aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-10-20gtpv2: Update to 3GPP TS 29.274 V17.3.0HEADmasterJoakim Karlsson4-185/+274
2021-10-20Fix some spelling errorsMartin Mathieson5-4/+26
2021-10-20RTP Analysis: Fix of mean_jitter calculationJirka Novak1-2/+2
Calculation used current_diff in place current_jitter in mean_jitter calculation so it produced incorrect results. This patch fixes it. Closes #17600.
2021-10-20Added Allied Telesis Loop Detection FramesMartin Mayer5-1/+176
2021-10-20EVS: Support decoding Primary 2.8 kbps packetsNan Xiao1-1/+33
2021-10-20EVS: Fix bug in decoding SID frame CNG typeNan Xiao1-1/+1
In 3GPP 26.449 Codec for Enhanced Voice Services (EVS); Comfort Noise Generation (CNG) aspects, Computational details and bit allocation: For the EVS primary modes, the SID payload consists of 48 bits. The first bit of the payload determines the CNG scheme, where 0 stands for the LP-CNG and 1 for the FD-CNG.
2021-10-19Docs: Move includes to the top of our man pages.Gerald Combs26-26/+26
Move our attributes.adoc includes to the very top of each man page. Older versions of Asciidoctor complain if it's not at the top. and additionally generate <file>.man instead of <file>.<section> if we don't explictly supply an output file.
2021-10-19CMake+Docs: Generate man pages all at once.Gerald Combs3-54/+96
Asciidoctor lets us generate multiple documents at once, so do so for our man pages. If we're using AsciidoctorJ this minimizes the number of JVM instances we have to spin up. This reduces the build time on my Windows VM here quite a bit, and will hopefully do so on the CI builders. Add a .editorconfig file in cmake/modules.
2021-10-19wslua: Initialize Proto members on creationStig Bjørlykke1-3/+3
Set all pointers in Proto to NULL and check for valid pointers when wslua_deregister_protocols(). Fixes #17668
2021-10-19QUIC: fix compilation on RaspberryNardi Ivan5-23/+27
2021-10-19RTPS: ixed dissection of unions in user data.ismaelrti1-33/+25
Removed the type_id check when dissecting user data. That check avoids dissection in valid cases.
2021-10-19TCPCL: Reassemble with full 64-bit transfer IDBrian Sipos1-40/+92
2021-10-19MeshConnex (MCX): MCX packet decode logicSangeetha Jain2-0/+160
Dissect MCX IE present in 802.11 packets like Beacon, Assoc Req, Assoc Res ...
2021-10-19BT-uTP: Hand to bittorrent dissector, dissect multiple PDUsJohn Thacker3-17/+552
Handle uTP payload to the bittorrent dissector. Implement dissect PDUs to handle more than one bittorrent PDU in a uTP payload. Implement basic multisegment PDU tracking; not enough to actually desegment, but enough to provide a hint to the start offset of the next PDU when a PDU does span segments. (Provided that they're in order, but OOO handling isn't implemented yet either.) Improves #8792.
2021-10-19EVS: Fix CNG schema for SID payloadNan Xiao1-2/+2
In 3GPP 26.449 Codec for Enhanced Voice Services (EVS); Comfort Noise Generation (CNG) aspects, Computational details and bit allocation: For the EVS primary modes, the SID payload consists of 48 bits. The first bit of the payload determines the CNG scheme, where 0 stands for the LP-CNG and 1 for the FD-CNG.
2021-10-19SOME/IP: WTLV type 5 complains about 6 bit length field (BUGFIX)Dr. Lars Völker1-1/+1
Closes #17666
2021-10-19CSN.1: Fix definition for DownlinkDualCarrierCapability_r7_t in MS RA capPau Espin Pedrol1-2/+2
Related spec: 3GPP TS 24.008 Table 10.5.146
2021-10-19BSSMAP LE: fix dissection of APDU in 2 messagesPascal Quantin1-2/+2
The APDU information element in Perform Location Request and Perform Location Information messages is optional and not mandatory, as seen in 3GPP 49.031. This commit fixes a regression introduced in ga6ed603f5c. Closes #17667
2021-10-19dftest: update man page and README.display_filterChuck Craft2-56/+81
2021-10-19Bluetooth: Update Assigned NumbersJakub Pawlowski1-0/+131
Updated UUIDs to match new version from 1st October 2021 Change-Id: Ifab0296389fe3815f7ce9b15de841e8675faba32
2021-10-19socketcan: use ett_can_fd for CAN FD.Guy Harris1-1/+1
2021-10-19CMake+Docs: Try to build our man pages in parallel.Gerald Combs1-2/+15
Make sure man pages are included in the default build. Have the docs and copy_data_files targets explicitly depend on the man page generator targets.
