It seems that for some reason the asn2wrs.py code generator cannot deal
with ASN.1 choices being defined with their numeric values defined in
non-ascending order. Other ASN.1 code genreation tools work perfectly
fine under such conditions.
The decode error happens in the COL_INFO: The numeric value of the
choice is mapped to a wrong entry in the string table, resulting in
the wrong message type being shown in the INFO column.
We apply this patch to the ASN.1 source of the RSPRO protocol definition
to fix the decode.
The Osmocom RSPRO protocol is a protocol for remote SIM card access,
i.e. extending the SIM card interface between phone/mdoem (UE) and
a remote SIM card reader. The primary user of this protocol is
osmo-remsim software suite, which can be found at
https://osmocom.org/projects/osmo-remsim/wiki
RSPRO is specified in ASN.1 using BER and runs on top of the IPA
multiplex (protocol-gsm_ipa.c).
Change-Id: Ibcdb2c92281d05c36e3973de4d7ec4aa0cd9b207
The ofp_stats struct length field includes the fixed 4 bytes.
If the length is smaller than that, report the length error
and break out. In particular, a value of zero can cause
infinite loops if this isn't done.
There's no point in trying to decompress a message with
length zero, and some of the third party decompression
libraries (e.g. zstd) can give unexpected results that
lead to infinite loops if we do so. A message length zero
is almost surely a file with errors.
Currently the autocompletion engine always suggests a protocol
field completion, even in places where it isn't syntactically
valid.
Fix that by compiling the preamble to the token under the cursor
and checking the returned error. If it is DF_ERROR_UNEXPECTED_END
that indicates a field or literal value was expected. Otherwise
a field replacement is not valid in this position.
Fixes#12811.
Store pointer to first gap to reduce number of full list traversals
needed when linking new fragments. When all captured fragments are in
order, the first gap is effectively pointing to list tail. The best case
scenario, where the list traversals are completely eliminated, happens
every time for protocols that always have the fragments ordered (most
notably USBLL Full-Speed capture containing Bulk OUT transfers with
a lot of retransmissions).
The memory usage is increased by a single pointer and 32-bit contiguous
length counter per fragment head. The additional CPU usage is constant
per insertion, i.e. does not increase with the number of fragments in
the list.
Fixes#17311
display_extension_block is supposed to return the current offset,
not the number of bytes remaining, which can be less than the current
offset and cause an infinite loop. In the case of errors, set
lastheader and return the current offset to break out of loops.
Adds missing NULL-termination in headerfield list in
dissect_dect_mitel_eth_mac_con_ind and removes handover to general data
dissector as this is path is no longer reached due to handling the
different message types within this dissector.
Only dissectors are using this function and there is no use case,
as far as I know, that requires its use. Any limitation of length
is imposed transparently by the UI backend.
This function is problematic because it is not Unicode aware and
will truncate a string on an arbitrary byte boundary for multibyte
strings.
Replace its use with a normal strbuf without a length limite and
remove the function because it is not useful and the ITEM_LABEL_LENGTH
parameter does not belong in wmem anyway.
CitrixAGBasic Authentication has Base64 encoded values. The result of
Base64 decoding is not guaranteed to be valid UTF-8 (or ASCII), so
verify it.
Also add the username and password to the credentials tap.
Fix#18677.
The dynamic hf entries for HTTP2 read from the UAT should be
changed when the UAT is changed or reset, not on each file
load and file close. If a field is added as a column, coloring
rule, or filter, and the capture file is changed, deregistering
the field and reregistering it can cause a crash.
Use the same approach as with HTTP and SIP, slightly modified
because in HTTP2 the header fields hash contains the static
headers as well, to prevent adding duplicate entries via the UAT.
Fix#14768
When CIMD indicates that a message was sent in the 7 bit GSM alphabet,
each character has been converted to ASCII or ISO-8559-1 with the
use of combining escape sequences for characters not present in
the destination encoding. Properly convert back to GSM 7 bit encoding
and then to UTF-8 for display.
Fix#18676.
https://cmake.org/cmake/help/latest/release/3.25.html says:
"On Windows, when targeting the MSVC ABI, the find_library() command now
accepts .a file names after first considering .lib. This is symmetric
with existing behavior when targeting the GNU ABI, in which the command
accepts .lib file names after first considering .a."
If "MSVC" is defined, only search for libsmi-2. This keeps us from finding
libsmi.a. Set NO_SYSTEM_ENVIRONMENT_PATH when we're searching for zlib. This
keeps us from finding Strawberry Perl's version.
Some SpanDSP builds link with LibTIFF, but our Windows version doesn't.
Return an struct containing error information. This simplifies
the interface to more easily provide richer diagnostics in the future.
Add an error code besides a human-readable error string to allow
checking programmatically for errors in a robust manner. Currently
there is only a generic error code, it is expected to increase
in the future.
Move error location information to the struct. Change callers and
implementation to use the new interface.
Adds dissection of the SYNC message type with the following payloads:
* FREQ_CTRL_MODE_IND
* FREQ_CTRL_MODE_CFM
* SET_FREQUENCY
* START_MAC_SLAVE_MODE_IND
* SYSTEM_SEARCH_IND
* SYSTEM_SEARCH_CFM
* PHASE_OFS_WITH_RSSI_IND
The dissection of the DECT-MITEL-RFP protocol is based upon findings
that resulted in rfpproxy, so I think it is a good idea to also name the
author in the source file
This is the begin of a basic dissection of the proprietary protocol used
by the Mitel OMM/RFP communicatino over TCP. Currently no decryption is
supported so there is the need of external decryption.
The ETH protocol has an two byte field that is only used when
transported over RAW Ethernet and a length indicator in that case.
Those two fields are not present if the ETH protocol is encapsulated
in the OMM/RFP communication protocol.
To make this dissector also useable when used after dissecting
DECT-MITEL-RFP distinguishing between both packet structures has
been included.
The wmem_strbuf_new_label() creates a new buffer with a length limit
in octets. With multibyte strings this is likely to generate invalid
UTF-8 errors.
Remove the artificial limit on the value size. The
function proto_tree_add_string() sets the value, and truncating
that to an arbitrary limit is not really correct.
The display label will be truncated to a preset length by the UI.
