Age | Commit message (Collapse) | Author | Files | Lines |
|
Altitude dissector added
|
|
|
|
|
|
|
|
The uplink and downlink bit rate items, and the maximum SDU size,
are contained in a single octet but added to the tree using
proto_tree_add_uint_format[_value] after multiplying by various factors,
so the values don't actually fit in a FT_UINT8. The fields need
to be large enough to fit the largest value added after transformation.
The filter engine won't allow filters for values outside the field
range, e.g.
$ ./run/dftest -s 'gtp.qos_max_sdu_size == 1500'
Filter:
gtp.qos_max_sdu_size == 1500
Error: "1500" too big for this field, maximum 255.
gtp.qos_max_sdu_size == 1500
^~~~
After:
$ ./run/dftest -s 'gtp.qos_max_sdu_size == 1500'
Filter:
gtp.qos_max_sdu_size == 1500
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(gtp.qos_max_sdu_size <FT_UINT16>)
1 FVALUE(1500 <FT_UINT16>)
Instructions:
0000 READ_TREE gtp.qos_max_sdu_size -> R0
0001 IF_FALSE_GOTO 3
0002 ANY_EQ R0 == 1500
0003 RETURN
|
|
|
|
The code is written by Andrew Engelbrecht and found here:
https://github.com/LuaJIT/LuaJIT/issues/384
|
|
|
|
Add NOLINTNEXTLINE suppressions for some existing recursion checks.
|
|
|
|
Allow matching against 64-bit extended value strings the same
way as other value strings.
The IAX2 sample capture on the Wiki is a good test of this. Previously
the matches operator would never match, and comparison operators we not
allowed.
Before:
$ ./run/dftest -s 'iax2.voice.codec == "GSM compression"'
Filter:
iax2.voice.codec == "GSM compression"
Error: "GSM compression" cannot be found among the possible values for iax2.voice.codec.
iax2.voice.codec == "GSM compression"
^~~~~~~~~~~~~~~~~
After:
$ ./run/dftest -s 'iax2.voice.codec == "GSM compression"'
Filter:
iax2.voice.codec == "GSM compression"
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(iax2.voice.codec <FT_UINT64>)
1 FVALUE(2 <FT_UINT64>)
Instructions:
0000 READ_TREE iax2.voice.codec -> R0
0001 IF_FALSE_GOTO 3
0002 ANY_EQ R0 == 2
0003 RETURN
|
|
Added dissection for FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT Request
Add FileFullEaInformation flags
Update SMB2 lock response field unknown to reserved.
Update flush request/response reserved fields.
|
|
Rework the changes from 428f2228533351baf6509b8fc50a075cdbc136b0
a little bit to restore the ability to start a capture from
the extcap options dialog.
When the the dialog is opened for configuration, present both the
Save and the Start button. Continue to only have Start when the
dialog was spawned because the user wanted to start a capture
but a mandatory parameter was not configured.
Use the default QDialogButtonBox "Discard/Close without Saving"
button when closing the dialog without saving the user input
for new preferences.
Fix #19199
|
|
Reduce false positives of the CLTP on UDP dissector (RFC 1240)
by looking at the parameters as well and also ruling out length
indicator zero.
See https://ask.wireshark.org/question/31455/i-see-a-malformed-packet-in-wireshark-from-a-google-ip-address-on-port-2400-using-r-goose-protocol-what-could-this-be/
RFC 1240 was rendered Historic by RFC 2556, which noted that
"at this time there do not seem to be any implementations" and
recommended TPKT (ISO on TCP) instead.
However, R-GOOSE does use RFC 1240. In practice, it seems like
R-GOOSE uses the IANA registered port for ISO-TSAP, 102, just like
TPKT does on TCP. Perhaps we should register the dissector to that
port instead of a heuristic dissector if someone can confirm that.
Move the dissector from goose to ositp. This doesn't cause any
preference issues because heuristic dissectors are saved in the
preference file by name and the name won't change.
|
|
The documentation, both man page and help, claims that text2pcap
automatically sets the encapsulation to WIRESHARK_UPPER_PDU if
-P is given. Make the behavior match the documentation.
|
|
The TPNCP dissector depends upon a resource file, tpncp.dat, being loaded
during initialization. If a non-default tpncp.dat was used, the TPNCP
dissector could potentially perform some operations beyond the bounds of a
fixed-size array while loading tpncp.dat.
If a non-default tpncp.dat was used and an attempt was made to dissect
malformed TPNCP traffic, the TPNCP dissector could potentially perform a read
beyond the end of an array.
This change adds explicit bounds-checks to eliminate these possible OOB
accesses.
There is zero chance of this being triggered in a default unmodified
installation of Wireshark: Loading of the tpncp.dat file is conditional on a
preference setting which defaults to FALSE, and even if it is configured to
TRUE, the included tpncp.dat does not trigger either of these OOB operations.
