Age | Commit message (Collapse) | Author | Files | Lines |
|
This changes the tree received by registered vendor dissectors (the
OUI isn't part of the dissected tree anymore). Thankfully there are
currently no dissector registered.
|
|
|
|
Close: #18539
|
|
Sniffers may provide a PHR via the PHY Header TLV.
Dissects SUN FSK PHR with and without Mode Switch, and
Wi-SUN FSK Mode Switch PHR.
|
|
A conversation in Wireshark might have two endpoints or might have no
endpoints; few if any have one endpoint. Distinguish between
conversations and endpoints.
|
|
More {host, hostlist} -> endpoint.
|
|
It's an endpoint table, not a table of hosts.
|
|
The "conversation table" mechanism supports two types of tables, one for
the "Conversations" menu item under "Statistics" and one for the
"Endpoints" menu item under "Statistics". The first of them shows
statistics for conversations at various layers of the networking stack;
the second of them shows statistics for endpoints at various layers of
the networking stack.
The latter is *not* a table of hosts; an endpoint might be a host,
identified by an address at some network level (MAC, IP, etc.), or it
might be a port on a host, identified by an address/port pair.
Some data types, function names, etc. use "host" or "hostlist" or other
terms that imply that an endpoint is a host; change them to speak of
endpoints rather than hosts, using names similar to the corresponding
functions for conversations.
Provide wrapper functions and typedefs for backwards source and binary
compatibility; mark them as deprecated in favor of the new names.
Clean up some comment errors found in the process.
|
|
Remove callback function from pref registrations for dissectors that
don't need a callback. In other dissectors, move registration that
only needs to be done once inside the check for initialization,
avoiding some console messages when preferences are changed
("Duplicate dissectors (anonymous) and (anonymous) for protocol...")
and the like.
Add a couple auto preferences for dissectors missed in previous waves.
Ping #14319
|
|
Remove the redundant BASE_FLOAT field display type. The name
BASE_FLOAT is meaningless and the value aliased to BASE_NONE.
Require BASE_NONE instead of BASE_FLOAT (corresponding to
the printf() %g format).
Add new float display types using BASE_DEC, BASE_HEX and BASE_EXP
corresponfing to %f, %a and %e respectively.
Add support for BASE_CUSTOM with floats.
|
|
Field 'Id' (wpan.header_ie.id) has a conflicting entry in its value_string: 29 is at indices 2 (RendezVous Time IE) and 5 (Rendezvous Time IE)
|
|
The dissector enables support for CSL Wake Up Frames.
|
|
Allows packets to be filtered but marked and not removed from the
tap listing. Additionally a total is calculated for all rx/tx frames
and bytes
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
|
|
Use macros from inttypes.h.
|
|
Use macros from inttypes.h with format strings.
|
|
According to IEEE 802.15.4-2020 Section 7.3.5.1 Destination PAN ID field is
present when PAN ID Present bit is set. Therefore we should check for the bit.
Fixes: wireshark/wireshark#17496
|
|
Automated find/replace of wmem_packet_scope() with pinfo->pool in all
files where it didn't cause a build failure.
|
|
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
|
|
Improve dissection of IEEE 802.15.4 TAP DLT by reporting the number of
data bytes of the original data frame and create a separate packet bytes
pane containing just that data without the TAP TLV content.
|
|
g_memdup() was deprecated and replaced with g_memdup2() in GLib 2.68,
we provide our own copy of g_memdup2() for older GLib versions.
|
|
Provide better dissection information for vendor specific IEs
and remove the expert warning displayed so far.
|
|
In captures where a lot of packets are missing, requests and ACKs are
sometimes incorrectly paired. With this improvement, ACKs must arrive in
a reasonable time to be paired with a request.
|
|
A second batch of spelling errors, detected using a script
that uses pyspellcheck and a Wireshark-specific dictionary file.
I will take at least one more pass through the dissectors, as
further improvements are made to the script.
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Only use proto_tree_add_bytes_item() if you
1) are processing a hex string rather than binary byte array;
2) need the raw byte data.
While we're at it, fix the encoding argument in some calls adding
FT_BYTES fields to be ENC_NA, and, for some cases that could use
FT_UINT_BYTES, use proto_tree_add_item_ret_uint() to handle the length
and add a comment about that.
Change-Id: I6a1baca5c7da3001c0a6669f9c251e9773346c8c
Reviewed-on: https://code.wireshark.org/review/36967
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
|
|
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There is a good chance that the required information is still
valid even with a wrong FCS.
Change-Id: I244b2b4a857b7cefd1f4ef22eb151d5ac3ee4133
Reviewed-on: https://code.wireshark.org/review/35953
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This makes the address representation in ieee802154_transaction_t and
ieee802154_packet consistent.
Change-Id: I6ae66b48c3b2afe5843e6a82fe5adf1c6be5a7cd
Reviewed-on: https://code.wireshark.org/review/35780
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I86a0aae9409ab5f81a70560997c637f8f16718fa
Reviewed-on: https://code.wireshark.org/review/35754
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
For the same reason as in g89c9d909.
Change-Id: I5e344ebdf8ba05d169484aa32b409d84edc6124f
Reviewed-on: https://code.wireshark.org/review/34943
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Wake-up frames in 802.15.4e have a specific structure that is not
consistent with the fields present in a single-byte FCF.
As a special case when 802154e_compatibility is enabled, detect
multi-purpose frames that are exactly 12 bytes long and contain
a Rendezvous Time IE and parse them as an 802.15.4e wake-up frame.
