Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove some long obsolete code that dates back to before the
binary H.248 protocol was separated into an ASN.1 dissector
|
|
Versions 2 and 3 of MEGACO (H.248 text) added statisticsDescriptor
to one of the options for a streamParm that can appear inside a
mediaDescriptor. Dissect it.
Part of #11080
|
|
This IE is present in the ePDG Tunnel Request/Result messages to forward
protocol configs between the UE (IKEv2) and the PGW (GTPv2C), with ePDG in the middle.
https://gerrit.osmocom.org/c/osmo-gsm-manuals/+/36023
https://gerrit.osmocom.org/c/libosmocore/+/36024
|
|
These messages are used in the GSUP-based CEAI interface between
strongswan IPsec and osmo-epdg, which acts basically as a forwarding
protocol between IKEv2 on the UE side and GTPv2C S2b towards PGW + Diameter
SWm towards AAA Server.
Those fields are already present in libosmocore, GSUP reference
implementation [1].
[1] https://gitea.osmocom.org/osmocom/libosmocore/src/branch/master/include/osmocom/gsm/gsup.h#L205
|
|
The value in the length field in ENRP parameters and error causes
include the length and types, and must be at least 4. In particular,
not erring on zero can cause an infinite loop.
https://datatracker.ietf.org/doc/html/rfc5354
Fix #19674
|
|
Fix typos and bugs in NAN dissector.
Separate NDP and NDPE control field
|
|
|
|
|
|
NAN Availability Attribute, Device Capability Attribute, Cipher Suite
Info Attribute.
|
|
Compact protocol uses little endian doubles instead of big endian like compact.
This issue is documented as an accident that became the de-facto standard.
For consistency, the sub-tvbuff_t given to delegated sub-dissectors is aligned
with binary protocol to allow a sub-dissector to work with both binary and compact.
|
|
Previous recursion check only worked with generic dissector.
The introduced changes cover the sub-dissectors as well.
Remove the existing check as it counted basic types as well.
Add a check at every place where a sub-tree is created:
- containers (list, set, map)
- structures
|
|
In KRB_TOKEN_CFX_WRAP (RFC 4121), for signed-only Wrap tokens
("Wrap tokens without confidentiality"), the plaintext is followed
by the checksum, unlike in other implementations where the all
the GSSAPI bits, including the checksum, precede the plaintext.
For those cases, the calling dissector cannot simply dissect
the entire original tvb after the returned offset, as it's not
all plaintext. Instead, place the plaintext without checksum
subset in gssapi_decrypted_tvb and return it to the caller.
In these cases, gssapi_data_encrypted will be set to FALSE, to
allow dissectors that wish to distinguished signed-and-sealed
from signed-only. For dissectors that do not care to distinguish
the cases, this requires no change.
Update the documentation in the GSSAPI header to describe this.
Fix #9398.
|
|
See the capture in #9398 for an example.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Structure change in asterix-specs, revision 3ab3bb3.
Rule type is generalized and it now also includes a default value.
|
|
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
|
|
|
|
Switch SCCP's default payload preference from a string to validated
dissector name preference, added in 2f1392169a2230d53b8e
|
|
|
|
|
|
Fix
```
wireshark/epan/dissectors/packet-icmpv6.c:1709:1: warning: function 'dissect_icmpv6_nd_opt' is within a recursive call chain [misc-no-recursion]
1709 | dissect_icmpv6_nd_opt(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
| ^
wireshark/epan/dissectors/packet-icmpv6.c:1709:1: note: example recursive call chain, starting from function 'dissect_icmpv6_nd_opt'
wireshark/epan/dissectors/packet-icmpv6.c:2247:30: note: Frame #1: function 'dissect_icmpv6_nd_opt' calls function 'dissect_icmpv6_nd_opt' here:
2247 | opt_offset = dissect_icmpv6_nd_opt(tvb, opt_offset, pinfo, icmp6opt_tree);
| ^
wireshark/epan/dissectors/packet-icmpv6.c:2247:30: note: ... which was the starting point of the recursive call chain; there may be other cycles
```
|
|
Fix
```
wireshark/epan/dissectors/packet-dhcpv6.c:1846:1: warning: function 'dhcpv6_option' is within a recursive call chain [misc-no-recursion]
1846 | dhcpv6_option(tvbuff_t *tvb, packet_info *pinfo, proto_tree *bp_tree,
| ^
wireshark/epan/dissectors/packet-dhcpv6.c:1846:1: note: example recursive call chain, starting from function 'dhcpv6_option'
wireshark/epan/dissectors/packet-dhcpv6.c:2052:28: note: Frame #1: function 'dhcpv6_option' calls function 'dhcpv6_option' here:
2052 | temp_optlen += dhcpv6_option(tvb, pinfo, subtree,
| ^
wireshark/epan/dissectors/packet-dhcpv6.c:2052:28: note: ... which was the starting point of the recursive call chain; there may be other cycles
wireshark/epan/dissectors/packet-dhcpv6.c:2958:1: warning: function 'dissect_dhcpv6' is within a recursive call chain [misc-no-recursion]
2958 | dissect_dhcpv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
| ^
```
|
|
|
|
This change updates references to obsoleted RFCs and I-Ds,
provides human-readable interpretation of kid values, and fixes
the text encoding type in proto_tree_add_cbor_tstr().
