Age | Commit message (Collapse) | Author | Files | Lines |
|
When selecting the Host key tree 4 bytes of the host key are missing because
the subtree has length key_len and does not include the length of key length
field itself.
Change-Id: I1a1ca2f3a5ea651c9dab4f0edc705df2c98a7ae4
Reviewed-on: https://code.wireshark.org/review/31464
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Currently the type length of the host key is parsed but not displayed.
This commit fixes that.
Change-Id: I3db149129609c3ec5cd24e1031c35481ce3d2f81
Reviewed-on: https://code.wireshark.org/review/30375
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The SSH dissector currently displays the padding as a member of the
Key Exchange Tree.
According to the RFC, the padding is a member of the 'Binary Packet'.
This commit adjusts the display accordingly.
Change-Id: I24ea2b44b8b7253bbdf61057cb7f0b845d6e7f74
Reviewed-on: https://code.wireshark.org/review/30372
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Since we're returning the key_len, there is no point in returning
a signed int.
Change-Id: I8854868ecf5250dca1894fdb8910d9ed48c070db
Reviewed-on: https://code.wireshark.org/review/27781
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Convert the TCP port preference to a range and add Gerrit's default
port.
Change-Id: I13460315e9b312673648a37d5f90955134b3ddbc
Reviewed-on: https://code.wireshark.org/review/22362
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add protocol to tree without carriage return / newline bytes
Bug: 13574
Change-Id: I757a0a3b034943da7f42557a96cdb10a45627dc7
Reviewed-on: https://code.wireshark.org/review/20981
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.
Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
* kex_first_packet_follows -> first_kex_packet_follows
That's the name the spec (RFC 4253) uses.
* DH H signature -> H signature, DH host key -> host key
Neither the host key nor the H signature have much to do
with Diffie-Hellman. They're used in the same way in
every key exchange method that I know of, so their names
should be more generic.
* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
This is to make all key exchange method-specific fields follow
a consistent pattern with all names/abbrevs being prepended
by the method name.
Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.
Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The header field ID variables are listed in a somewhat chaotic order,
making the list hard to comprehend and update. Group them according
to the part of the protocol the corresponding fields occur in, and
order the groups and the IDs within groups to roughly match
the protocol flow and message formats.
Change-Id: I915f508fd78ff89819c96d246c79d335de6a172e
Reviewed-on: https://code.wireshark.org/review/19154
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ic9851976bfa25fc61c708ee08e5a26ad01769f06
Reviewed-on: https://code.wireshark.org/review/19097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
size_str points to a dash, so the result of calling ws_strtoi32 on it is
a negative number, which becomes a huge positive number, because size is
a guint32.
Parse the number after the dash instead, and use ws_strtou32.
Also, check that size is divisible by 8, since otherwise it's unlikely
to be a bit length.
Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64
Reviewed-on: https://code.wireshark.org/review/19006
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
After this, hf_ssh_kexdh_host_key is no longer used, so remove it.
Change-Id: Ie56a086481bbe087b7ba3b17aea394c05986f63d
Reviewed-on: https://code.wireshark.org/review/19052
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib1e2b4e57832e94b94d34102c0079f820b18f350
Reviewed-on: https://code.wireshark.org/review/19000
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This patch introduces new APIs to allow dissectors to have a preference for
a (TCP) port, but the underlying data is actually part of Decode As functionality.
For now the APIs are intentionally separate from the regular APIs that register a
dissector within a dissector table. It may be possible to eventually combine the
two so that all dissectors that register with a dissector table have an opportunity
to "automatically" have a preference to adjust the "table value" through the
preferences dialog.
The tcp.port dissector table was used as the guinea pig. This will eventually be
expanded to other dissector tables as well (most notably UDP ports). Some
dissectors that "shared" a TCP/UDP port preference were also converted. It also
removed the need for some preference callback functions (mostly when the callback
function was the proto_reg_handoff function) so there is cleanup around that.
Dissectors that has a port preference whose default was 0 were switched to using
the dissector_add_for_decode_as_with_preference API rather than dissector_add_uint_with_preference
Also added comments for TCP ports used that aren't IANA registered.
Change-Id: I99604f95d426ad345f4b494598d94178b886eb67
Reviewed-on: https://code.wireshark.org/review/17724
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iafcb721eb6081902dd6b5c3a2258ae5c2ccd95e9
Reviewed-on: https://code.wireshark.org/review/17822
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I92d5dcf0fb50324d5adfcf0759be694b4037b8e3
Reviewed-on: https://code.wireshark.org/review/17028
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I2f7b01e5a71f043e49305d0e2a3e78eaa5eae0a8
Reviewed-on: https://code.wireshark.org/review/16262
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: If084278acfeb82ae7c91aefff9035f156e8f4f15
Reviewed-on: https://code.wireshark.org/review/16079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Kenny Root <kenny@the-b.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Adds a dissector for the ssh-rsa type of public key where the modulus
and public exponent are extracted out.