This mechanism uses ws_label_strcpy() and is designed to avoid
the invalid truncation.
While here use wmem_strbuf_get_str() instead of wmem_strbuf_finalize().
Accepted best practice is to let the scope free the memory.
Removing the finalize call avoids an unnecessary realloc.
Fixes#18653.
For signed exponential Golomb, fix a typo when testing if
value was even or odd that resulted in a no-op. This was
mapping all overflows to G_MININT32 instead of half of them
to G_MAXINT32.
Use tvb_new_octet_aligned when adding addresses (strings or bytes)
that are not byte aligned. That is not only clearer code, but also
prevents attempting to add unvalidated strings.
Since we're aligning the fields properly, get rid of the extra
fields for the MSB of the first field and LSB of the last field.
Fix#18664
qcustomplot.cpp:34001:37: warning: The left operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:34001:37: warning: The right operand of '-' is a garbage value [core.UndefinedBinaryOperatorResult]
(ported from commit a0328bdb03)
qcustomplot.cpp:26643:9: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27752:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:27779:11: warning: 1st function call argument is an uninitialized value [core.CallAndMessage]
qcustomplot.cpp:34087:7: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
(ported from commit 075ee9138a)
qcustomplot.cpp:22400:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:22400:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The left operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
qcustomplot.cpp:35170:17: warning: The right operand of '>' is a garbage value [core.UndefinedBinaryOperatorResult]
(ported from commit 6fd4188804)
Warning triggered using AppleClang 11.0.0.
/Users/buildslave/builds/UfJL1hoT/0/wireshark/wireshark/ui/qt/widgets/qcustomplot.cpp:16020:17: error: HTML tag 'tt' requires an end tag [-Werror,-Wdocumentation-html]
parameter as <tt>QVariant(\ref QCPDataSelection)</tt>. All plottables that weren't touched by \a
~^~~
1 error generated.
(ported from commit 6d2aea45e4)
(ported from commit 3903740534)
QCustomPlot's adaptive sampling decimates the data to be plotted based
on the screen resolution. Specifically, if many data points fit within
the same pixel on the X (key) axis, then QCustomPlot attempts to plot
only the min value, the max value, and a few values in-between to
maintain a good "density" on the Y (value) axis.
The density QCustomPlot wants is about one datapoint for every 4 pixels
covered by the value range of a single X (key) pixel. Unfortunately,
this calculation is flawed if all values also fit within a single pixel
on the Y (value) axis - so this change fixes that bug.
(cherry picked from commit 92e652ebfa)
Starting with Qt 5.10 (our earliest supported version),
Qt has a qsizetype (alias of ssize_t) that functions
like size() and indexOf() return. On clang that does not
have the same size as an int, so cast it away in a number
of places.
RFC 3261 does not put a limit on the maximum size of Call-ID.
(Some implementations do, such as at 256 bytes.) Truncating
it can produce invalid UTF-8 if there's also errors that
turn into UTF-8 replacement characteres.
A reduced size is still used for the hash table lookup.
Add an expert info warning if Call-ID is missing, as it's
a mandatory field.
Fix#18620.
Instead of using tvb_get_bits and proto_tree_add_uint,
use a bitmask in the field info and proto_tree_add_item.
This means that when epan/print.c writes PDML or JSON,
the value written is the correctly masked value (PDML also
includes the unmasked value.)
When proto_tree_add_uint is used, the value written to
PDML and JSON is the original value from the packet buffer,
not properly shifted.
Using a bitmask in the field definition allows us to use
proto_tree_add_item, which means that when print.c writes
PDML and JSON, the value written is the correctly masked
value (PDML also includes the unmasked value.)
When functions like proto_tree_add_uint are used instead,
the value written to PDML and JSON is the original value
from the packet buffer, not properly shifted.
Instead of using tvb_get_bits32 and proto_tree_add_uint,
use a bitmask in the field info and proto_tree_add_item.
This means that when epan/print.c writes PDML or JSON,
the value written is the correctly masked value (PDML also
includes the unmasked value.)
When proto_tree_add_uint is used, the value written to
PDML and JSON is the original value from the packet buffer,
not properly shifted.
It's possible, in the case of errors, for the result of
g_uri_unescape_string not to be valid UTF-8, either if originally
some other encoding was percent-encoded, or if there were errors.
Check for it.
Fix#18658.
Rename flex macros using parenthesis (mostly a style issue):
DIAG_OFF_FLEX -> DIAG_OFF_FLEX()
DIAG_ON_FLEX -> DIAG_ON_FLEX()
Use the same kind of construct with lemon generated code using
DIAG_OFF_LEMON() and DIAG_ON_LEMON(). Use %include and %code
directives to enforce the desired order with generated code
in the middle in between pragmas.
Fix a clang-specific pragma to use DIAG_OFF_CLANG().
DIAG_OFF(unreachable-code) -> DIAG_OFF_CLANG(unreachable-code).
Apparently GCC is ignoring the -Wunreachable flag, that's why
it did not trigger an unknown pragma warning. From [1}:
The -Wunreachable-code has been removed, because it was unstable: it
relied on the optimizer, and so different versions of gcc would warn
about different code. The compiler still accepts and ignores the
command line option so that existing Makefiles are not broken. In some
future release the option will be removed entirely. - Ian
[1] https://gcc.gnu.org/legacy-ml/gcc-help/2011-05/msg00360.html
Windows already requires CMake 3.13. Bump the non-Windows
required version to 3.13 as well, since all our currently
supported Linux distributions have at least 3.13.
RHEL 8 and SUSE Enterprise 15 were initially released with
3.10 and 3.11, but have had updates with much more recent
versions since mid 2021 and mid 2020, respectively.
Add another category for warnings that are worth looking
into.
Split ENABLE_EXTRA_WARNINGS into ENABLE_TODO_WARNINGS and
ENABLE_PEDANTIC_WARNINGS.
Disable pedantic warnings in the CI builds.
Add Clang specific warnings to standard category.
Fix or workaround -Wunreachable warnings.
/Users/buildslave/builds/UfJL1hoT/0/wireshark/wireshark/ui/qt/widgets/qcustomplot.cpp:16020:17: error: HTML tag 'tt' requires an end tag [-Werror,-Wdocumentation-html]
parameter as <tt>QVariant(\ref QCPDataSelection)</tt>. All plottables that weren't touched by \a
~^~~
1 error generated.
