Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I6c8f01e65a16561ff78593edc263fb26d99c182b
Reviewed-on: https://code.wireshark.org/review/17552
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I7575caad67101d394c2c80d4bfd81f83389043aa
Reviewed-on: https://code.wireshark.org/review/17551
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
For debugging...
Change-Id: I23eb70c89ac95371e1d7b05a52ffeed4f993a52a
Reviewed-on: https://code.wireshark.org/review/17135
Reviewed-by: Lucas Pardue <lucas.pardue@bbc.co.uk>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This patch fixes incorrect endian conversion in pdu length.
Actually pdu length is big endian.
Ping-Bug: 12122
Change-Id: I9f8827293e684a5b4c957138f5879efdd140c500
Reviewed-on: https://code.wireshark.org/review/17533
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Keepalive req/resp messages are shown as "Unknown type (0x00)" in info column.
This patch fixes them to "Keepalive Request" and "Keepalive Response".
Ping-Bug: 12122
Change-Id: If09192067736b78c7785ba1ff05ae62a05d3dc23
Reviewed-on: https://code.wireshark.org/review/17497
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1630199383e0b83bf14e8d9850870268d7db777c
Reviewed-on: https://code.wireshark.org/review/17542
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I97250d022a40ac888522f885968e7cd3c86e3485
Reviewed-on: https://code.wireshark.org/review/17540
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: Ic26603488cb020da3885f5bc97c65aae18fdf191
Reviewed-on: https://code.wireshark.org/review/17517
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I714e2ea4808213901a8be64e65a0cb37c3002372
Reviewed-on: https://code.wireshark.org/review/17516
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.
Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
and IPv6
Change-Id: I8c257d79b4e842da6853ea3c53ae479f33a8047a
Reviewed-on: https://code.wireshark.org/review/17491
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
It contains the same password field that appears in the Registration
message. Make this field generic and reuse it here.
Change-Id: I7be9a99b5da1713937ffca5624be66150ff453d1
Reviewed-on: https://code.wireshark.org/review/17489
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Change-Id: I351621f1def5ad6da577a9b0d1b2c5ab49018564
Reviewed-on: https://code.wireshark.org/review/17488
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
add the value for euro
Change-Id: Id8624e356ad4fcddcf77483a721428782c6bb0b2
Reviewed-on: https://code.wireshark.org/review/17487
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I11d066907492642f5baaa38a79b8bcd086a579c4
Reviewed-on: https://code.wireshark.org/review/17484
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Implement the same changes in the ELEM_TLV() and ELEM_TV() macros as in
packet-gsm_a_common.h, to remove superfluous code and squelch about 50
Coverity issues.
Change-Id: I262dc60fdfa3482876d8525b34f6b1dbbe371257
Reviewed-on: https://code.wireshark.org/review/17478
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Source: [MS-SMB2] 2.2.37.1
Change-Id: I526066700a88398366f31cd51552f9fa8bb761b8
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17447
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: If529448539f9e8d740fd20009221e9221db83b2b
Reviewed-on: https://code.wireshark.org/review/17475
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I08246d3fa97ceafefd3a1ab5c36de50a5728fd19
Reviewed-on: https://code.wireshark.org/review/17474
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I1a5d4390e91c5a758e52feba6059407d873adf7a
Reviewed-on: https://code.wireshark.org/review/17472
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.
This does not include extended attributes at the moment.
Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a function that dissects FILE_GET_QUOTA_INFORMATION
structure ([MS-FSCC] 2.4.33.1)
This structure is used to define a set of SIDs whose quota
is to be fetched.
Change-Id: I81f6bca98fb239935ca593bd8725cebbb2037fbe
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17445
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.
Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.
Update the User's Guide accordingly.
Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.
Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This patch contains a partial rewrite of the BGP dissector for Extended
Communities. The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI. The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities. I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.
In particular, the changes encompass the following:
1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits. These were not dissected before.
2.) Dissection for EVPN Extended Community was improved. The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.
3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.
4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level. These stored the result of a
tvb_get_...() call but the value was used only once. I have replaced them
with the direct use of tvb_get_...()
5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().
6.) Reworked the style in which individual communities are displayed. Each
community item (collapsed) is now displayed using the following label
format:
Community name: Values [Generic community type]
Examples:
Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]
6.) To keep the filter names more consistent, changed names of selected filters:
bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown
In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.
7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.
Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ifad70ed2ee2a554cdc31496ad47148728071abdb
Reviewed-on: https://code.wireshark.org/review/17458
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I68cbcf257b63a86ee37e1357876a90ea683a1d5a
Reviewed-on: https://code.wireshark.org/review/17455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
the case of non-compliance
Change-Id: Id848574ea748786ccd6808d370cb480caa948cfb
Reviewed-on: https://code.wireshark.org/review/17433
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fix dissector abort on short tags.