Fixes #19659
|
|
Aligning the data type with the 802.1AS specs the data type is
now INT32 instead of UINT32.
Also added a generated field where the scale and offset is removed
to easier interpret the actual accumulated rate ratio.
|
|
|
|
For our test in check_dcid_on_coalesced_packet, check the *last*
QUIC packet in the frame so far, not the first packet in the
frame.
Only create the quic_packet structure after checking for a coalesced
packet, so that the last QUIC packet in the frame is the previous
one, not the current one.
What happens if 0-RTT packets are lost and resent? There's an
alternative suggestion featuring checking if the ciphers are
initialized on the first pass that might work too, but if we
did that, what happens if the server Handshake is fragmented,
reassembled, and the server sent some "0.5-RTT" data after the
last fragment but then had to resend a different Handshake fragment
later? We'd still get some 1-RTT data before the handshake was done.
Fix #19665 while still not upsetting #19503.
|
|
Fix #7393
|
|
Add identification of the 'local engine' format.
|
|
Use RFC 6225 (obsoletes RFC 3825)
|
|
|
|
|
|
Altitude dissector added
|
|
|
|
|
|
The uplink and downlink bit rate items, and the maximum SDU size,
are contained in a single octet but added to the tree using
proto_tree_add_uint_format[_value] after multiplying by various factors,
so the values don't actually fit in a FT_UINT8. The fields need
to be large enough to fit the largest value added after transformation.
The filter engine won't allow filters for values outside the field
range, e.g.
$ ./run/dftest -s 'gtp.qos_max_sdu_size == 1500'
Filter:
gtp.qos_max_sdu_size == 1500
Error: "1500" too big for this field, maximum 255.
gtp.qos_max_sdu_size == 1500
^~~~
After:
$ ./run/dftest -s 'gtp.qos_max_sdu_size == 1500'
Filter:
gtp.qos_max_sdu_size == 1500
Syntax tree:
0 TEST_ANY_EQ:
1 FIELD(gtp.qos_max_sdu_size <FT_UINT16>)
1 FVALUE(1500 <FT_UINT16>)
Instructions:
0000 READ_TREE gtp.qos_max_sdu_size -> R0
0001 IF_FALSE_GOTO 3
0002 ANY_EQ R0 == 1500
0003 RETURN
|
|
|
|
Add NOLINTNEXTLINE suppressions for some existing recursion checks.
|
|
|
|
Added dissection for FSCTL_REFS_STREAM_SNAPSHOT_MANAGEMENT Request
Add FileFullEaInformation flags
Update SMB2 lock response field unknown to reserved.
Update flush request/response reserved fields.
|
|
Reduce false positives of the CLTP on UDP dissector (RFC 1240)
by looking at the parameters as well and also ruling out length
indicator zero.
See https://ask.wireshark.org/question/31455/i-see-a-malformed-packet-in-wireshark-from-a-google-ip-address-on-port-2400-using-r-goose-protocol-what-could-this-be/
RFC 1240 was rendered Historic by RFC 2556, which noted that
"at this time there do not seem to be any implementations" and
recommended TPKT (ISO on TCP) instead.
However, R-GOOSE does use RFC 1240. In practice, it seems like
R-GOOSE uses the IANA registered port for ISO-TSAP, 102, just like
TPKT does on TCP. Perhaps we should register the dissector to that
port instead of a heuristic dissector if someone can confirm that.
Move the dissector from goose to ositp. This doesn't cause any
preference issues because heuristic dissectors are saved in the
preference file by name and the name won't change.
|
|
The TPNCP dissector depends upon a resource file, tpncp.dat, being loaded
during initialization. If a non-default tpncp.dat was used, the TPNCP
dissector could potentially perform some operations beyond the bounds of a
fixed-size array while loading tpncp.dat.
If a non-default tpncp.dat was used and an attempt was made to dissect
malformed TPNCP traffic, the TPNCP dissector could potentially perform a read
beyond the end of an array.
This change adds explicit bounds-checks to eliminate these possible OOB
accesses.
There is zero chance of this being triggered in a default unmodified
installation of Wireshark: Loading of the tpncp.dat file is conditional on a
preference setting which defaults to FALSE, and even if it is configured to
TRUE, the included tpncp.dat does not trigger either of these OOB operations.
