/wireshark/epan/dissectors/packet-bacapp.c:7490:15
#6 0x73ad20 in fApplicationTypesEnumeratedSplit /src/wireshark/epan/dissectors/packet-bacapp.c:7569:26
#7 0x73a484 in fApplicationTypes /src/wireshark/epan/dissectors/packet-bacapp.c:7635:12
#8 0x7395db in fIAmRequest /src/wireshark/epan/dissectors/packet-bacapp.c:13412:14
#9 0x7383e1 in dissect_bacapp /src/wireshark/epan/dissectors/packet-bacapp.c:14163:9
Found by oss-fuzz/5452.
Change-Id: I57e948904f707c5003a389431b009a37c1212e04
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5452
Reviewed-on: https://code.wireshark.org/review/25544
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Fixes/improves a few filter identifiers, typos, consistent
use of MHz (as opposed to Mhz), and fixes to the MCS map trees
in the HE Capabilities tag.
Change-Id: I5c761990237ccc241d95fb0b9b2d3f8f1263b460
Reviewed-on: https://code.wireshark.org/review/25530
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
The UDP port for HSRPv6 was mistyped when UDP dissectors was converted
to use "auto" preferences in g2eb7b05b8c.
Change-Id: I4b6f634677d23d81fc197dbeb43ee3d91d9a111f
Reviewed-on: https://code.wireshark.org/review/25526
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add missing NULL terminator to ieee1905_reporting_policy_flags[], in order to fix buffer overflow.
ASAN report:
ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000092a4af8 at pc 0x00000062afd2 bp 0x7ffce7e468d0 sp 0x7ffce7e468c8
READ of size 8 at 0x0000092a4af8 thread T0
#0 0x62afd1 in proto_item_add_bitmask_tree /src/wireshark/epan/proto.c:10406:9
#1 0x62953f in proto_tree_add_bitmask_with_flags /src/wireshark/epan/proto.c:10786:3
#2 0xfb8271 in dissect_metric_reporting_policy /src/wireshark/epan/dissectors/packet-ieee1905.c:2762:9
#3 0xfb2997 in dissect_ieee1905_tlv_data /src/wireshark/epan/dissectors/packet-ieee1905.c:4390:18
#4 0xfb23c8 in dissect_ieee1905 /src/wireshark/epan/dissectors/packet-ieee1905.c:4577:18
Found by oss-fuzz/5298.
Change-Id: I35dbd6d29d0a3a5560286146fbed172c810e5b2d
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5298
Reviewed-on: https://code.wireshark.org/review/25520
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
One thing I hate is big slabs of open coding. Compilers are very good these days
and will inline functions if they are used in only one place.
By using functions we make the code very much more readible.
There is also a big opportunity to use functions like proto_tree_add_bitmask.
Change-Id: I66d1509f577d2955996f4649e05494ab0370ed01
Reviewed-on: https://code.wireshark.org/review/24964
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sip_is_packet_resend() function sets the internal transaction_state to
final_response_seen, the prevents the sip_find_request() from finding the
matching INVITE as it expects transaction_state == request_seen. Simply
reversing the order of these functions seems to fix the problem.
Change-Id: I61d085c979dee24ad88b4eea26dfa002fd9cd213
Reviewed-on: https://code.wireshark.org/review/25429
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
CCM* algorithm implemented as part of ieee802154 dissector can be
leveraged for higher layer protocols, e.g. OSCORE. This change adds an
additional parameter to the CCM* API in order to allow passing a generic
13-byte nonce.
Bug: 14367
Change-Id: Ib2da1146659f67ffb3a4767ec093f8b7f09461ce
Reviewed-on: https://code.wireshark.org/review/25455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14332
Change-Id: I49642a9880fc03d38942eebfd6b1015894fef23d
Reviewed-on: https://code.wireshark.org/review/25255
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modern SDP usage (e.g. SIP, WebRTC) can "bundle" multiple RTP media streams on
a single port. Thus the RTP dissector has to be able to handle audio and video
at the same time, so the gboolean flag in _rtp_info was changed to a bit mask.