Enable -Werror so Clang specific warnings will trigger a build
error and can't be checked-in.
This requires disabling "extra" warnings.
Add explicit ENABLE_WERROR=ON options instead of relying on defaults.
Enable -Qunused-arguments because it may be a useful warning.
Remove -fwrapv because it is implied by -fno-strict-overflow.
Move GCC-specific flag out of if(GCC) condition. Let CMake enable
it automatically.
Add strings with proto_tree_add_item or tvb_get_string_enc;
avoid using tvb_get_raw_bytes_as_string.
Use UTF-8 as the encoding to future-proof, according to
Locomation.
Use tvb_find_line_end() to split the lines, which does almost
all the needed logic and simplifies the code.
Fix#18632
It's is valid for C and C++ so move -Wlogical-op to common
flags.
Remove comment because GCC 4.4.5 is over 12 years old at this time,
assume it is outdated.
Remove warnings included in -Wall and -Wextra to make the command
line less noisy and speed up CMake invocation.
Remove a -Werror=implicit flag. Let errors be controlled exclusively
by -Werror.
Move some -Wno-foo flags that are only relevant with -Wpedantic.
cmake is already in the basic list of packages. "cmake3" is
necessary for RHEL/CentOS 7 (where the "cmake" package is 2.8.12),
but that distribution isn't supported on 4.0 and later.
At the same time, the OpenSUSE 15.4 repository accidentally has
a "cmake3" package which is an earlier version than the "cmake" RPM,
which creates some conflicts when trying to install both.
(https://gitlab.com/wireshark/wireshark-containers/-/jobs/3328997023)
So, don't attempt to install cmake3 anymore.
maxseqtobeacked needs to be increased when it's lower than
nextseq, not the other way around, otherwise we can get repeated
extra TCP ACKed unseen segment messages.
Since sequence analysis is always on the absolute sequence
numbers, not relative, it needs to use LT_SEQ to handle wraparound.
Fix#18558. Fix#18633.
On older Qt versions (5.12?) QVector needs to be included,
not just QObject. (It isn't needed on 5.15, possibly because
QVector is an alias for QList in newer Qt versions.)
It's possible to have multiplexed PPP MP that occurs in several
layers in the same frame, so we need to check that we're in the
right packet and also the right layer. process_reassembled_data
does that, so check to see if it returned a tvb instead of
just checking the frame number. Prevents some DISSECTOR BUG errors
when the buffer isn't actually available.
This change adds a small dissector for the NVMe-MI protocol, typically
for tunelling Administration commands over an MCTP (over I2C) channel.
We just decode the request and response headers, and leave the payload
as raw data.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
This change adds a very basic dissector for the MCTP control protocol -
just the header fields, leaving the raw payload data.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
This change adds a protocol dissector for the Management Component
Transport Protocol (MCTP). This is a failry simple datagram-based
protocol for messaging between components within a single platform,
typically over I2C, serial or PCIe.
This dissector just implements the header fields, and sequence-number
based message reassembly. Inner protocols will be added as follow-up
changes.
Linux has support for AF_MCTP data, so decode from the MCTP SLL ltype.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
When creating a ProtoNode, count the (non-hidden) children and put
them in a QVector. This saves time having to iterate through all
of a node's children (or the parent's children) each time the
model or view wants to get the row or index number. Create and
delete the needed ProtoNodes when the root node is changed, instead
of recreating them on demand from the proto_nodes (since they're no
longer a thin wrapper.)
Fix#18625
Separate fragment_head and fragment_item into two
different types of structs.
Remove "offset" from fragment_head, which was unused,
making fragment heads 4 bytes smaller.
Remove fragment_nr_offset, datalen, reassembled_in,
reas_in_layer_num, and error from fragment_item,
making them 24 bytes smaller.
Change a few dissectors which were using fragment_head
and fragment_item indistinguishably.
Ping #17311
Use tvb_get_string_enc() to read a string.
I think NFSv3 doesn't specify an encoding so interoperabilty
is dicey. I believe NFSv4 specifies UTF-8.
Fixes#18628.
Currently we don't have any build with -Werror because of
widespread use of ENABLE_EXTRA_COMPILER_WARNINGS CMake option,
that automatically disables -Werror. That's bad because it allows
code with warnings to pass the CI jobs and be checked in, which is
something we want to avoid.
Configure the GCC build to not use ENABLE_EXTRA_COMPILER_WARNINGS.
Allow fuzz jobs to pass with warnings because catching warnings is
not their purpose.
Remove -Werror=unused-but-set-variable that was added in
85357ae721 as a work-around to the fact that -Werror is not
enabled as a side-effect of ENABLE_EXTRA_COMPILER_WARNINGS.
Allow users to control -Werror. For example the MSYS2 build
has many warnings, this policy of adding -Werror= breaks that
build.
https://ask.wireshark.org/question/29235/
MAC addresses shown in WLAN statistics do not appear in the capture!
Initialize the address types then check if set when tapping.
Add complete decoding of CIF0 context packet fields per ANSI/VITA 49.2-2017
standard. Includes framework for future CIF1-CIF3 support with partial
implementation of CIF1.