2021-10-18Add a comment to explain a cast done in file_fdopen().Guy Harris1-0/+18
2021-10-18wiretap: fix a warning on Raspberry 4Nardi Ivan1-1/+1
/home/pi/wireshark/wiretap/file_wrappers.c: In function ‘file_fdopen’: /home/pi/wireshark/wiretap/file_wrappers.c:1136:27: error: comparison of integer expressions of different signedness: ‘__blksize_t’ {aka ‘long int’} and ‘unsigned int’ [-Werror=sign-compare] if (st.st_blksize <= MAX_READ_BUF_SIZE) ^~ cc1: all warnings being treated as errors
2021-10-18IDMP: Initialize some variables.Gerald Combs2-2/+11
Try to make sure protocolID and saved_protocolID are initialized before we use them. Another attempt at fixing #16342, #17664, and related bugs.
2021-10-18Increase PROTO_PRE_ALLOC_HF_FIELDS_MEMJakub Pawlowski1-1/+1
This fixes suite_unittests failures when adding new Bluetooth UUID related contsants
2021-10-18Revert "GitLab CI: Switch to clang 13."Gerald Combs1-1/+1
This reverts commit 0aae44e145e90647338c3f7130f241d7f11124b8. The fuzz builder has been running out of memory since the switch to Clang 13, so revert back to 12 for now.
2021-10-18BT SDP: Don't overrun our continuation state buffer.Gerald Combs1-1/+12
Fixes #17635.
2021-10-18dfilter: Fix memory leak in stnode_tostr()João Valverde1-4/+8
Fixes #17661.
2021-10-18dfilter: Add a thin encapsulation layer for REsJoão Valverde12-89/+106
2021-10-18dfilter: Improve error message for "matches"João Valverde4-8/+18
Should be more obvious that this error is caused by a string syntax error and not something else.
2021-10-18wsutil: install missing public header wsgcrypt.hBrian Sipos1-0/+1
2021-10-17dfilter: Require double-quoted strings with "matches"João Valverde8-117/+105
Matches is a special case that looks on the RHS and tries to convert every unparsed value to a string, regardless of the LHS type. This is not how types work in the display filter. Require double-quotes to avoid ambiguity, because matches doesn't follow normal Wireshark display filter type rules. It doesn't need nor benefit from the flexibility provided by unparsed strings in the syntax. For matches the RHS is always a literal strings except if the RHS is also a field name, then it complains of an incompatible type. This is confusing. No type can be compatible because no type rules are ever considered. Every unparsed value is a text string except if it happens to coincide with a field name it also requires double-quoting or it throws a syntax error, just to be difficult. We could remove this odd quirk but requiring double-quotes for regular expressions is a better, more elegant fix. Before: Filter: tcp matches "udp" Constants: 00000 PUT_PCRE udp -> reg#1 Instructions: 00000 READ_TREE tcp -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_MATCHES reg#0 matches reg#1 00003 RETURN Filter: tcp matches udp Constants: 00000 PUT_PCRE udp -> reg#1 Instructions: 00000 READ_TREE tcp -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_MATCHES reg#0 matches reg#1 00003 RETURN Filter: tcp matches udp.srcport dftest: tcp and udp.srcport are not of compatible types. Filter: tcp matches udp.srcportt Constants: 00000 PUT_PCRE udp.srcportt -> reg#1 Instructions: 00000 READ_TREE tcp -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_MATCHES reg#0 matches reg#1 00003 RETURN After: Filter: tcp matches "udp" Constants: 00000 PUT_PCRE udp -> reg#1 Instructions: 00000 READ_TREE tcp -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_MATCHES reg#0 matches reg#1 00003 RETURN Filter: tcp matches udp dftest: "udp" was unexpected in this context. Filter: tcp matches udp.srcport dftest: "udp.srcport" was unexpected in this context. Filter: tcp matches udp.srcportt dftest: "udp.srcportt" was unexpected in this context. The error message could still be improved.
2021-10-17dfilter: Do not chain matches expressionsJoão Valverde1-7/+11
It is always an error to chain regexes using the logic for "le" and "eq". var matches "regex1" matches "regex2" => var matches "regex1" and "regex1" matches "regex2" Before: Filter: tcp matches "abc$" matches "^cde" dftest: Neither "abc$" nor "^cde" are field or protocol names. Filter: "abc$" matches tcp matches "^cde" dftest: Neither "abc$" nor "tcp" are field or protocol names. After: Filter: tcp matches "abc$" matches "^cde" dftest: "matches" was unexpected in this context. Filter: "abc$" matches tcp matches "^cde" dftest: "matches" was unexpected in this context.
2021-10-17btsmp: Fix endianess of debug public keyMatias Karhumaa1-8/+10
Bluetooth LE SMP protocol uses Little-endian byte order. Convert Bluetooth LE Secure Connections debug public key to Little-endian byte order to fix the problem that dissector did not properly identify debug keys when they were used during the pairing.
2021-10-17TCPCLv4: Update TCPCL dissector to include version 4 from dtn-wiresharkBrian Sipos10-878/+2419
Some enhancements and visual fixes to version 3 dissector are also included.
2021-10-17[Automatic update for 2021-10-17]Gerald Combs18-69/+177
Update manuf, services enterprise numbers, translations, and other items.
2021-10-16bencode: remove pointless recursionJohn Thacker1-3/+1
This statement is at the top of the function, calls itself recursively without changing any state, reaches the max recursion level, and then travels back up the stack adding expert infos and returning -1, and then at the end always causes a variable to be set to a known value. Remove all that, and just set the variable to the value it's going to have anyway. This speeds things up a lot and prevents adding dozens of expert infos to dictionaries without otherwise changing the behavior, which does seem to work.