It still seems worthwhile to make the parser and dissector generally more
robust.
|
|
|
|
Fix
```
wireshark/epan/dissectors/file-rbm.c:196:13: warning: function 'dissect_rbm_array' is within a recursive call chain [misc-no-recursion]
196 | static void dissect_rbm_array(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:410:13: note: example recursive call chain, starting from function 'dissect_rbm_object'
410 | static void dissect_rbm_object(tvbuff_t* tvb, packet_info* pinfo, proto_tree* ptree, guint* offset, gchar** type, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:439:4: note: Frame #1: function 'dissect_rbm_object' calls function 'dissect_rbm_string' here:
439 | dissect_rbm_string(tvb, pinfo, tree, offset, &value_local);
| ^
wireshark/epan/dissectors/file-rbm.c:325:2: note: Frame #2: function 'dissect_rbm_string' calls function 'dissect_rbm_object' here:
325 | dissect_rbm_object(tvb, pinfo, tree, offset, NULL, NULL);
| ^
wireshark/epan/dissectors/file-rbm.c:325:2: note: ... which was the starting point of the recursive call chain; there may be other cycles
wireshark/epan/dissectors/file-rbm.c:222:13: warning: function 'dissect_rbm_hash' is within a recursive call chain [misc-no-recursion]
222 | static void dissect_rbm_hash(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:321:13: warning: function 'dissect_rbm_string' is within a recursive call chain [misc-no-recursion]
321 | static void dissect_rbm_string(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:329:13: warning: function 'dissect_rbm_regex' is within a recursive call chain [misc-no-recursion]
329 | static void dissect_rbm_regex(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:344:13: warning: function 'dissect_rbm_userclass' is within a recursive call chain [misc-no-recursion]
344 | static void dissect_rbm_userclass(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:355:13: warning: function 'dissect_rbm_variable' is within a recursive call chain [misc-no-recursion]
355 | static void dissect_rbm_variable(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:368:13: warning: function 'dissect_rbm_struct' is within a recursive call chain [misc-no-recursion]
368 | static void dissect_rbm_struct(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:374:13: warning: function 'dissect_rbm_drb' is within a recursive call chain [misc-no-recursion]
374 | static void dissect_rbm_drb(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:383:13: warning: function 'dissect_rbm_rubyobject' is within a recursive call chain [misc-no-recursion]
383 | static void dissect_rbm_rubyobject(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:400:13: warning: function 'dissect_rbm_extended' is within a recursive call chain [misc-no-recursion]
400 | static void dissect_rbm_extended(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:410:13: warning: function 'dissect_rbm_object' is within a recursive call chain [misc-no-recursion]
410 | static void dissect_rbm_object(tvbuff_t* tvb, packet_info* pinfo, proto_tree* ptree, guint* offset, gchar** type, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:535:6: warning: function 'dissect_rbm_inline' is within a recursive call chain [misc-no-recursion]
535 | void dissect_rbm_inline(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** type, gchar** value)
| ^
```
|
|
|
|
Fix
```
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: warning: function 'process_tiff_ifd_chain' is within a recursive call chain [misc-no-recursion]
773 | process_tiff_ifd_chain(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: note: example recursive call chain, starting from function 'process_tiff_ifd_chain'
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: Frame #1: function 'process_tiff_ifd_chain' calls function 'process_tiff_ifd_chain' here:
896 | process_tiff_ifd_chain(tree, tvb, pinfo, encoding,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: ... which was the starting point of the recursive call chain; there may be other cycles
```
|
|
- Move all basic dissect_thrift_t_<type> implementations into
dissect_thrift_raw_<type> that takes an additional dissector_t
parameter.
- All dissect_thrift_t_<type> just calls dissect_thrift_raw_<type>
with a NULL raw dissector.
- When the dissector_t parameter is set, create a sub-tvbuff_t pointing
to the raw content of the simple type (integral or binary).
- There are 2 specific cases within the TCompactProtocol part:
1. For booleans, the sub-dissector is responsible for using only the
least significant bit as the boolean value. The most obvious use
of the boolean raw sub-dissector is the use of a true_false_string.
2. For varint, we manufacture a tvbuff_t containing the big-endian
value of the right size to be the same as TBinaryProtocol.
- Allow the raw sub-dissector to push the responsibility back to the
generic dissector using thrift_opt_t.use_std_dissector = TRUE.
A common use case for that is a specific dissection for some values
only in a key/value map (configuration keys).