Support string format like:
- 'a single quote string contains "a double quote string"'
- "a double quote string contains 'a single quote string'"
close#18599
Add -Werror=unused-but-set-variable to our default compiler flags and fix
```
epan/dissectors/packet-dcerpc-frsrpc.c:709:10: error: variable 'nb_chunk' set but not used [-Werror,-Wunused-but-set-variable]
guint32 nb_chunk = 0;
^
```
```
epan/dissectors/packet-dcom-oxid.c:175:13: error: variable 'u32ItemIdx' set but not used [-Werror,-Wunused-but-set-variable]
guint32 u32ItemIdx;
^
```
```
epan/dissectors/packet-l2tp.c:1775:104: error: parameter 'ccid' set but not used [-Werror,-Wunused-but-set-parameter]
static int dissect_l2tp_ericsson_avps(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, guint32 ccid)
^
```
```
epan/dissectors/packet-ldp.c:1922:19: error: variable 'ix' set but not used [-Werror,-Wunused-but-set-variable]
guint8 ix;
^
```
```
epan/dissectors/packet-nas_5gs.c:4757:14: error: variable 'curr_len' set but not used [-Werror,-Wunused-but-set-variable]
guint i, curr_len;
^
```
```
epan/dissectors/packet-per.c:1769:6: error: variable 'extension_addition_entries' set but not used [-Werror,-Wunused-but-set-variable]
int extension_addition_entries;
^
```
```
epan/dissectors/packet-rtitcp.c:618:11: error: variable 'messages_count' set but not used [-Werror,-Wunused-but-set-variable]
guint messages_count, offset;
^
```
```
epan/dissectors/packet-tcp.c:2130:9: error: variable 'ackcount' set but not used [-Werror,-Wunused-but-set-variable]
int ackcount;
^
epan/dissectors/packet-tcp.c:3317:12: error: variable 'nbOptionsChanged' set but not used [-Werror,-Wunused-but-set-variable]
guint8 nbOptionsChanged = 0;
^
```
```
epan/dissectors/packet-zbee-zcl-se.c:11802:15: error: variable 'i' set but not used [-Werror,-Wunused-but-set-variable]
for (gint i = 0; tvb_reported_length_remaining(tvb, *offset) >= 5; i++) {
^
```
```
ui/iface_lists.c:142:23: error: variable 'linktype_count' set but not used [-Werror,-Wunused-but-set-variable]
gint linktype_count;
^
```
```
ui/voip_calls.c:456:15: error: variable 'item_num' set but not used [-Werror,-Wunused-but-set-variable]
guint item_num;
^
```
```
file.c:572:17: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
guint32 count = 0;
^
```
```
file.c:3667:24: warning: cast from 'const unsigned char *' to 'unsigned char *' drops const qualifier [-Wcast-qual]
pd = (guint8 *)ws_mempbrk_exec(pd, buf_end - pd, pattern, &c_char);
^
```
```
ui/qt/io_graph_dialog.cpp:1932:60: error: variable 'mavg_right' set but not used [-Werror,-Wunused-but-set-variable]
unsigned int mavg_in_average_count = 0, mavg_left = 0, mavg_right = 0;
^
```
```
ui/qt/stats_tree_dialog.cpp:166:9: error: variable 'node_count' set but not used [-Werror,-Wunused-but-set-variable]
int node_count = 0;
^
```
```
ui/qt/models/profile_model.cpp:1142:13: error: variable 'entryCount' set but not used [-Werror,-Wunused-but-set-variable]
int entryCount = 0;
^
```
Fix
```
epan/dissectors/packet-bpdu.c:327:36: error: variable 'msti' set but not used [-Werror,-Wunused-but-set-variable]
int total_msti_length, offset, msti, msti_format;
^
```
UTF8String is not a known-multiplier character string, since the
characters are variable width. That means that a size constraint
in characters doesn't correspond to a fixed number of octets, and
thus that constraints are never PER-visible. (X.691 27.6) That
includes size constraints, extensions, permitted alphabets, etc.
The length determinant is thus the unconstrained type, and always
at least an entire octet instead of ever taking up a smaller
number of bits.
Extract the string as UTF-8 after aligning as necessary, which
will deal with illegal encodings.
Fix#18600.
The RXStringV type has one character (octet) stored per 32
bit word. There's no real indication of the string encoding
(possibly locale dependent, maybe ASCII or UTF-8.) Validate
it as UTF-8 for now, to produce good UTF-8 and handle the latter
two cases.
Fix#18583.
Use tvb_get_stringz_enc with ENC_ASCII instead of tvb_strsize
and tvb_memdup. Note that, in MMS encoding at least,
OMA-TS-MMS-CONF says that Text-string (where encoding is
not specified) is always US-ASCII.
For Encoded-string-values, get and process the MIBEnum charset,
at least when it's an integer (which OMA-TS-MMS-CONF says it
must be.)
Fix#18575
Whenever a string is inline or retrieved from the string table,
it needs to use the document encoding. Not tvb_format_text
(which always assumes UTF-8, though that is the default for WBXML
if we don't know otherwise), and *definitely* not tvb_get_ptr.
Replace a bunch of calls of tvb_strsize and tvb_format_text
(and one tvb_get_ptr) with tvb_get_stringz_enc with the
document encoding, which is now stored in packet level proto
data. (There should be a fallback to parsing it from the
Content-Type string, if the calling dissector provides it.)
Fix#18573
The displayLabel type in SCCP (skinny) is ASCII where certain
bytes are replaced with common phrases from a codebook. When
displaying the replaced string, remember to replace the non
ASCII characters with REPLACMENT CHARACTERS.
Fix#18592
Make changes to packet-skinny.c.in and SkinnyProtocolOptimized.xml
that incorporate changes from 67f05835ca
and 8efad466c4 made to the dissector
manually and regenerate. Also fix a case where a comment mixed
tabs and spaces, which caused the python conversion tool to complain.
Convert parse_xml2skinny_dissector.py to Python 3.
This is mostly the output of running 2to3, but some of the
uses of dict.keys() were left as is instead of being converted
to lists, since only membership was tested.
The dissector still needs to be regenerated, which will happen
in a next commit, so that this change can be easily backported.
Separate the tokens in xcsl using tvb_ws_mempbrk_pattern_guint8
instead of the dissector doing it manually.
Retrieve the ASCII token strings with tvb_get_string_enc to do
conversion to UTF-8.
Fix#18587
As stated in 3GPP 26.445 chapter A.2.2.1.4.2, RTP padding must be taken
into account to discrimate between Header-Full format and Compact format
Closes#18498
Since fvalue_to_string_repr does take the field base
as a parameter and that affects the representation,
an existing comment is no longer true, and we can
get rid of a large amount of duplicative special
handling for integer-based types.
Properly generate filter expressions for custom columns by
using proto_construct_match_selected_string on each value and
then joining them together later instead of trying to split
the column expression value.
This ensures that escaping is done properly for display filter
strings, that commas internal to field values are not confused
with commas between occurrences, that for multifield columns
we can distinguish which field each value matches, etc.
It's not entirely clear whether AND or OR logic is appropriate
for multiple occurrences; currently OR is used.