The SDP parsing was then changed to detect multiple "m=" lines using the same
port, and combine their audio/video bit masks, and the rtp_dyn_payload used
has all the audio and video payload descriptions.
Change-Id: Ifa3c034260f892ed005fe28647d28f3b0b1b05cf
Reviewed-on: https://code.wireshark.org/review/25431
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Add the crypto suite that came in with a spec change (v171212).
2. Add two additional fields that need handling.
3. Make the attribute value a separate sub-tree.
Change-Id: Ic01527bcd0361bf2522d2efbc91cd8191d7b2e27
Reviewed-on: https://code.wireshark.org/review/25514
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Should fix clang warning created by https://code.wireshark.org/review/#/c/25492.
Change-Id: Iafa31e24cd786a510f3a953d615df4cbc3930fa6
Reviewed-on: https://code.wireshark.org/review/25508
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Chances are if there are a large number of "empty objects" (that don't increment packet
counter) it's an intentionally malicious packet and we should break the loop.
Bug: 14362
Change-Id: Id9a6f4270cc47188becdf4652f903d0ba4478dcb
Reviewed-on: https://code.wireshark.org/review/25497
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
JSON will be display like in browswer developer tool (Firefox or Chrome).
Change-Id: Ib504f4828d9fd8d25d9564b93717007ac021713c
Reviewed-on: https://code.wireshark.org/review/25474
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Handle the Estimated Service Parameters tagged element and the Future
channel guidance one. The second may need more work in future.
These are defined in IEEE STD 802.11-2016 but may have been defined earlier.
Change-Id: I1c67a0ea6df9c1cc89bb3a34da921f3938e0a012
Reviewed-on: https://code.wireshark.org/review/25407
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Iecfb705b37f54119eaec75ab8df8c7ee3c76bfec
Reviewed-on: https://code.wireshark.org/review/25503
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add dissection of the TDS response packet for TDS 4.2. In order to share code, this
required parameterizing TDS 7.x token-handling routines for things such as endian-ness
and one-byte vs two-byte character encodings. This required ascertaining accurately when
TDS 7.x is in use as early in the conversation as possible. This in turn required knowing
the program versions downloaded in the prelogin packet in the case where the login packet
is encrypted. (Listening to the LoginAck token is a little too late.)
Add more support routines to parameterize the endian nature of each connection.
Although the particular tokens decoded here are documented for TDS 4.2, it has only been tested
with a trace from TDS 4.6. TDS 4.6 didn't change much, but there may be a few minor errors.
Change-Id: I6f8f136bcc565640fbea4302cb79ea29a118d9a1
Reviewed-on: https://code.wireshark.org/review/25464
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Used reference:
Book "InfiniBand Network Architecture" by Tom Shanley; page 369 ff
Bug: 14359
Change-Id: I77e64ca16ccc5f193eac34b304165f722ffb0748
Reviewed-on: https://code.wireshark.org/review/25489
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Some oddities with regard to file permissions have crept into
the repository. Reset execute rights on various files which do
not need them.
Change-Id: Ib05658072925d59fc682173673c5638d157a269a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25490
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Headers field "name" is used in the hash table for matching
field type while processing data. Browsers use dash as
delimiter while in the code we use underscore.
Change-Id: I6342af9328118b41a8c71e034ef5913a83a84459
Reviewed-on: https://code.wireshark.org/review/25478
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I306341c7cddf8facb4a9ca62254a465a1da22174
Reviewed-on: https://code.wireshark.org/review/25423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
iPXE seems to violate RFC 3004 by ommitting the UC_Len_i field in the
User Class Data field. Since this seems to be a 'well known' issue,
which is not going to be corrected, detect and circumvent the error
detection for this specific use.
Bug: 14312
Change-Id: I2a15c336d7f67ee5fd83f955de7126eac146bfb1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25450
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I2f47e0ede2a31cfdadc69ab125a739b3deaa297e
Reviewed-on: https://code.wireshark.org/review/25453
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Modern SIP endpoints often use non adjacent, or the same, port for the RTCP
protocol as the RTP protocol. This is indicated via attributes in the SDP,
which should be used to set up the correct dissector for the correct port
on this SIP session.