- Add a public dissect_thrift_t_raw_data() function that takes a type
for dispatch as well as the dissector_t.
|
|
Update the pinfo stats tree plugin and the F5 trailer for
the new stats tree path separator
Follow up to 53638f9ccfc9ce7e685532062c3b4068a759f7dd
|
|
|
|
|
|
Fix
```
wireshark/epan/dissectors/file-blf.c:498:1: warning: function 'dissect_blf_lobj' is within a recursive call chain [misc-no-recursion]
498 | dissect_blf_lobj(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, gint offset_orig) {
| ^
wireshark/epan/dissectors/file-blf.c:886:1: note: example recursive call chain, starting from function 'dissect_blf_next_object'
886 | dissect_blf_next_object(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
| ^
wireshark/epan/dissectors/file-blf.c:893:32: note: Frame #1: function 'dissect_blf_next_object' calls function 'dissect_blf_lobj' here:
893 | int bytes_parsed = dissect_blf_lobj(tvb, pinfo, tree, offset);
| ^
wireshark/epan/dissectors/file-blf.c:580:27: note: Frame #2: function 'dissect_blf_lobj' calls function 'dissect_blf_next_object' here:
580 | tmp = dissect_blf_next_object(sub_tvb, pinfo, subtree, offset_sub);
| ^
wireshark/epan/dissectors/file-blf.c:580:27: note: ... which was the starting point of the recursive call chain; there may be other cycles
wireshark/epan/dissectors/file-blf.c:886:1: warning: function 'dissect_blf_next_object' is within a recursive call chain [misc-no-recursion]
886 | dissect_blf_next_object(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset) {
| ^
```
|
|
Use directory-level suppressions where needed.
|
|
|
|
These match the names used for the filters, which are otherwise non-obvious.
|
|
Fix
```
wireshark/epan/dissectors/packet-isis-lsp.c:3431:1: warning: function 'dissect_sub_clv_tlv_22_22_23_141_222_223' is within a recursive call chain [misc-no-recursion]
3431 | dissect_sub_clv_tlv_22_22_23_141_222_223(tvbuff_t *tvb, packet_info* pinfo, proto_tree *tree,
| ^
wireshark/epan/dissectors/packet-isis-lsp.c:3431:1: note: example recursive call chain, starting from function 'dissect_sub_clv_tlv_22_22_23_141_222_223'
wireshark/epan/dissectors/packet-isis-lsp.c:3541:21: note: Frame #1: function 'dissect_sub_clv_tlv_22_22_23_141_222_223' calls function 'dissect_sub_clv_tlv_22_22_23_141_222_223' here:
3541 | dissect_sub_clv_tlv_22_22_23_141_222_223(tvb, pinfo, subtree, local_offset, local_len);
| ^
wireshark/epan/dissectors/packet-isis-lsp.c:3541:21: note: ... which was the starting point of the recursive call chain; there may be other cycles
```
Add Clang-Tidy suppressions as well.
|
|
Add Clang-Tidy suppressions as well.
|
|
Add Clang-Tidy suppressions as well.
|
|
|
|
If writing a separate extcap preferences file fails, always write the
main preference file.
If there's a directory of the same name as a module, silently ignore it.
Followup to !14436
|
|
If someone manually puts a directory, or a FIFO, or something
else (block device?) in a configuration directory with the same
name as a preference file, don't try to copy it and just silently
ignore it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add an initial Clang-Tidy configuration file which checks for recursion
and various clang analyzer issues.
Run Clang-Tidy in the "Clang + Code Checks" merge request job.
Add NOLINT suppressions where needed in wsutil, epan, and lemon.
|
|
Continue to write the format-based hidden preference for now.
Read both preferences; if the index-based preference is read, use it.
If not, fall back to the format-based preference.
Followup to 41930060b04146198966e1b775c4527b70cab6f2
|
|
This commit brings the dissector up-to-date with couchbase/trinity.
Change-Id: I5efa4ada0d30b2f0196c39c3c8b4a4604e811804
|
|
|
|
|
|
We already do so for DL Data blocks, and it's useful as well for DL
Control blocks, in order to easily follow the communication between the
PCU and the scheduled TBF of each MS.
|
|
The matches operator implicitly converts non-stringlike fields
that have value strings to their value string value. (This is
not the same as the string representation of the number, which
applying the string function first would do, but it usually less
useful and worse performance than using numeric comparisons.)
However, FT_FRAMENUM fields have a hfinfo->strings but it is not
strings used for conversion, it is an overload with the special
ft_framenum_type_t, so don't convert.
This prevents a segmentation fault if expressions with
expressions like 'gtp.response_in ~ "test"'
|
|
In order to report non-matching field id, the sub-dissector requires the
proto_item element for the field id to be created, even if the tree is not.
|
|
Do not change the preference pointer inside the Extcap Options
Dialog. That changes the real preference value, which disturbs
the check inside prefs_store_ext_multiple that storeValues() calls
for whether a pref has changed or not. Since the prefs are already
changed to their new value, we won't realize that we need to write
out a new preference file.
The other changes in #18487 are sufficent to fix the problem
identified there (though it's a bit unclear what "required" means
in combination with a default, and whether we have to send the
default value for the required parameter or can omit it.)
If the button says "Save", then save the preferences regardless
of what the "extcap Save on Start" preference says.
Fix #19639. Related to #18487
|
|
|