Age | Commit message (Collapse) | Author | Files | Lines |
|
remove some unnecessary if(tree) checks while at it
Change-Id: I2ed7153a25a96f9fa08476176980655117aae26e
Reviewed-on: https://code.wireshark.org/review/13334
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: I3e2fad7f0307e599802c37040b34c899efb0e603
Reviewed-on: https://code.wireshark.org/review/13328
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The new ADD_ADDR format contains a truncated HMAC value of 8 bytes.
The specifications can be found in RFC6824bis-04.
Change-Id: Ief5118aea06fcd6c502ff4e55f0a49bf3234fd09
Reviewed-on: https://code.wireshark.org/review/13304
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Use eapol key data length to differentiate between #2 and #4.
This should work around ieee802.11 client implementation errors.
Windows is setting the Secure Bit on #2 when rekeying and Bug 11994
has a sample capture with the Nonce set in #4 and are so both
violating the spec.
Bug: 11994
Change-Id: Ia9e9c68d08dae042cfa7fd9517892db211b0a00f
Reviewed-on: https://code.wireshark.org/review/13299
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Dissectors that need it should fetch it with
find_dissector_table("wtap_encap").
Change-Id: I4b12888f20182aa529274b934b81d36f7697e1a6
Reviewed-on: https://code.wireshark.org/review/13323
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When desegmentation is disabled (as is done with the SSL Decryption
(master secret)" test), the app_data dissection is ignored because the
app_data dissector it not yet known. Fix this by continuing when the
port-based dissector is known (as was done before).
Also add avoid setting a "(null)" protocol in the tree when the
app_handle is not set (because the encrypted data is not decrypted for
example, or when the heuristics dissector fails to set a protocol).
Fixes regression since v2.1.0rc0-1501-g50dc0e8 ("ssl: improve
interaction with heuristics subdissectors").
Change-Id: I65c1d4705dec8f6fea8b7ac02151fab9dc6152d6
Reviewed-on: https://code.wireshark.org/review/13312
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ic4c5c0b86e90dc5f3e5e0a6023e21756fa8015d3
Reviewed-on: https://code.wireshark.org/review/13320
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If a link-layer header type is one where Wiretap generates a
pseudo-header from the bytes at the beginning of the packet data, we
can't handle it, because we don't have code to process those bytes and
generate a pseudo-header. Punt on it.
Change-Id: I28c585e9d368216411cc841068ce3414f27f2d86
Reviewed-on: https://code.wireshark.org/review/13319
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Check for it with DISSECTOR_ASSERT().
Change-Id: I71ba81107f7a4aff21b0f0dbecb5158dc4ff6238
Reviewed-on: https://code.wireshark.org/review/13318
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 12013
Change-Id: If753fcdbb01d646fc4db43485549e8c6f668eced
Reviewed-on: https://code.wireshark.org/review/13311
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I1da2f3e5d5cd6111a6ac7abaee2a97a36e8fd3c1
Reviewed-on: https://code.wireshark.org/review/13309
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I6031ae6f9b31447665236098c87ffed97e4b8a2d
Reviewed-on: https://code.wireshark.org/review/13275
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This is an enhancement to allow a plugin to obtain capture file
and other status information via a simple plugin_if call
Added GTK port to this revision
Bug: 11968
Change-Id: Ibcf4e8b43c6f3b48e971fa4020a07cc273234fb8
Reviewed-on: https://code.wireshark.org/review/13103
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Drop the custom str_to_addr_ip, it overruns the buffer with at most 3
bytes when an empty string is passed. Remove sizeof(guint8) while at it,
the C standard requires this to be 1.
Avoid overwriting uaudp.system_ip to avoid an invalid free of the
preference.
Change-Id: I39cb0a35364f2ecd32b780fcb7c0253bd866f329
Reviewed-on: https://code.wireshark.org/review/13145
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When a single frame contains multiple SSL segments and the higher-level
PDU requests desegmentation, then each segment will trigger a
dissection, resulting in a new tree for each.
This seems to happen because the SSL dissector tries to complete a
reassembly whenever a segment is found in the last frame. When doing the
second pass, the fully reassembled segment is known and as a result the
payload dissector is called for all SSL segments in a single frame.
Fix this by checking whether the end of the segment covers the whole
reassembled data. Another workaround is added to avoid "[SSL segment of
a reassembled PDU]" in the Info column when desegmentation finishes.
Also fix the SSL version in the Protocol column when a segment is part
of a reassembled PDU.