Change-Id: I37bf30b71541b6f924fbda5ac1cb29f3ba171515
Reviewed-on: https://code.wireshark.org/review/25430
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I049c8b9b9a0a1da2243217532186ba5a19cf5671
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
RHEL7 ships with Libgcrypt 1.5.3 which does not support AEAD, add guards
to fix -Wunused-function errors.
Change-Id: I230a66eff0dca9a882bf87f2f740ee0d36cd1dc6
Reviewed-on: https://code.wireshark.org/review/25434
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: If176231d1c71692b1d6a2627934d211e4f2476a7
Reviewed-on: https://code.wireshark.org/review/25433
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
While we are at it, let's add the protocol item to allow filtering on
protocol.
Bug: 14360
Change-Id: I4973a6e657dccd71af4f798584cc118b75bedd20
Reviewed-on: https://code.wireshark.org/review/25425
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
offset was not used after increment/assignment, just return it to relax clang.
Found by clang scan.
Change-Id: I21dece4e31075ca2da8d3ba942336fb4858636b6
Reviewed-on: https://code.wireshark.org/review/25419
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Some ZigBee commands within the Smart Energy Profile does not have the same payload
across different specifications. With this preference it is possible to choose what
version of the specification to use when dissecting payloads.
The default version is set to the latest one, which is Smart Energy 1.4, even though
it is still under development.
Change-Id: Iaec5528f2a418aeec4e39cfa087a58e531570d42
Reviewed-on: https://code.wireshark.org/review/25409
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is based on Draft 2 of the standard. Draft 2 did not get approved, but
is close to what the final version will be and support is needed now by the
teams working on this.
Change-Id: I837df05a288b815e1e455883f4f165721104d51f
Reviewed-on: https://code.wireshark.org/review/24861
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All tools use draft-07 or draft-08
Bug: 13881
Change-Id: I539e34324f16149fe8c0d05d938bae1298b9eb15
Reviewed-on: https://code.wireshark.org/review/25399
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If a field is indicated as not known, then display that field as reserved
which will prevent people from searching for fields that are not known and
makes more sense.
Also, rename some of the hf fields to be more in line with standard practice.
Change-Id: I5cbbd682acbea3713b7b19325fe1a36cc0e36aa1
Reviewed-on: https://code.wireshark.org/review/25397
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There was a missing field in the initial version of the spec. Add the
flags bits that define the subsequenct fields.
Change-Id: Ie237075f4f7f30adc4b280358fe5c985c63f5281
Reviewed-on: https://code.wireshark.org/review/25375
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Don't break the remaining length by setting and invalid one
Change-Id: Ia32798db73937ada6c99a6927cc87402603a9e75
Reviewed-on: https://code.wireshark.org/review/25391
Reviewed-by: Michael Mann <mmann78@netscape.net>
'rsvp.template_filter.ipv4_tunnel_sender_address' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'rsvp.template_filter.sub_group_originator_id' exists multiple times with NOT compatible types: FT_UINT16 and FT_BYTES
Change-Id: I922ef6742c7f340519adc6014ec37e29cb0e34c7
Reviewed-on: https://code.wireshark.org/review/25390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
This will help identifying that the packet contains unexpected data at the end
rather than triggering a malformed error when trying to fetch outside of
the tvb.
Change-Id: Ieb71204f3c364e809447157e7a71c3eb92620d85
Reviewed-on: https://code.wireshark.org/review/25366
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This field is generated so mark it so. It may also be usable so
make it visible.
Change-Id: I10d951f234f1fba240059bc791b40d25dede07a9
Reviewed-on: https://code.wireshark.org/review/25350
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This allows the user to override the EAPOL Key MIC length for those
crypto suites where the Key MIC length is greater than 16 bytes.
This works in the DPP case where the Key MIC length is supposed to be the
same as the Nonce length.
Change-Id: I8ef6bc978e0a44ece0e95d76b231a02c7f15c89b
Reviewed-on: https://code.wireshark.org/review/25332
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>