Bug: 16102
Change-Id: I87c6317fffb0670dae0d5bdd499271fe02a40b22
Reviewed-on: https://code.wireshark.org/review/34684
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add support for IEEE802.15.4-2015 multipurpose frames, which are
similar to data frames with the following exceptions:
- The Frame Control Field can be either 1 or 2 octets, with different
bit offsets for all fields except for Frame Type.
- The Frame Version field, when present, must always be set to 00.
- The source PAN ID is always absent
- Instead of a PAN ID Compression field, there is a PAN ID Present
field for the destination PAN ID only.
See Section 7.3.5 of IEEE802.15.4-2015 (esp Figure 7-19) for details.
Bug: 16101
Change-Id: I1e64d90694b567573ca10395b823adb9015f8917
Reviewed-on: https://code.wireshark.org/review/34682
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a new 802154e_compatibility preference.
When enabled, it will attempt to handle certain PAN ID compression schemes
that are permitted in 802.15.4e-2012 but not in 802.15.4-2015.
Specifically, when either the source or destination address are present
in short form and the PAN ID Compression bit is cleared, 802.15.4-2015 expects
the source PAN ID to be present, whereas 802.15.4e-2012 does not.
Bug: 16102
Change-Id: I7fea7bd6d0a78c859360a1130b242e90eac8feec
Reviewed-on: https://code.wireshark.org/review/34683
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I3ec5be36bff3768bce66975deb15fec2dcc5cb26
Reviewed-on: https://code.wireshark.org/review/34155
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I86519fe73b9225f5e1e19e20977debbea4aa0d74
Reviewed-on: https://code.wireshark.org/review/33954
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The title of a decode_as_t was used by the GTK UI. It's no
longer required for Qt.
Change-Id: Ibd9d4acbe9cad2c1af520340d04e550326a97ebe
Reviewed-on: https://code.wireshark.org/review/33557
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I76f7a20a7a8f019a9b99404e08a3249cdc6ea6ef
Reviewed-on: https://code.wireshark.org/review/33008
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
ACK tracking did not work for protocols like ZigBee because the ACK is
send without address information. By moving the ACK tracking out-side
the conversation and only use the interface and the sequence number to
match requests and ACKs this is now working.
If addresses are present in the ACK they will still be used to avoid
invalid matches.
The nature of the wmem_tree ensures that the ACK tracking will always
work on the latest requests.
Change-Id: I5c763e34ec340b19a7998ddcfe9f72fccfd2acd1
Reviewed-on: https://code.wireshark.org/review/32927
Reviewed-by: James Ko <jck@exegin.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
for function 'ieee802154_create_tap_tlv_tree' [-Wmissing-prototypes]
Change-Id: I74de53e945685a289c302a784afd3d3f5f22891b
Reviewed-on: https://code.wireshark.org/review/32799
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Convert our various PROTO_ITEM_ macros to inline functions and document
them.
Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c
Reviewed-on: https://code.wireshark.org/review/32706
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Channel Center Frequency (Type=11). In addition to or instead of
channel number for packet reception, the channel center frequency may be
specified in kHz as IEEE-754 floating point number.
Channel Plan (Type=12) - Allow reporting of a generic channel plan used
to calculate channel numbers. The channel plan consists of the channel
0 center frequency, channel spacing and number of channels.
Change-Id: I41fa585e9c2fd8986b1fb61a49de74ee2adac4fa
Reviewed-on: https://code.wireshark.org/review/32415
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a new subtree with Header fields Version, Reserved and Length.
Include padding length in the TLV entry.
Change-Id: I7c39253f4d2f5f3b2d5721d10af3f8b563ea0d04
Reviewed-on: https://code.wireshark.org/review/32346
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Fixing some "implicit conversion loses integer precision" warnings
reported by clang with -Wshorten-64-to-32 option
Change-Id: Ica92971e689c28c6d1ea995e821d648a19186c09
Reviewed-on: https://code.wireshark.org/review/32331
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Enable decryption in TSCH mode which requires ASN in nonce.
Change-Id: Iae24add3a15cef00ef0037acd99f30b684e97ae2
Reviewed-on: https://code.wireshark.org/review/32142
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Error:
../epan/dissectors/packet-ieee802154.c: In function 'dissect_ieee802154_header_ie':
../epan/dissectors/packet-ieee802154.c:3788:10: error: variable 'remaining' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered]
gint remaining = tvb_reported_length_remaining(tvb, offset) - IEEE802154_MIC_LENGTH(packet->security_level);
^
Change-Id: I6dadaa9e502f8f38bf476b690395727c836172fd
Reviewed-on: https://code.wireshark.org/review/32283
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
That was what was being done before; do it in the main dissector
routine, as 1) the main dissector routine doesn't call the FCS or TI
CC24xx dissector if we don't have an FCS or TI CC24xx metadata trailer
and 2) that means we pull duplicate code out of those dissectors.
Also, those routines are only called if we have the full FCS/metadata
available, so there's no need for them to check for that. (Arguably,
they should be called if the data is present, according to the reported
length, even if it's not available in the captured data, so we mark the
frame as having been cut off so the full data isn't available.)
Change-Id: I6be2a1f71a27bc41aea93e3c92743fc12c997c94
Reviewed-on: https://code.wireshark.org/review/32281
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Put the "mark frames with an invalid CRC" stuff into the main dissector
code, as it's the same regardless of whether you have an FCS that can be
checked or metadata with an "FCS bad" flag.
Change-Id: I2540c1934032c91f22b66babd81fb928212f18b5
Reviewed-on: https://code.wireshark.org/review/32280
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|