Fix value typo in hash mode enum.
Differentiate unexpectedly short value, zero length (deliberate invalid)
and off-end-of-record tags through expertinfo.
Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly
long tags for now.
Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not
currently implemented outside Wireshark anyway.
Ping-Bug: 12303
Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816
Reviewed-on: https://code.wireshark.org/review/17382
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)
Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.
Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
To be usable by SMB2 dissector
Change-Id: I7f5b9a021951c2529f8058cd2fc160eff2e865c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17441
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In SMB user quota records, parse unknown 8-byte field
as quota record's last change time
(source - [MS-FSCC] 2.4.33)
Change-Id: I1f2839934fc0ab8e3d38105e02ef91a547256a70
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
As requested by bug 10969 add a link to OSM for locationEstimate.
Bug: 10969
Change-Id: I715b3b5eae9728999d5c8f8c155bbcef3911ee93
Reviewed-on: https://code.wireshark.org/review/17375
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Memleaks could occur in these scenarios:
- Two consecutive fields fail in their chk callback, overwriting the
first heap-allocated error message.
- After parsing one record, the internal record was never freed.
- Syntax errors abort the parsing process and leaks the record and
current field value.
These leaks will only happen at startup, when the UAT files are read or
when UAT strings are loaded (e.g. from the ssl.keys_list preference).
Change-Id: I4cf7cbc8131f71493ba70916a8f60168e5d65148
Reviewed-on: https://code.wireshark.org/review/17432
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Bug: 12798
Change-Id: Id9569cb0f79094d5152ea5949d398eb7384ee76f
Reviewed-on: https://code.wireshark.org/review/17439
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
No functional change, fixes typos, adds some meaningful function
parameters and tries to clarify the memory management concerns.
Also fix a -Wdocumentation issue in epan/proto.h
Change-Id: I59d1fcd2ce96178e0a64a0709409a9a7a447c7c6
Reviewed-on: https://code.wireshark.org/review/17431
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I8330e7e57d3ad09e526da0d7a0970f96fedd03a6
Reviewed-on: https://code.wireshark.org/review/17434
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Introduced with v2.3.0rc0-112-gdcb7b71, nxt is only a guint8* which
fails on 32-bit glib before 2.31.2.
Change-Id: Ide1816a971fa213f5669a7fa71bc111d5b1cc921
Reviewed-on: https://code.wireshark.org/review/17418
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
In commit v2.3.0rc0-121-gb6d13ef, GUINT_TO_POINTER(ah_nxt) was added,
but on 32-bit glib before 2.31.2 this results in a type error. Change
the type of ah_nxt since all its users take a guint anyway.
Change-Id: I2fb030f79011b8a7159a0b0df26d3545b0ce3c06
Reviewed-on: https://code.wireshark.org/review/17419
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Also manually add PLMN 460 02 (Chian Mobile) as it is not listed by ITU yet
Bug: 12622
Bug: 12798
Change-Id: I7c6fab9dcb9da90178186e94f624301ef1861421
Reviewed-on: https://code.wireshark.org/review/17428
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Bug: 12801
Change-Id: Ic70f0d93bbffc99ceacf6b2963b04d7477e4914b
Reviewed-on: https://code.wireshark.org/review/17425
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ic72d264686c3b37ac15118eec07057c7bb8a2a50
Reviewed-on: https://code.wireshark.org/review/17422
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This should fix crashes on Windows, _strdup should not be mixed with
g_free. This was only uncovered in v2.3.0rc0-474-ga04b6fc, before that
ddict_free was never called.
Change-Id: I34111385c82715de70fb42fe44b99b89e132a374
Reviewed-on: https://code.wireshark.org/review/17423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The RFtap protocol is a simple metadata header designed to provide
Radio Frequency (RF) metadata about frames.
For official specifications see: https://rftap.github.io/
Signed-off-by: Jonathan Brucker <jonathan.brucke@gmail.com>
Change-Id: I0d008b2baadcc5cc9577113e9795eef2691b961a
Reviewed-on: https://code.wireshark.org/review/17355
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This reverts commit 5fea2b5f4198f1a36f313ef38532ddffd02ac5b1.
I.e., it puts back the change; the reverted version passed the tests on which the versions with this change crashed.
Change-Id: Idcc0eb11588cf14e2fe666de1905ee63917b0fcf
Reviewed-on: https://code.wireshark.org/review/17413
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|