Age | Commit message (Collapse) | Author | Files | Lines |
|
As requested [here][1] by @eapache, help with removing calls to
`wmem_packet_scope()` in favour of references to `pinfo->pool`.
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, use that.
* Remove `_U_` from its signature if it was there.
* If a function seems narrowly focused on getting and (possibly)
returning memory, change the function signature to take a
`wmem_allocator_t *`.
* If it seems more focused on packet-based operations, pass in a
`packet_info *` instead and use `pinfo->pool` within.
* If there are several functions defined with the same call
signature, add `pinfo _U_` to the argument list of similar
functions in order to maintain clarity/symmetry.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
|
|
|
|
Use BASE_CUSTOM and custom formatting functions for formatting
DHCP options that are time fields, instead of
proto_tree_add_uint_format_value(). This makes the formatted form
show up in columns.
Fix #18743
|
|
|
|
In PacketCable MTA capabilities, the length of the capability
is store as hex digits in ASCII. If bogus, the incorrect value
is added as an expert info. Ensure that it's formatted as UTF-8
and for display when added to the tree.
Fix #18437
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
CID: 52571445-27
|
|
Add log-specific statistics groups, and use them to limit the dynamic
menu items in Wireshark and Logwolf.
|
|
Do not require a useless ENC_NA parameter for string encodings.
FT_STRING and FT_STRINGZ types don't have any ndianness.
Follow-up to 6ec429622c9258eefd388caf21ce92ab5b9f54b4.
|
|
|
|
Use macros from inttypes.h.
|
|
|
|
Add parsing of DHCPv4 option 82.9.4491.2..7
- DPoE System Version (2)
- DPoE System DHCPv4 PBB Service (4)
- CMTS CM Service Class (5)
- CMTS MSO Defined Text (6)
- Secure File Transfer URI (7)
Add parsing of DHCPv6 Relay Agent CMTS Capabilities Option 2
- DPoE System Version (2)
|
|
|
|
A few of them just needed scratch memory, so allocate and free it
manually after doing any exception-raising checks.
A few others were returning memory, and needed conversion to accept a
wmem scope argument.
|
|
If the init function is called and the statistics table already exists, it's
sufficient to clear the data that was collected when the tap parsed the
packets.
Fixes: f21f1c292a ("dhcp: create the statistics table only once")
|
|
Use the new stat_tap_find_table function during init to check if our
statistics table already exists.
|
|
For dhcp statistics, we only have a single table at index 0.
|
|
Add DHCP Option for Protocol for Carrying Authentication for
Network Access (PANA) Authentication Agent (RFC5192)
|
|
Add Ethertype for Cisco ACI ARP gleaning and dissect its payload
Improve some Cisco ACI vendor specific DHCP options
Update mcp after looking at knet_parser.py
Update lldp after looking at knet_parser.py
Also reorder some ETHERTYPEs by value
|
|
Switch from bugs.wireshark.org to the GitLab issues list.
|
|
|
|
now using code 114 (some conflict with code 160 and Polycom device)
|
|
Now easier to find errors due to script improvements and more complete
dictionary file.
|
|
A first batch of spelling errors, detected using a script that uses
pyspellcheck and a Wireshark-specific dictionary file.
|
|
Found using tools/check_tfs.py, included in this commit.