Bug: 11079
Change-Id: I9ae0c8ae5c56ed0dd7b071dec8bcc87e838a068d
Reviewed-on: https://code.wireshark.org/review/12307
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 12011
Change-Id: Idcb0b547d49dcf4b87ddfc05aceb24d06c38ab32
Reviewed-on: https://code.wireshark.org/review/13295
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie41471f79191097c491d58949c4e90b314cade04
Reviewed-on: https://code.wireshark.org/review/13300
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I574b0364a3007c02d45bbb8cfbfed786a78da0a5
Reviewed-on: https://code.wireshark.org/review/13289
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
dissect_ber_constrained_bitstring
Bug: 11828
Change-Id: I43c493ed261e73e0f3b31892c161dcfc46071054
Reviewed-on: https://code.wireshark.org/review/13292
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib5cf998cd0217e9335d826962efdc29ff13af12a
Reviewed-on: https://code.wireshark.org/review/13214
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ie21553cf487dbf3920f4ba955503a819103d7b51
Reviewed-on: https://code.wireshark.org/review/13279
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I14d8245ee5ca51d15c7b6eda3d5993a805680530
Reviewed-on: https://code.wireshark.org/review/13287
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I3b16427f43603bc665385b5c59d6e278797a2b96
Reviewed-on: https://code.wireshark.org/review/13285
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
With this dissector, anyone can write a plugin to dissect their
data type and RTPS will call it if the dissector is registered using
the Type Name (what is the common thing to do).
Also, added a fix in dissect_APP_ACK so now the APP_ACK messages
are properly dissected. It had a couple of wrong offsets and was
calling dissect_serialized_data instead of directly adding the
serialized data (dissecting an encapsulation that is not there).
Bug: 11917
Change-Id: Ie1c6880d60e3537a1cbae4840cc6ff6e1a62ca0e
Reviewed-on: https://code.wireshark.org/review/12824
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I9d749c43727291768a36adc0c1956f73a5374f91
Reviewed-on: https://code.wireshark.org/review/13283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Id439256b4a6705fed4ded69884bc371a8d6ce47b
Reviewed-on: https://code.wireshark.org/review/13280
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Do not call heuristics dissectors when the SSL application data protocol
is known (via STARTTLS or via an earlier packet in session).
When the protocol is *not* known, first try heuristics on the initial
payload. If a match is found, it can then override the protocol that
would otherwise be used due to a port number match.
The HTTP2 dissector is adjusted to take advantage of that such that
HTTP2 on non-standard ports still get detected as HTTP2. Also save
dissector registration to avoid the http2 dissector from showing up
as "(null)". Now HTTP2 is really shown as "http2" and not "http" in
the "Application Data Protocol"!
The CredSSP dissector is untested and not modified as I don't know if
the whole stream will be SSL.
Tested with fix-ssl.pcap and a http2 capture (from bug 11331) wrapped
in SSL (without ALPN).
Change-Id: I134e2d4ac22287bc0a5aeadb1e38cb4059fa108b
Reviewed-on: https://code.wireshark.org/review/13179
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Enable FIX dissection over SSL using a heuristics dissector for SSL
application data.
Tested with fix-ssl.pcap from the SampleCaptures wiki page which I
generated using f8test from Fix8 1.3.4 (compiled/running on Debian
Jessie with OpenSSL 1.0.1k-3+deb8u1).
Bug: 8625
Change-Id: Ib29c30352f22f49dcf4c5b5f1915c43031064c34
Reviewed-on: https://code.wireshark.org/review/12263
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
packet data.
On behalf of SimPhonics, Inc.
IEEE 1278.1-2012 DIS spec details the PDU header timestamp in section
6.2.88 as a 31-bit unsigned integer count of microseconds since the start
of the current interval. Likewise, the DIS dissector should reflect this
information accurately, based on the actual complete contents of captured
packets.
Tested with DIS packets generated from VPlus for radio simulation by
SimPhonics.
Change-Id: I73b9689e1fb35900b7063746cac604a72a69ab16
Reviewed-on: https://code.wireshark.org/review/13210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
6LoWPAN IPHC dissection displayed ECN and DSCP as if they were an
IPv6-layout bitfield. Remove this extra abstraction layer, and output
them more simply as individual bit items, with a generated field
to indicate the IPv6 equivalent.
Change-Id: Iff1473ce181fb40ae07a773689a5fee7bd9e98c7
Reviewed-on: https://code.wireshark.org/review/13185
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- When parsing key data for GTK, check both the IE ID (0xdd) and OUI-type (00-0F-AC 1)
as key data may contains more that one IE with ID (0xdd) and GTK KDE is not always the first one
- Determine key type (TKIP/CCMP) based on actual key length and not size of the whole key_data part
- Remove arbitrary limit on size of key_data
Bug: 11973
Change-Id: I8f71fe970c07a092131eada2be3936c12a61cdd5
Reviewed-on: https://code.wireshark.org/review/13182
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There's no "old" register_per_oid_dissector, so the new_ is redundant.
Change-Id: Iaf85a0bec120c5171d68ca4b12b6724a77df8305
Reviewed-on: https://code.wireshark.org/review/13274
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There are no longer any "old" dissectors, so "new_" is redundant.
Change-Id: I5fee51228c2a8562166f5991e1f30c2c697e45c8
Reviewed-on: https://code.wireshark.org/review/13273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I140a6c7ac2f9380335ce9756824319b4d4a5b323
Reviewed-on: https://code.wireshark.org/review/13272
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6814616be9d46e0a075cc3f1d97ded131493b67e
Reviewed-on: https://code.wireshark.org/review/13271
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the
argument either point to a struct atm_phdr or to a pwatm_private_data_t.
Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header
if you need to construct an ATM pseudo-header for a dissector; have your
own struct atm_phdr structure, fill it in, and pass a pointer to *that*
to the sub-dissector.
Cleans things up a bit.
Change-Id: I4464924def4de41c625002b2d273592bd529e46e
Reviewed-on: https://code.wireshark.org/review/13270
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
MA USB packets with USB payload are now passed into the USB dissector.
This allows the payload to be dissected by the USB sub-dissectors.
1. Refactor dissect_usb_common() and put the code needed for finding USB subdissectors
into a seperate helper function.
2. Add dissect_usb_payload() call
3. Add dissect_mausb_pkt_common() helper function
4. Put code for dissecting all types of MA USB packets into helper
function dissect_mausb_pkt().
5. Add dissect_mausb_pkt_data() helper function
6. Put code for dissecting MA USB datapacket-specific fields into helper
function dissect_mausb_pkt().
7. Use proto_tree_add_bitmask() call for MA USB bitfields.
8. Create packet-mausb.h to expose MA definitions to USB dissector
9. Dissect MA USB payload with USB subdissectors
10. Undeclare USB calls no longer used by MA USB dissector
Change-Id: I456714572cd8dfc9982b087670ca73c17e25a26c
Signed-off-by: Sean O. Stalley <sean.stalley@intel.com>
Reviewed-on: https://code.wireshark.org/review/13187
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I5be0ce9168e987e8fd5ba404338111c8b8706c9f
Reviewed-on: https://code.wireshark.org/review/13243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I46d23e57441f5776a63776adc8cbf7fedffad49c
Reviewed-on: https://code.wireshark.org/review/13264
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Ic9c19bf7f8ee4233ac1150bc372b3693502d986d
Reviewed-on: https://code.wireshark.org/review/13261
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The data before the Ethernet packet isn't a 16-bit little-endian
integer, it's two bytes, one byte of offset and one byte of padding.
Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1
Reviewed-on: https://code.wireshark.org/review/13254
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Introduce a frame_data flag "need_colorize" to indicate that coloring
rules need to be evaluated and set it for the GUI (not tshark). This
restores the original performance characteristics.
It additionally fixes a regression where the color filter name and
filter is not shown anymore in the tree (I guess it is related to the
edt->tree being NULL when re-selected, resulting in empty color_filter).
Remaining problems:
- Display filter cannot contain frame.coloring_rule.* fields. Code is
present to enable this, but then a method is needed to avoid an
expensive second calculation (which is why it is disabled).
- The columns are still not updated after coloring rule change.
- The two frame.coloring_rule fields in the tree are not updated when
the coloring rule is changed (e.g. Ctrl-1).
The last two issues were supposed to be fixed by the previous patch, but
there is probably some missing code... Tested with GTK and Qt.
Bug: 11980
Change-Id: I3ef7713b28db242e178d20f6a5f333374718b52e
Reviewed-on: https://code.wireshark.org/review/13170
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That's how they're extracted in the libwiretap module, and that's how
they're shown in the ERF spec.
This gets rid of some compiler warnings about type-punning.
Merge some reserved bit fields to match what's in the ERF spec.
Renumber others.
Process the AAL2 and MC headers differently; yes, they're both
big-endian 32-bit values, but that makes the code a bit clearer, and,
heck, the optimizer may well combine the two sequences of code.
Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7
Reviewed-on: https://code.wireshark.org/review/13251
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Enable decryption of Protected Management Frames by:
- Authorizing decryption for robust management frame (i.e. management
frame that may be encrypted): deauth, disassoc and action
(Note: Assume all action frames are robust even if it is not the case)
- Updating initialization of Additional Authentication Data (AAD)
(don't filter-out subtype) and construct nonce (set mgmt flag) for
management frames
Bug: 11995
Change-Id: I7c34a021e4c49111b85d217c9272d24d0e29ecb2
Reviewed-on: https://code.wireshark.org/review/13232
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Add a comment indicating what choices are offered here; note that going
back to FT_BYTES without changing the way it's put into the protocol
tree is *not* a choice that's available.
Bug: 11999
Change-Id: I9831c7e9e522d3c7cea2e92c2a989050772019e4
Reviewed-on: https://code.wireshark.org/review/13244
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
tap_listener queue is declared volatile. Assignment with cast
to non-volatile generates compiler warnings.
Change-Id: I3a2954f0d6ecfd7862ee0d9c1820cf737128a3c5
Reviewed-on: https://code.wireshark.org/review/13076
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I72f09eda89adc231a6c97d3abde9ca6cebe4b24d
Reviewed-on: https://code.wireshark.org/review/13234
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Displayed as 6 hex digits, not 3.
Change-Id: I61f9b41d4bd846ff74fac24b0651c7243c9c9e51
Reviewed-on: https://code.wireshark.org/review/13235
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: I48a14291205b14bc1eeade9b363c9e1d68d2eb9b
Reviewed-on: https://code.wireshark.org/review/13223
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|