Bump glib requirement to 2.54 for g_ptr_array_find_with_equal_func
(this doesn't drop support for any major distribution that already
meets our other library requirements, like Qt.)
Fix#18001.
This an action frame to update the EMLSR / EMLMR mode.
This adds partial support for this frame.
It is fairly hairy to parse it because of its variable format, so for
now, just parse the EMLSR part and leave the EMLMR part for later.
According to TS 26.101, AMR_SID payload is 39 bits.
Hence, (39+7)/8 = 5, rounding to octet boundaries.
This fixes incorrect dissecting of Osmux frames containing AMR_SID
payloads.
Gtk popped up a search box when typing in the tree view.
Most places in Qt, a Search: field was added to the dialog.
Looks possible to buffer keystrokes and do a string search in Qt.
Default value is 400ms (even on Windows). Average typing speed of
200 cpm = 300ms per character = too close to 400ms when searching
the protocol name in Preferences -> Protocols.
packet_info has items that correspond to the single "most recent"
conversation set via conversation_set_conv_addr_port_endpoints or
conversation_set_elements_by_id. These should be reset after each
call of a dissector, because they are only relevant for the
dissector and any additional higher level dissectors it calls.
Lower level protocols and protocols at the same level (i.e., in
different PDUs of a shared lower level protocol) don't want to
automatically use those conversation elements to find the current
conversation.
Separately, there should be an array or linked list of all conversation
elements set in a packet, so that it can be used by the conversation table,
conversation filters, etc., instead of just accessing the most recent
conversation / conversation based on the last set address and ports.
Fix#18278
Add a tlsinfo struct that is similar to tcpinfo, and carries
the sequence number (within the TLS stream) and the end of
stream notification (from the TCP FIN or close_notify alerts)
in addition to the session app handle pointer already used
by TLS heuristic dissectors.
Have HTTP use the end of stream notification in order to
handle DESEGMENT_UNTIL_FIN the same way it does when HTTP
is directly over TCP. Also have HTTP use the sequence number
in order to reduce chunked processing from O(N^2) to O(N)
similar to done over TCP.
Update all the TLS heuristic dissectors that set the app
handle to use the new structure.
Note the workaround for the issue #15159 - the TLS dissector
has to report to the TCP dissector that desegmentation at FIN
is required, so that the TCP dissector will know to call the
TLS dissector at FIN. However, the TLS dissector does not request
that the TCP dissector resend bytes belonging to records that
TLS has already desegmented (and decrypted, if possible), to
avoid decrypting twice (and upsetting the decoder state.)
This can mean the TCP dissector calling the TLS dissector to
desegment at FIN with a zero byte payload. In such as case, the
TLS dissector artificially returns "1" byte dissected to avoid
indicating rejecting the payload and having the TLS (and subdissector)
layers removed. (TCP ignores the value returned when desegmenting
at FIN.)
Fix#9154. Fix#14382.
The host, request method, request URI, and response code are
information that are local to a request/response pair. Storing
them in the conversation data struct means that we only have access
to one set of values at any one point.
Currently they are updated every time a packet is dissected,
which is fine for sequential processing but causes unexpected
behavior when scrolling the window upwards, going directly
to a packet, or filtering, among other out of order behavior.
Store the values in the per packet data, and create the
file scoped data only on the first pass. The conversation
level data will have access to the final http_req_res_t
struct, which is useful for connections that Upgrade to a
different dissector.
Also, when a response code is in the Informational 1xx category,
that means it is an interim response and the next response could
be for the same request. (This affects 100 Continue, 103 Early
Hints, etc.)
Fix#16753.
Add the name, type, and values of field tables and arrays as
fields under the FT_NONE header. This makes them filterable
and show up in JSON export.
Fix#18385
packet-ieee80211.c:10060 proto_tree_add_item called for hf_ieee80211_hs20_icons_avail_len - item type is FT_UINT8 but call has len 2
packet-ieee80211.c:11869 proto_tree_add_item called for hf_ieee80211_ff_key_data_length - item type is FT_UINT8 but call has len 2
packet-ieee80211.c:21328 proto_tree_add_item called for hf_ieee80211_s1g_short_beacon_interval - item type is FT_UINT8 but call has len 2
packet-ieee80211.c:32379 proto_tree_add_item called for hf_ieee80211_pentapartial_timestamp - item type is FT_UINT8 but call has len 5
packet-ieee80211.c:32932 proto_tree_add_item called for hf_ieee80211_pv1_cnt_bat_bitmap - item type is FT_UINT16 but call has len 4
packet-ieee80211.c filter= wlan.he_ndp.sta_info.ru_start - mask has odd number of digits 0x3F800 expected max for FT_UINT32 is 8
packet-ieee80211.c filter= wlan.he_ndp.sta_info.ru_end - mask has odd number of digits 0x1FC0000 expected max for FT_UINT32 is 8
Instead of using the abstract type "<RAW>", which might be confusing,
show FT_BYTES, but display the representation with the "@" operator,
so it's not even more confusing in error messages why a field might
flip-flop types.
Refactor the field tostr() function and some other clean ups.
Before:
```
Filter: _ws.ftypes.string ==${@frame.len}
dftest: _ws.ftypes.string and frame.len <RAW> are not of compatible types.
_ws.ftypes.string ==${@frame.len}
^~~~~~~~~
```
After:
```
Filter: _ws.ftypes.string ==${@frame.len}
dftest: _ws.ftypes.string <FT_STRING> and @frame.len <FT_BYTES> are not of compatible types.
_ws.ftypes.string ==${@frame.len}
^~~~~~~~~
```
Extends raw adressing syntax to wok with references. The syntax
is
@field1 == ${@field2}
This requires replicating the logic to load field references, but
using raw values instead. We use separate hash tables for that,
namely "references" vs "raw_references".
This adds new syntax to read a field from the tree as bytes, instead
of the actual type. This is a useful extension for example to match
matformed strings that contain unicode replacement characters. In
this case it is not possible to match the raw value of the malformed
string field. This extension fills this need and is generic enough
that it should be useful in many other situations.