Here are the reports that were fixed here:
Examining:
All dissector modules
epan/dissectors/packet-assa_r3.c tfs_mortisepins_flags - could have used tfs_high_low from tfs.c instead: {High,Low}
epan/dissectors/packet-btle.c tfs_present_bit - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-dhcp.c tfs_fqdn_s - could have used tfs_server_client from tfs.c instead: {Server,Client}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_en_dis - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-docsis-macmgmt.c req_not_req_tfs - could have used tfs_requested_not_requested from tfs.c instead: {Requested,Not Requested}
epan/dissectors/packet-docsis-tlv.c on_off_tfs - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-tlv.c activation_tfs - could have used tfs_active_inactive from tfs.c instead: {Active,Inactive}
epan/dissectors/packet-docsis.c ena_dis_tfs - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-ecmp.c tfs_not_expected_expected - could have used tfs_odd_even from tfs.c instead: {Odd,Even}
epan/dissectors/packet-erf.c erf_link_status_tfs - could have used tfs_up_down from tfs.c instead: {Up,Down}
epan/dissectors/packet-h263.c on_off_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-h263.c cpm_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-interlink.c flags_set_notset - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-ip.c tos_set_low - could have used tfs_low_normal from tfs.c instead: {Low,Normal}
epan/dissectors/packet-ip.c tos_set_high - could have used tfs_high_normal from tfs.c instead: {High,Normal}
epan/dissectors/packet-isakmp.c flag_r - could have used tfs_response_request from tfs.c instead: {Response,Request}
epan/dissectors/packet-isis-lsp.c tfs_metric_supported_not_supported - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-kerberos.c supported_tfs - could have used tfs_supported_not_supported from tfs.c instead: {Supported,Not supported}
epan/dissectors/packet-kerberos.c set_tfs - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-mac-lte.c mac_lte_scell_status_vals - could have used tfs_activated_deactivated from tfs.c instead: {Activated,Deactivated}
epan/dissectors/packet-p_mul.c no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-pgm.c opts_present - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-rsl.c rsl_ms_fpc_epc_mode_vals - could have used tfs_inuse_not_inuse from tfs.c instead: {In use,Not in use}
epan/dissectors/packet-sita.c tfs_sita_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-vines.c tfs_vine_rtp_no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-vnc.c button_mask_tfs - could have used tfs_pressed_not_pressed from tfs.c instead: {Pressed,Not pressed}
27 issues found
Change-Id: I7e53b491f20289955c9e9caa8357197d9010a5aa
Reviewed-on: https://code.wireshark.org/review/38087
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I2e75d63a9ed4dc9db9babe5b16cadb7ed1bc72cd
Reviewed-on: https://code.wireshark.org/review/38044
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6e65fb23ad690582590a73cabf3c53f55e399cf3
Reviewed-on: https://code.wireshark.org/review/38043
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8d585d66da894b359d47d16d9850ce709dedbcb7
Reviewed-on: https://code.wireshark.org/review/37853
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I428c1d6ea0930991dac375d43eaf5e8aaf788ed9
Reviewed-on: https://code.wireshark.org/review/36772
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Also some more whitespace fixes.
Change-Id: I53bc7c4073ed495b14580d59798456b17851cda2
Reviewed-on: https://code.wireshark.org/review/36749
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: I6c6bad7986f77f0d7456e29c794d95d4fc055add
Reviewed-on: https://code.wireshark.org/review/36747
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Following commit c397adda8a7 there was some missing change
* Some `cur_offset += name_len` instead of `cur_offset += used_bytes`
* Some missing format_text
I took a look at the code after observing a bug with RRSIG record.
The signature in RRSIG was dissecting with some strange offset.
You can easily generate some pcap with those commands
delv @1.1.1.1 A www.cloudflare.com
and/or
dig @1.1.1.1 +dnssec www.cloudflare.com
Change-Id: Ibd6a6248b7497b8409d7797dc320035c8c2d1ed8
Reviewed-on: https://code.wireshark.org/review/36080
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The Microsoft 'variation' of RFC 3004 causes a '[Malformed Packet]' when the
"User Class Length" (dhcp.option.user_class.length) exceeds the total length
of the DHCP option 77 User Class Option (dhcp.option.length) because it is a
character and not a length field.
This stops the dissection of the rest of the DHCP packet, including the Vendor
class identifier when containing "MSFT 5.0" indicates the Microsoft variation.
A simple fix is to treat dhcp.option.user_class.length >= dhcp.option.length
as a non-conformant (text) option.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/fe8a2dd4-1e8c-4546-bacd-4ae10de02058
Bug: 16349
Change-Id: Ia7b90302efd0b84eb508db35a3b246142bf66510
Reviewed-on: https://code.wireshark.org/review/35962
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I52d24560d4061c996c25b290ee347cc55404c216
Reviewed-on: https://code.wireshark.org/review/33914
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Microsoft reshuffled their documentation - almost all of it moved from
msdn.microsoft.com to docs.microsoft.com. Some blogs moved to
devblogs.microsoft.com; the comments *didn't* move, so in one case we go
to the Wayback Machine - the link isn't dead, but it formats horribly,
at least on my browser, but the archived version formats OK.
Use the Wayback Machine for some URLs, and update others.
Update the sections for MS-ADTS.
Point to the HTML versions of some RFCs and I-Ds.