Change-Id: I10b1f2d6f41878d9f7ffe5d399b9b7d4f69ad96e
Reviewed-on: https://code.wireshark.org/review/15975
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Adds a framework for hostkey to be printed out separately from the rest
of the key exchange. This will allow for individual key information to
be presented separately in subsequent changes.
Change-Id: I27433772ef1a9e1c45f388809017ed07cf6e41fa
Reviewed-on: https://code.wireshark.org/review/15974
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Each SSH packet was being set to be the remaining length of the frame.
This change sets the packet lengths correctly for each SSH packet.
Change-Id: Id9c2331d875465cd5e6bb788d420e0025f5d496e
Reviewed-on: https://code.wireshark.org/review/15966
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
According to RFC 4253 section 7.3, once the SSH_MSG_NEWKEYS is received
all packets after that will be encrypted using the negotiated keys. This
can happen in the middle of a frame, so account for the offset in the
frame where this happens.
Change-Id: Ibc3b06a4bdfe38ae15b0e65afac6f5d3646cb58d
Reviewed-on: https://code.wireshark.org/review/15965
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
That removes most of the uses of the frame number field in the
frame_data structure.
Change-Id: Ie22e4533e87f8360d7c0a61ca6ffb796cc233f22
Reviewed-on: https://code.wireshark.org/review/13509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ifc8208e1b96e2a3bf297912500a5f252bfa8eed9
Reviewed-on: https://code.wireshark.org/review/12073
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ibdbdcf59d7d7d28a812e31c7d7b2123b035f80fa
Reviewed-on: https://code.wireshark.org/review/11461
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: Id335830e70a944dd5c26e66d7515d168725acf3f
Reviewed-on: https://code.wireshark.org/review/11460
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fifth batch (packet-rtp.c -> end).
Will look at cleaning up and committing script afterwards.
Change-Id: I8ed61dc941d98d3f7259a9d1f74e214eb7b4bfa2
Reviewed-on: https://code.wireshark.org/review/6052
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
(for some dissectors which fetch all other integral fields using
ENC_BIG_ENDIAN).
Change-Id: Ic18e3172aad76af12b12d6732c88497be22aed56
Reviewed-on: https://code.wireshark.org/review/5748
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
minor reformatting.
Change-Id: Ie078c826ed38a0d682f61fb3e95450b47a9d2c31
Reviewed-on: https://code.wireshark.org/review/4499
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: Ia3bd392b2223cf666828d65a61e069c465d3894a
Reviewed-on: https://code.wireshark.org/review/3536
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The "Payload" field only makes sense for packets that have unknown
type or are unexpectedly long. For normal traces, it will always be
empty, so hide it.
Note: this length check used to be implicitly performed by
ssh_proto_tree_add_item before 2aa66aa2b2daf0693e405371a5f9037a43896441,
so this just restores the former behaviour.
Change-Id: I948935bce660018377a004c661b829a19eb0a53b
Reviewed-on: https://code.wireshark.org/review/3535
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I8d66b1bc7dbdfee3d4bf6fd3b3c21c6323b66f44
Reviewed-on: https://code.wireshark.org/review/2946
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
tvb_ensure_captured_length_remaining"
See https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 021e7afc9fcba09094d0e2143cc434a34e3b09dc.
Change-Id: I0640eabce5ce8c4ff3a88ebf848b499f8bb8ed2f
Reviewed-on: https://code.wireshark.org/review/2429
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I0228f3b6b7067bc0ce51f9d359f99fd18feb2b66
Reviewed-on: https://code.wireshark.org/review/2378
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I63a3704effe3fcab01a193dc39b6a22e9f1cf3fe
Reviewed-on: https://code.wireshark.org/review/2376
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6d227ad7a4ddfab9d2cf18a3148700a6bd6dd321
Reviewed-on: https://code.wireshark.org/review/1512
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Also, show the packet length part of the encrypted packet. The length may
be encrypted (typical) or not (-etm modes and GCM mode). When not
encrypted, show as a number.
Bug:10066
Change-Id: I8c3a943b1b527b326b662e71f07ac6157684d5d9
Reviewed-on: https://code.wireshark.org/review/1462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I82f841e0ee9e00c69894d8c4c67f581278c87546
Reviewed-on: https://code.wireshark.org/review/1469
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia9ad45ce9196486129897cd616707d622778e9dd
Reviewed-on: https://code.wireshark.org/review/137
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
svn path=/trunk/; revision=53918
|
|
svn path=/trunk/; revision=53230
|
|
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits()
- tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup()
- tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode()
- tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string()
- tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string()
- tvb_get_ephemeral_string_enc() -> tvb_get_string_enc()
- update docs accordingly
svn path=/trunk/; revision=52172
|
|
svn path=/trunk/; revision=52038
|