The syntax used is to prefix the field name with "@". The following
artificial example tests if the HTTP user agent contains a particular
invalid UTF-8 sequence:
@http.user_agent == "Mozill\xAA"
Where simply using "http.user_agent" won't work because the invalid byte
sequence will have been replaced with U+FFFD.
Considering the following programs:
$ dftest '_ws.ftypes.string == "ABC"'
Filter: _ws.ftypes.string == "ABC"
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(_ws.ftypes.string <FT_STRING>)
1 FVALUE("ABC" <FT_STRING>)
Instructions:
00000 READ_TREE _ws.ftypes.string <FT_STRING> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == "ABC" <FT_STRING>
00003 RETURN
$ dftest '@_ws.ftypes.string == "ABC"'
Filter: @_ws.ftypes.string == "ABC"
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(_ws.ftypes.string <RAW>)
1 FVALUE(41:42:43 <FT_BYTES>)
Instructions:
00000 READ_TREE @_ws.ftypes.string <FT_BYTES> -> reg#0
00001 IF_FALSE_GOTO 3
00002 ANY_EQ reg#0 == 41:42:43 <FT_BYTES>
00003 RETURN
In the second case the field has a "raw" type, that equates directly to
FT_BYTES, and the field value is read from the protocol raw data.
When the classic profile has been cloned, and it contains
coloring rules, that are no longer valid or their syntax is
wrong, the export of single profiles will fail.
The reason for that is still being investigated. It seems
there might be an issue with selecting the right coloringfilter
to be selected.
This change only fixes the coloringrules file and the
index is selected from the base model instead
Previously, Wireshark was sorting all packets in a capture,
regardless whether they were actually visible or not. If you
are working with large PCAPs & filters, this is a MASSIVE
performance drag. Therefore, this commit changes this
by only sorting the visible packets which boosts the
sorting performance in filtered views massively.
For a string, add the value from the packet normally so that the
value is filterable, shows up in JSON, etc. Prepend the tag
description to the item so the formatting is displayed in the
tree with the name like it has been.
Generate filter expressions for columns with multiple occurrences
by using the membership operator (which is semantically OR).
It's not clear if this approach makes more sense than AND;
there's use cases for both.
Don't do this for multifield custom columns, since we don't know
which values were found by which field. That takes changing
the column logic in several places.
Ping #18001
Use the information gained from conversation tracking to infer
well-known names. Show well-known names as addresses to improve the
readability of a D-Bus capture.
Add the method name to response frames, like Method Return and Error.
The name is not included in the frame itself, but can be inferred with
conversation tracking.
Add generated fields with the value from the request. D-Bus response
frames don't include fields like "member", i.e. the method name. By
adding generated fields it's easier to filter method calls and its
method return by name.
Since cbd3c447 ("ftypes: Add FT_UINT_STRING to IS_FT_STRING() macro")
proto_tree_add_string() accepts FT_UINT_STRING, but the API check still
fails. Update the API check to reflect that change.
The poll and precision fields in timing NTP messages are signed
integers.
Different NTP implementations have different minimum and maximum polling
intervals. Some can be configured even with negative values for
sub-second intervals (e.g. down to -7 for 1/128th of a second).
NTP clocks on modern systems and hardware typically have
a sub-microsecond precision.
Print all poll values. Add the raw precision and change the resolution
of the printed value to nanoseconds.
The fragment functions will work with a zero length fragment,
which might happen if a record length is zero in a malformed
packet and a reassembly is in progress. It is not by itself
a fatal error (and could actually work, even though
non-compliant.) There is already a tls.record.length.invalid
expert info added by ssl_check_record_length for this case.
Related to #17890.
1. Fix the bug that the timestamp of google.protobuf.Timestamp message
type does not displayed while pbf_as_hf (Dissect Protobuf fields as
Wireshark fields) is FALSE.
2. Add the use_utc preference for displaying google.protobuf.Timestamp
in UTC or local zone format.
Add a dissector table "btcommon.eir_ad.entry.uuid_16", which behaves the same
way as the hard-coded GAEN (Google/Apple Exposure Notification) dissector does
today -- the table key is the 16-bit UUID
(https://www.bluetooth.com/specifications/assigned-numbers/), and the dissector
is given the corresponding service data.
Normally, 'control' and 'otherbss' flags are set when
using monitor mode, but certain Wi-Fi drivers (e.g. MT7921)
need to explicitly have these flags set in order to capture
control frames.
A device is not allowed to start a new control procedure if it
has already responded to a peer procedure.
The detection of a response being present did not take into account
that some procedures do not have a response.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
According to 3GPP TS 44.018 section 10.5.2.20, the Measurement Results
is a type 3 (TV) information element with 17 (1 + 16) octets length.
The respective dissection function is called as follows:
ELEM_MAND_V(GSM_A_PDU_TYPE_RR, DE_RR_MEAS_RES, ...)
elem_v(tvb, tree, pinfo, GSM_A_PDU_TYPE_RR, DE_RR_MEAS_RES, ...)
de_rr_meas_res(tvb, subtree, pinfo, curr_offset, -1, ...)
^^^
len
Note that elem_v() passes -1 as the len argument to de_rr_meas_res().
The later returns -1 casted to guint, and this is indeed wrong.
Moreover, the 'len' argument is marked as unused (_U_).
This bug creates a false impression that the Measurement Results IE
occupies more octets than it actually does when it's encapsulated
into some other protocol, e.g. A-bis/RSL.
Let's return value 16, which is known from the specs.
This way we can also use this function for checking padding in
the Measurement Results IE, which uses 0x00 as padding pattern.
Drop the '_csn' part because it's not CSN.1 specific anymore.
When running the profiles dialog from the main status bar,
some objects appear to be not cleaned up properly with Qt 6.
This will circumvent this, by creating an object for the
dialog and cleaning it on closing.
Fixes#18525
The context menu falsely assigns the proxied index to the context menu
entries, therefore always selecting the wrong model index for the
resulting functions.
Fixes #18xxx
should be { 0x6, "NB 24.4 kbps" } instead of the current { 0x6, "Not used" }
According to Table A.3 of 3gpp TS 26445
Reported by Massimiliano Agnoletti
Close: #18550
Functions that copy into a fixed sized buffer, like
vnsprintf and g_strlcat can truncate UTF-8 strings in
the middle of a character. Check for that with vnsprintf,
and replace some g_strlcat calls in the column utils with
ws_label_strcpy.