2021-10-16dfilter: Update semcheck comment to reflect latest commitsJohn Thacker1-9/+6
The handling of unparsed values was rationalized by commits c484ad0e5c6cadcda02a7079aa53b76be418c391 and 144dc1e2eefbb3e19b78ccb4a8c2c57bba9c212b. Update this comment to reflect the new behavior.
2021-10-15dfilter: Forbid protocol filter names beginning with '-'João Valverde1-0/+6
Reducing the namespace for protocol names makes the display filter grammar simpler and less ambiguous and error prone. We can't easily impose stricter restrictions without breaking backward compatibility but names starting with '-' are a pathological case because of negative numbers and byte slices and in the unlikely event that any such names exist they should be fixed.
2021-10-15proto: use hash table to lookup reserved filter namesJoão Valverde1-22/+34
Should be faster.
2021-10-15tests: Accept a partial string in checkDFilterFail()João Valverde2-2/+2
2021-10-15tests: Fixup test namesJoão Valverde2-2/+2
2021-10-15Websocket frame reassembly supportMikael Kanstrup1-17/+152
Add support for websocket fragmented payload reassembly.
2021-10-15dfilter: Don't try to parse byte arrays as stringsJoão Valverde3-25/+13
It won't work with embedded null bytes so don't try. This is not an additional restriction, it just removes a hidden failure mode. To support matching embedded NUL bytes we would have to use an internal string representation other than null-terminated C strings (which doesn't seem very onerous with GString). Before: Filter: http.user_agent == 41:42:00:43 Constants: 00000 PUT_FVALUE "AB" <FT_STRING> -> reg#1 Instructions: 00000 READ_TREE http.user_agent -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN After: Filter: http.user_agent == 41:42:00:43 Constants: 00000 PUT_FVALUE "41:42:00:43" <FT_STRING> -> reg#1 Instructions: 00000 READ_TREE http.user_agent -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_EQ reg#0 == reg#1 00003 RETURN
2021-10-15dfilter: Use the same semantic rules for protocols and bytesJoão Valverde5-10/+33
FT_PROTOCOL and FT_BYTES are the same semantic type, but one is backed by a GByteArray and the other by a TVBuff. Use the same semantic rules to parse both. In particular unparsed strings are not converted to literal strings for protocols. Before: Filter: frame contains 0x0000 Constants: 00000 PUT_FVALUE 30:78:30:30:30:30 <FT_PROTOCOL> -> reg#1 Instructions: 00000 READ_TREE frame -> reg#0 00001 IF-FALSE-GOTO 3 00002 ANY_CONTAINS reg#0 contains reg#1 00003 RETURN Filter: frame[5:] contains 0x0000 dftest: "0x0000" is not a valid byte string. After: Filter: frame contains 0x0000 dftest: "0x0000" is not a valid byte string. Filter: frame[5:] contains 0x0000 dftest: "0x0000" is not a valid byte string. Related to #17634.
2021-10-15Fix build with WS_DISABLE_DEBUGJoão Valverde2-15/+2
2021-10-15jpeg: add support for dissecting inline IFD valuesРоман Донченко1-12/+112
In many cases, the "value offset" is actually the value itself. Handle those cases correctly.
2021-10-15cli: stats_tree: Make syntax consistent with other -z optionsJohn Thacker1-2/+8
The statistics that use the stats_tree API parse the -z option without expecting a comma separator between the statistics name and the filter. This is contrary to both the man pages and how all the other options work. Fix that so it's consistent. Fix #17656
2021-10-14socketcan: support the CANFD_FDF flag for identifying CAN FD frames.Guy Harris2-85/+105
The Linux SocketCAN header now uses the formerly-reserved byte in the SocketCAN header after the "payload length" field as an "FD flags" field, with a flag bit reserved to indicate whether the frame is a classic CAN frame or a CAN FD frame, with two other bits giving frame information for FD frames. For LINKTYPE_CAN_SOCKETCAN, use that flag bit to determine whether the frame is classic CAN or CAN FD. As some older LINKTYPE_CAN_SOCKETCAN captures have SocketCAN headers in which the fields after the "payload length" field were uninitialized, so trust that thge "FD flags" was filled in, rather than possibly randomly uninitialized, only if the only bits set in that field are the bits defined to be in that field and the two reserved bytes after it are zero. This will be needed when the current main-branch libpcap is released, as it uses LINKTYPE_CAN_SOCKETCAN rather than LINKTYPE_LINUX_SLL for ARPHRD_CAN devices; we add it now to future-proof the Wireshark releases to which this is being committed. It also handles what existing CAN FD captures using LINKTYPE_CAN_SOCKETCAN exist. For LINKTYPE_LINUX_SLL frames, we have the protocol field to distinguish between classic CAN and CAN FD, so we use that to determine the frame type, rather than looking at the CANFD_FDF flag. dissect_socketcan_common() now handles both classic CAN and CAN FD frames.