Change-Id: I344b20f880de63f1ae2a4e3f9ff98af78a7fe139
Reviewed-on: https://code.wireshark.org/review/34101
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Do not use g_malloc, it leaks when accessing the tvb throws an error.
Change-Id: I5c6515da2184e2bea496d352461784cf845c3e18
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15673
Fixes: v3.1.0rc0-136-gc28d8f937a ("packet-dhcp.c: Fix modification of a const char* string")
Reviewed-on: https://code.wireshark.org/review/33999
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
dhcp.c:3087:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be >= 10");
^
dhcp.c:3119:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3131:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3143:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
^
dhcp.c:3155:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 1");
^
dhcp.c:3176:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must >= 5");
^
dhcp.c:3201:26: error: 'pinfo' was marked unused but was used
expert_add_info_format(pinfo, tree, &ei_dhcp_bad_length, "length must be 4");
Change-Id: If4e05284a4489e7cea75fee52733851533dacbc1
Reviewed-on: https://code.wireshark.org/review/33372
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Convert our various PROTO_ITEM_ macros to inline functions and document
them.
Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c
Reviewed-on: https://code.wireshark.org/review/32706
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Dissect more details for PXE suboption.
Used references:
https://tools.ietf.org/id/draft-henry-remote-boot-protocol-00.txt
https://web.archive.org/web/20111226190846/http://download.intel.com:80/design/archives/wfm/downloads/pxespec.pdf
https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.networkcomm/tcpip_dhcpv6_pxevendor.htm
File to test:
https://www.cloudshark.org/captures/1fd97aede26b
Change-Id: I6353c064e46e8512f261791afc039b7b7069c94e
Reviewed-on: https://code.wireshark.org/review/32376
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I431c3080d6048331f13c17ca711cc9183e8c896a
Reference: header file attached to bug report
Bug: 15498
Reviewed-on: https://code.wireshark.org/review/32301
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I79ae658e270559afb3f104c5b1a046083270a920
Reviewed-on: https://code.wireshark.org/review/32302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: If68f697e6ffc986fb2d1ac433340f99b0515e4a3
Reviewed-on: https://code.wireshark.org/review/32116
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Change-Id: Idef774e0ca77466113229a21fcf1aa22a42774c3
Reviewed-on: https://code.wireshark.org/review/32125
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Proxy DHCP (proxyDHCP) is described in the PXE specification ver 2.1 (section
2.2.3) as a mechanism to allow a PXE client to query a separate service,
listening on port 4011, to obtain boot file information. Other than the UDP
port number used, the protocol is identical to regular DHCP.
This change implements support for dissecting proxyDHCP packets.
The change expands the default pref value for the DHCP/BOOTP UDP ports list to
include port 4011, and if the dissector receives a packet for port 4011 which
passes a rough heuristic (the DHCP magic number is mandatory for proxyDHCP --
there is no such thing as BOOTP-only proxyDHCP), the packet passes through to
the regular DHCP dissector.
There's currently no separate preference to allow configuration of the expected
proxyDHCP port number... This seems reasonable, since the port number 4011 is
stipulated in the PXE specification, and variations would seem unlikely.
Testing Done: Opened a capture file containing a DHCP conversation using
proxyDHCP, and saw the traffic on UDP port 4011 was now decoded as DHCP and
reported as "proxyDHCP", instead of being generic UDP. Regular DHCP traffic
in the same capture file is still decoded as it was before. Produced some
deliberately malformed requests (bad magic number) and tweaked the
DHCP/BOOTP port list in prefs, and saw the expected behavior in each case.
20,000 iterations of fuzz-test.sh with a small corpus of captures from
PXE-booting systems.
Change-Id: Ifd485cd75834a51bdfd6f3ba3fe517c4a892d9d0
Reviewed-on: https://code.wireshark.org/review/30498
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The link to the erratum for RFC 4578 is wrong -- I probably accidentally hit
Ctrl+A in Vim insert mode and incremented it.
This trivial comments-only change corrects the erratum ID from 4625 to 4624.
Change-Id: If0495b7900ce4dbf63328a4568d04f8407012c10
Reviewed-on: https://code.wireshark.org/review/30412
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I739db9d841394582b3ff2f296050a9a1d350f9bc
Reviewed-on: https://code.wireshark.org/review/29907
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|