Age | Commit message (Collapse) | Author | Files | Lines |
|
Add the frame control flags string to a new field. This can be
used in a custom column, similar to TCP Flags.
|
|
|
|
The old SOME/IP Heur always returned true, even for non SOME/IP. This is
fixed now.
|
|
|
|
Check whether last received packet ended transfer on STALL only if there
was active transfer key set. This fixes failed transfer type assertion
for control transfers without data stage that were STALLed by device
(during status stage).
|
|
|
|
This adds the following KDEs defined by the Wi-SUN FAN specification:
- Pairwise Transient Key KDE (PTKID)
- Group Transient Key Liveness KDE (GTKL)
- Node Role KDE (NR)
- LFN Group Transient Key KDE (LGTK)
- LFN Group Transient Key Liveness KDE (LGTKL)
|
|
The Wi-SUN FAN specification describes the format of the EAPOL-Key frame
in section 6.5.2.2 (Authentication and PMK Installation Flow):
Descriptor Type = 2
Key Information:
1. Key Descriptor Version = 2
2. Key Type = 0
3. Install = 0
4. Key Ack = 0
5. Key MIC = 0
6. Secure = 0
7. Error = 0
8. Request = 1
9. Encrypted Key Data = 0
10. SMK Message = 0
11. Reserved = 0
Key Length = 0
Key Replay Counter = see [IEEE802.11] section 11.6.2.
Key Nonce = 0
EAPOL-Key IV = 0
Key RSC = 0
Key MIC = 0
Key Data Length = length of Key Data field in octets.
Key Data = PMKID KDE if the PMK is live, PTKID KDE if the PTK is live, GTKL
KDE, Node Role KDE, and LGTKL KDE.
The current dissector will try do decrypt if the Key Type is 0 while the
Encrypted Key Data is unset, which appears to be for supporting
non-standard WPA implementations. The Key Data is not encrypted in
Wi-SUN, so a workaround is made to dissect the Key Data if the Key
Length is 0.
|
|
Defined in the Wi-SUN FAN specification as:
id-kp-wisun-fan-device ::= {
iso(1)
identified-organization(3)
dod(6)
internet(1)
private(4)
enterprise(1)
Wi-SUN (45605)
FieldAreaNetwork(1)
}
|
|
|
|
Was dropped in error in ccbc0d5fe9355177dd88b8e28551021da3d1ee2d
|
|
Pop up a dialog about bad coloring rules when reading the file
(e.g., when first starting Wireshark), rather than waiting until
you try to edit them.
Have that dialog have details of the problem with the filter
instead of a generic message. The report_warning code will
consolidate multiple warnings into one if more than one filter
has an error, rather than have lots of pop-ups.
Since the dialog (or console message, in the unlikely event that
somehow the colorfilters are read in a CLI tool) is called from
the color filters code, get rid of the separate non-specific
pop-up in ColoringRulesDialog and the special preference for
having a bogus filter.
Now, if the user has a bogus filter in the current profile's
colorfilter, they'll get a useful pop-up warning at startup,
when that filter is disabled. For filters imported / copied from
other profiles through the coloring rules dialog, they'll get the
same useful pop-up.
For trying to enable a disabled coloring rules with an error, or
inserting a *new* coloring rule with invalid filter expression (despite
the editor's Red background warning about an invalid expression),
there's already both the hint at the bottom of the screen and the
OK button becomes disabled. (Maybe the hint could be larger or
bold or something when there's an error.)
Fix #14906. Fix #15034
|
|
|
|
Tag number 221 (Microsoft WPA Information Element) contains an AKM type.
Save this to fix wlan decryption when this tag is used by Access Point.
|
|
This patch cleans up the offset and length handling to allow showing
unparsed bytes.
|
|
|
|
|
|
This was accidentally added in f4242568896a611cfc563c90b57a421ad2805f31
and is clearly incorrect: https://www.rfc-editor.org/rfc/rfc6143#section-7.7.3
Fix #18883
|
|
|
|
Related to #18878
|
|
|
|
A negative number of bits in a bit item isn't allowed. Treat it
as a very large number (i.e., as unsigned), and throw a
ReportedBoundsError. This was already happening in most cases,
but not in the edge case of a number of bits between -1 and -7
(which was being rounded up to 0 octets and passed our length checks.)