Fix#18554
Instead of formatting into a fixed-length buffer a string that's empty
if the timezone name is not to be shown and is a space followed by the
timezone name if it is to be shown, just pass to snprint_abs_time_secs()
both a separator string and a timezone name string, with both being
empty strings if the timezone name is not to be shown, and with the
first being " " and the second being the timezone name if the timezone
name is to be shown, with the separator printed before the timezone
name.
That way, we don't have to worry about how big the buffer needs to be.
Qt5's QFont::fromString() isn't compatible with Qt6's QFont::toString().
If we were built with Qt5, don't try to process a font preference that
was created by Qt6.
Fixes#18553
1) In English-language menus, menu item text should use title case, with
most words capitalized. (I leave it to the Transifexors to capitalize
appropriately for other languages.)
2) Menu items that pop up dialogs should have "..." at the end of the
text.
The minimum and maximum length arguments to
dissect_per_constrained_set_of() are currently both ints.
According to O-RAN.WG3.E2AP-v02.03, section 9.3.7 "Constant
definitions", maxofRICrequestID is 1024, not 2^32-1; however, we were
specifying it as 2^32-1 (4294967295).
2^32-1 won't fit into an int, and Apple clang version 14.0.0
(clang-1400.0.29.102) warns about that:
./asn1/e2ap/e2ap.cnf:647:54: error: implicit conversion from 'long' to 'int' changes value from 4294967295 to -1 [-Werror,-Wconstant-conversion]
1, maxofRICrequestID, FALSE);
^~~~~~~~~~~~~~~~~
./asn1/e2ap/packet-e2ap-val.h:7:40: note: expanded from macro 'maxofRICrequestID'
#define maxofRICrequestID 4294967295
^~~~~~~~~~
The handling of MIN and MAX should be done with separate "minimum is
MIN" and "maximum is MAX" flags, and we might want either to have
asn2wrs.py reject attempts to have constraints with integer minimum and
maximum values outside the range [-2^31, 2^31-1], make the types for
sizes unsigned, or allow 64-bit constraints (and still limit the
constraint values, so we don't have to dive down a bignum rathole).
But, for now, we just change maxofRICrequestID to match what the 2022-10
version of the spec, 2.03, appears to say.
(I can't find the 2.01 version online, so I don't know whether it was
1024 in 2.01, or if it was changed in 2.02 or 2.03.)
Unless there is no available space, ensure that the label_str
passed into ws_label_strcpy is null terminated, in the cases
where the string to copy is the empty string, or begins with
invalid UTF-8.
Fix#18560. Fix#18551.
The ftype itself is encoding agnostic. In the case of literal
display filter strings it is possible and legal to contain
invalid UTF-8.
Maybe it shouldn't be but that requires a user-friendly diagnostic
message, not silently sanitizing the string as is done currently
(only a debug message is printed in that case).
Do the debug checks in proto_tree_set_string() instead. That
still detects dissector code that might need fixing, which was
the purpose for this check.
Improve documentation and add admonition for proto_tree_add_string().
Ping #18521.
Format the input for display, by escaping some non printable characters,
using ws_label_strcpy().
In some cases with vsnprintf() this requires using a temporary buffer.
Add some debug checks for invalid UTF-8 errors.
The intention here is to pass dissection data directly to the column
API, and the column functions are responsible for formatting that
data for display. This avoids having to call format_text() before
adding a string to a column and separates the concerns better.
Display formatting is an UI concern.
Fix some unnecessary string truncations that look bogus to me.
Forcing a given UTF-8 byte length for no reason will in most cases
produce encoding errors.
Fixes#18548.
Our RPM spec runs `cmake --build ... -j1` on Fedora and Rocky. Set
RPM_BUILD_NCPUS, which increases the `-j` value so that ninja can make
full use of the system.
[skip ci]
Appending to a string using snprintf inside a loop can be problematic
because you have to ensure that your start offset stays within the
bounds of your buffer and that your size (which is unsigned) doesn't
overflow. Switch to a wmem_strbuf.
Fixes#18527
The deprecated Host Name Address Parameter, RFC 9260 3.3.2.1.4:
"At least one null terminator is included in the Host Name string
and MUST be included in the length."
That makes it a string which is both counted and null-terminated,
which is a FT_STRINGZ. Return the string as obtained rather than
formatting it a second time. Don't pass in a width as a format specifier,
because the length of the UTF-8 string is not necessarily the length
in octets, if replacement characters or escaping was used.
Fix#18534.
Both specifications say: "The FQDN field encoding shall be identical
to the encoding of a FQDN within a DNS message of section 3.1 of IETF
RFC 1035 [31] but excluding the trailing zero byte."
Since it's only one name, that probably means that compression is
impossible, and indeed the dissectors already check and assume that
if the first byte is in the letter range, that it's probably incorrectly
directly encoded as a dotted string instead of DNS-style.
Since compression isn't supported, use ENC_APN_STR to avoid generating
bogus UTF-8 in packets with errors.
Fix#18531
Reduce the amount of platform specific Wireshark code by using
GIOChannel watch, i.e. do not use UNIX specific GLib functionality and
do not peek into pipe every 100 ms on Windows.
WOW has several 4 octet ASCII strings in reverse order. g_strreverse
does not work on UTF-8 multibyte characters, such as REPLACEMENT
CHARACTER when there are errors. Reverse the string buffer before
converting from ASCII.
Fix#18529
Addresses clang-analyzer warning:
"packet-couchbase.c:2636:7: warning: Value stored to 'offset' is never read"
Change-Id: Ib91fbd64e08f65cbe83887ebdf5b6ae545672bc5
The RPM packages use a versioned build directory, which creates problems
for ccache. The APT packages simply take a long time to build. Switch
both to a twice-daily schedule so that we don't set fire to CI minutes
in parallel with every merge.
Back out a recent CMake change since it's no longer needed.
For EMI and UCP, the encoding for alphanumeric messages, as
specified in ETS 300 133-3 as well as the EMI extension
specification, is rather unique: GSM 7-bit alphabet characters
are each translated (thus unpacked) to two hex byte IRA characters
(same as ASCII over the 0-9 A-F range), with '/' used as an
end of string indicator.