It still seems worthwhile to make the parser and dissector generally more
robust.
|
|
|
|
Fix
```
wireshark/epan/dissectors/file-rbm.c:196:13: warning: function 'dissect_rbm_array' is within a recursive call chain [misc-no-recursion]
196 | static void dissect_rbm_array(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:410:13: note: example recursive call chain, starting from function 'dissect_rbm_object'
410 | static void dissect_rbm_object(tvbuff_t* tvb, packet_info* pinfo, proto_tree* ptree, guint* offset, gchar** type, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:439:4: note: Frame #1: function 'dissect_rbm_object' calls function 'dissect_rbm_string' here:
439 | dissect_rbm_string(tvb, pinfo, tree, offset, &value_local);
| ^
wireshark/epan/dissectors/file-rbm.c:325:2: note: Frame #2: function 'dissect_rbm_string' calls function 'dissect_rbm_object' here:
325 | dissect_rbm_object(tvb, pinfo, tree, offset, NULL, NULL);
| ^
wireshark/epan/dissectors/file-rbm.c:325:2: note: ... which was the starting point of the recursive call chain; there may be other cycles
wireshark/epan/dissectors/file-rbm.c:222:13: warning: function 'dissect_rbm_hash' is within a recursive call chain [misc-no-recursion]
222 | static void dissect_rbm_hash(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:321:13: warning: function 'dissect_rbm_string' is within a recursive call chain [misc-no-recursion]
321 | static void dissect_rbm_string(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:329:13: warning: function 'dissect_rbm_regex' is within a recursive call chain [misc-no-recursion]
329 | static void dissect_rbm_regex(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:344:13: warning: function 'dissect_rbm_userclass' is within a recursive call chain [misc-no-recursion]
344 | static void dissect_rbm_userclass(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:355:13: warning: function 'dissect_rbm_variable' is within a recursive call chain [misc-no-recursion]
355 | static void dissect_rbm_variable(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value_str)
| ^
wireshark/epan/dissectors/file-rbm.c:368:13: warning: function 'dissect_rbm_struct' is within a recursive call chain [misc-no-recursion]
368 | static void dissect_rbm_struct(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:374:13: warning: function 'dissect_rbm_drb' is within a recursive call chain [misc-no-recursion]
374 | static void dissect_rbm_drb(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:383:13: warning: function 'dissect_rbm_rubyobject' is within a recursive call chain [misc-no-recursion]
383 | static void dissect_rbm_rubyobject(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:400:13: warning: function 'dissect_rbm_extended' is within a recursive call chain [misc-no-recursion]
400 | static void dissect_rbm_extended(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset)
| ^
wireshark/epan/dissectors/file-rbm.c:410:13: warning: function 'dissect_rbm_object' is within a recursive call chain [misc-no-recursion]
410 | static void dissect_rbm_object(tvbuff_t* tvb, packet_info* pinfo, proto_tree* ptree, guint* offset, gchar** type, gchar** value)
| ^
wireshark/epan/dissectors/file-rbm.c:535:6: warning: function 'dissect_rbm_inline' is within a recursive call chain [misc-no-recursion]
535 | void dissect_rbm_inline(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, guint* offset, gchar** type, gchar** value)
| ^
```
|
|
|
|
Fix
```
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: warning: function 'process_tiff_ifd_chain' is within a recursive call chain [misc-no-recursion]
773 | process_tiff_ifd_chain(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: note: example recursive call chain, starting from function 'process_tiff_ifd_chain'
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: Frame #1: function 'process_tiff_ifd_chain' calls function 'process_tiff_ifd_chain' here:
896 | process_tiff_ifd_chain(tree, tvb, pinfo, encoding,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: ... which was the starting point of the recursive call chain; there may be other cycles
```
|
|
- Move all basic dissect_thrift_t_<type> implementations into
dissect_thrift_raw_<type> that takes an additional dissector_t
parameter.
- All dissect_thrift_t_<type> just calls dissect_thrift_raw_<type>
with a NULL raw dissector.
- When the dissector_t parameter is set, create a sub-tvbuff_t pointing
to the raw content of the simple type (integral or binary).
- There are 2 specific cases within the TCompactProtocol part:
1. For booleans, the sub-dissector is responsible for using only the
least significant bit as the boolean value. The most obvious use
of the boolean raw sub-dissector is the use of a true_false_string.
2. For varint, we manufacture a tvbuff_t containing the big-endian
value of the right size to be the same as TBinaryProtocol.
- Allow the raw sub-dissector to push the responsibility back to the
generic dissector using thrift_opt_t.use_std_dissector = TRUE.
A common use case for that is a specific dissection for some values
only in a key/value map (configuration keys).
- Add a public dissect_thrift_t_raw_data() function that takes a type
for dispatch as well as the dissector_t.
|
|
Update the pinfo stats tree plugin and the F5 trailer for
the new stats tree path separator
Follow up to 53638f9ccfc9ce7e685532062c3b4068a759f7dd
|
|
|