Fix #18877
|
|
Add missing length to SQL Statement
Close: 18876
|
|
|
|
Related to #17753
|
|
We do want to reset these (and probably most other elements of the
packet_info struct) when starting to process a new PDU at the same
protocol level as the most recently processed dissector. However,
find_conversation_pinfo() is used in the GUI and elsewhere to get
the final value of conversation and address information, so we don't
want to reset the values after the last PDU.
Revert this until we can find a better general way of handling this.
(!8013 handles the specific PPP case for #18278.) Perhaps eventually
there should be some separation between addresses and conversation
information used for the next dissector called, and the value for
the packet used after the packet is fully dissected (by the GUI, etc.)
This reverts commit 80e287f82c084617b5624ceeba71de7f260f8d44.
Fix #18781.
|
|
Show Neighbor Discovery option lifetime values as time string.
|
|
|
|
Remove ETTs that do not match the standard.
|
|
Use ws_debug instead of ws_log(WS_LOG_DOMAIN, LOG_LEVEL_DEBUG)
in dfilter_compile_real, so that the logging is optimized away in a
Release build.
|
|
Update manuf, services enterprise numbers, translations, and other items.
|
|
When breaking up a raw HDLC byte stream into frames, each frame
should be treated separately, much like it were a new frame in
an ordinary capture file. That means that many of the elements
in the big packet_info struct should be reset for each new frame.
In particular, the "most recent conversation" information stored
in conv_elements and conv_addr_port_endpoints should be reset.
This is not that different to how multiple PDUs should be handled
in some other protocols (DVB-S2, TCP, etc.). When a frame contains
protocol layers A, B, then C, we should distinguish between "C is
contained within B within A" and "C and B are consecutive PDUs both
contained within A."
Unfotunately, it's difficult to handle this in a general way, as we
don't know when calling the dissector for a PDU whether another PDU
will follow or not. If something is the last PDU, we don't want to
reset the last addresses/ports/conversation, so that we can access
them for display purposes, conversation filters, the related packets
line, follow stream, etc., many of which use find_conversation_pinfo
Fix #18278.
|
|
|
|
This patch fixes 3 bugs where tvb_bytes_to_str_punct length was not
checked.
Fixes: #18865
|
|
Update manuf, services enterprise numbers, translations, and other items.
services failed.
|
|
|
|
Add functions to test if a compiled dfilter considers an hfid
or a protocol id interesting. Use those to define functions to
test if any enabled color filter considers an hfid or a protocol
interesting.
|
|
This is mean to use the value to select the correct field length.
Fix Coverity CID 1517107, 1517124, 1517136, 1517164, 1517184, 1517195.
|
|
Some of the item length changes in !9655 needed to be done with
the ASN.1 templates so that they don't get lost on ASN.1 regeneration.
Fixup ed8ee831fda2df69657af95dc34a3ea6b3ef4c88
|
|
|
|
As requested [here][1] by @eapache, help with removing calls to
`wmem_packet_scope()` in favour of references to `pinfo->pool`.
* Plugins chosen semi-randomly.
* When a calling function already has a `pinfo` argument, use that.
* Remove `_U_` from its signature if it was there.
* If a function seems narrowly focused on getting and (possibly)
returning memory, change the function signature to take a
`wmem_allocator_t *`.
* If it seems more focused on packet-based operations, pass in a
`packet_info *` instead and use `pinfo->pool` within.
* If there are several functions defined with the same call
signature, add `pinfo _U_` to the argument list of similar
functions in order to maintain clarity/symmetry.
[1]: https://www.wireshark.org/lists/wireshark-dev/202107/msg00052.html
|
|
|
|
|
|
This fixes the dissection of RDTCI subfunction.
Fixes: #18873
|
|
|
|
The PTP analysis code did not support very long traces, in which the PTP
seqid wrapped around (~2.27 hours with 125ms intervals). This is fixed
by ensuring that PTP messages are only matched, if less than 60s apart.
Fixes: #18872
|
|
|
|
mssage => message
|
|
line 764: Value stored to 'subtree' is never read
|
|
Fixes: #18871
|