Translate the hex bytestring to bytes, and then convert the bytes
using the unpacked GSM 7-bit alphabet instead of treating them
as ASCII or UTF-8. Check for invalid bytes which are not ASCII hex
and replace them in the final returned string with the UTF-8
replacement character. Fix#18518 better.
This commit adds support for requests of:
* RangeScan create (with a JSON value)
* RangeScan continue (with binary extras)
* RangeScan cancel (with binary extras)
And support for the RangeScan create response 128-bit uuid
949615071b/docs/range_scans
Change-Id: Iea7a0bcaea82a22dd938247c71afc57b4a0869cf
The C language does not guarantee that "char" is signed or unsigned; it
just states that it's "implementation-dependent".
At least some C compilers for some architectures make it unsigned, so
you need "signed char" to get a signed value. In particular, it's
unsigned for most ARM compilers (compilers for Darwin-based OSes such as
macOS make it signed on all platforms, including ARM), which causes a
warning about "ba[i] < '\0'" always being false.
The purpose of that test is to check for octets that correspond neither
to ASCII printable characters nor ASCII control characters; just test
with !g_ascii_isprint(ba[i]) && !g_ascii_iscntrl(ba[i]). (Those are
macros, so it's not as if that adds any subroutine call overhead.)
Add some comments to explain what's being done in
ShowPacketBytesDialog::symbolizeBuffer() while we're at it. (Not one of
the better uses of C++ polymorphism, giving "replace the octet at this
location with this sequence of octets" and "replace all octets equal to
this value with this sequence of octets" the same name, even though what
they do differs significantly. I would have called one replace_at and
the other replace_all or something such as that, but the Qt developers
didn't ask me....)
Add an RPMBUILD_EXTRA_ARGS variable to CMakeLists.txt and use it in
GitLab CI to define __cmake_builddir. This should let ccache work with
our RPM builds.
hex_str_to_bytes_encoding() consumes pairs of hex digits (and
optional separator) to turn into bytes. It can return a pointer
to the character after the last digit consumed. Don't advance
the end pointer after a single unpaired digit that is not consumed
as part of the hex string returned.
tvb_get_string_bytes() can pass back the end offset. If conversion
fails, return the initial offset instead of zero to make repeated
calls easier in cases where the full length is not decoded due to
errors.
Relatedly, no dissector currently uses this return value, because
it's not useful currently.
GitLab CI builds RPMs in a different directory for each pipeline
($CI_PROJECT_DIR/build/packaging/rpm/BUILD/wireshark-<version>), so set
base_dir to the build directory and enable absolute_paths_in_stderr.
Fix our cache directory max sizes as well.
The proto.h APIs expect valid UTF-8 so replace uses of format_text()
with a label copy function that just does formatting and does not
check for encoding errors. Avoid multiple levels of temporary
string allocations.
Make sure the copy does not truncate a multibyte character and
produce invalid strings. Add debug checks for UTF-8 encoding errors
instead.
We escape C0 and C1 control codes (because control codes)
and ASCII whitespace (and bell).
Overall the goal is to be more efficient and optimized and help
detect misuse of APIs by passing invalid UTF-8.
Add a unit test for ws_label_strcat.
Use the setup_frame_number to look for and create conversations
with srtcp_add_address, the same way as done in srtp_add_address.
This ensures that RTP and RTCP find the same conversation when
called back to back (as when handling them multiplexed on the
same conversation.
Related to #18460.
As far as I can tell, get_unicode_or_ascii_string() always
nul-terminates string (as it should), so remove g_strlcpy()
copy that can truncate string and produce invalid UTF-8.
This avoids having general-purpose decoding happening in
non-DLL-exported functions defined in a dissector for #18478,
and removes unused functions and avoids duplicate decoding.
This also removes unnecessary early exit conditions for #18145.
Unit test cases for varint decoding are added to verify this.
If a character is not a valid Unicode codepoint, i.e. one of
the code points reserved for surrogate pairs or a code point
above 0x10FFFF, don't add it to a wmem_strbuf when converting
from other encodings but add a replacement character instead, by
using a new wmem_strbuf_append_unichar_validated() function.
Now we produce valid UTF-8 in various situations where UCS-2 or UTF-32
can encode unpaired surrogate codepoints. Consolidate some related
checks that are now redundant.
Also add a replacement character to the end of invalid UCS-2 strings
with an odd number of bytes, as done with UTF-16 and UTF-32.
Fix#18508
QFontMetrics::leading() was zero for Consolas on Windows in Qt5, but is
nonzero in Qt6. This revealed that we were inconsistently using height()
and leading() to calculate our line height. Just use lineSpacing()
instead.
Fixes#18438.
Rename tvb_get_nstringz0() to tvb_get_raw_bytes_as_stringz()
to reflect the fact that this function does not return
a string (UTF-8 internal text string).
Remove tvb_get_stringz() because it is unused and just seems
dangerous.
In PacketCable MTA capabilities, the length of the capability
is store as hex digits in ASCII. If bogus, the incorrect value
is added as an expert info. Ensure that it's formatted as UTF-8
and for display when added to the tree.
Fix#18437
3GPP came up with a special encoding of TDMA frame number, which reduces
the amount of bits needed to carry it from 32 to 16. This encoding is
not only employed on the radio interface (GSM RR), but also on the
A-bis/RSL interface which is used between BTS and BSC nodes.
From the user perspective, parsed RFN value is a lot more meaningful
than the T1/T2/T3 variables used on the wire. The GSM RR dissector
does show parsed RFN value together with these variables, while the RSL
dissector does not. Let's show it in the RSL dissector too.
In SMB2, the length of the buffer than contained a UTF-16
unicode string is not necessarily the length of the converted
UTF-8 string, and in some cases can even be shorter than the
length of the UTF-8 string, if the string has many 2 octet
UTF-16 characters that are 3 or 4 octets in UTF-8.
Use wmem_strdup and wmem_strdup_printf instead of wmem_alloc
and sprintf, which is a safer pattern anyway as it reduces
the chance of these errors.
Fix#18482
Harald Welte
Peter Dobransky
Pau Espin
Vadim Yanitskiy