Age | Commit message (Collapse) | Author | Files | Lines |
|
Until now, it is not possible to use the IANA-assigned protocol values in a Wireshark plugin.
This commit exports them for use on Windows machines.
As discussed on http://seclists.org/wireshark/2015/Nov/88
Change-Id: I22adc33accf5d776bd3e5cc0899d3c5b9e9d531c
Reviewed-on: https://code.wireshark.org/review/11874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a
(patched?) BouncyCastle 1.51.0 exposed the odd behavior where the
ProtocolVersion from the record layer was always fixed to DTLSv1.2 while
the server agrees to use DTLSv1.0.
This resulted in a Malformed packet dissection of the ServerKeyExchange
message which mistakenly expects a SignatureAndHash field. Fix this
by using the protocol version from the ServerHello. Keep the fallback
in case a capture starts in the middle of a SSL conversation.
(Also display "DTLS" instead of "SSL" when the version is not yet
determined for DTLS packets.)
Bug: 11709
Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6
Reviewed-on: https://code.wireshark.org/review/11821
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The SslSession struct contains a "version" field for displaying
purposes in the protocol column while the SslDecryptSession struct
has a "version_netorder" field for use in TLS hash functions (for
secrets calculations).
As these are strongly associated with each other, remove the
version_netorder field and its associated constants, let the SslSession
version field store this value instead. All SSL_VER_* are renamed to
appropriate *_VERSION macros (via search & replace), SSL_VER_UNKNOWN
is kept though.
The PCT and SSLv2 protocols had no wire value (*_VERSION), so
SSL_VER_PCT and SSL_VER_SSLv2 are assigned with some arbitrary values.
Warning: external plugins using the ssl_set_master_secret function
must now pass the wire version (TLSV1_VERSION) instead of the (now
removed) internal macros (SSL_VER_TLSv1).
Change-Id: Icd8ef15adae9c62eb21eab1c3b812166e451936f
Reviewed-on: https://code.wireshark.org/review/11820
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: Ie514f126352e7598acc4f7c38db9c61d105d5e48
Reviewed-on: https://code.wireshark.org/review/11850
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iac003993e820e3ad5ecbe2c9322bce1957a14c25
Reviewed-on: https://code.wireshark.org/review/11855
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
A similar issue was discussed and fixed for IP Flags in d051e79a
(svn revision 33264).
Change-Id: I532f51e813aee707b9573537cb8fbdb823158a61
Reviewed-on: https://code.wireshark.org/review/11817
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I1dba41c9f129d368096dd69a0f40fa2164311124
Reviewed-on: https://code.wireshark.org/review/11852
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Added a check for nil valuestring for all ProtoField integer types
to avoid lookup when argument is not set.
Change-Id: Ib4c016b69ee77dbea4bb83ac93c0d9ae9f48f236
Reviewed-on: https://code.wireshark.org/review/11845
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: I1d4cddd4026f08416005f2b3212536b3984d1a8d
Reviewed-on: https://code.wireshark.org/review/11834
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
A zero checksum is not illegal in IPv6/UDP when in a ICMPv6 packet.
Change-Id: I07acc874d2385992089ef3ebc7a82e853904ecfc
Ping-Bug: 6232
Reviewed-on: https://code.wireshark.org/review/11808
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I7a2eaecb6f24992cb3023919c8bd8af2c15192c3
Reviewed-on: https://code.wireshark.org/review/11838
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
This concludes a "first pass" over the dissector directory.
Change-Id: If5ce5484214be50fe541cba478da1de62e354297
Reviewed-on: https://code.wireshark.org/review/11830
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
A ProtField type FRAMENUM cannot fetch value from a Tvb.
Change-Id: Iff0f6df8b00445855c9030dcfa753daa62262171
Reviewed-on: https://code.wireshark.org/review/11832
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I25fe6a0aac93980333217d007702799d16946563
Reviewed-on: https://code.wireshark.org/review/11816
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The ack symbol is for the Address PDU beeing acked.
Also use the DUP_ACK symbol for P_Mul's Ack-Ack.
Change-Id: I3da616e95e9c2cf889b1e4e4c0570ab0c276a2d2
Reviewed-on: https://code.wireshark.org/review/11819
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The ack symbol is for the Message, Report or Notification beeing acked.
Change-Id: I5ef99b9e7830f437278af18e681f8200fab6c3d4
Reviewed-on: https://code.wireshark.org/review/11818
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
function declaration [-Wdocumentation]
Change-Id: I0d0c1a3dde14d9817aef28352081dfbfbac6c9fb
Reviewed-on: https://code.wireshark.org/review/11774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8
Reviewed-on: https://code.wireshark.org/review/11805
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I084b43fcd8419741c2de007bd03fc04532346813
Reviewed-on: https://code.wireshark.org/review/11797
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
Change-Id: Iade2d06512bacbeff3e7446487a03d4f73dba721
Reviewed-on: https://code.wireshark.org/review/11796
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
CMake's Visual C++ generator creates projects that compile with the
Debug configuration by default, which defines _DEBUG. Fix DEBUG_DUMP's
declaration so that we compile in that case.
While we're here note that the "airpd" prefix isn't limited to AirPcap,
so we might want to change it accordingly.
Change-Id: I5476f28c63020f0f66ee9128731bc4b3dc720765
Reviewed-on: https://code.wireshark.org/review/11787
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
If we encounter the wrong ftype, print its name.
Change-Id: I7405ccdd3e099f533c6a8aaf81b60faf4093741a
Reviewed-on: https://code.wireshark.org/review/11790
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I58c5ffc377d268cfb3d245e5bd2165a38dda0457
Reviewed-on: https://code.wireshark.org/review/11779
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
also sets the last_field flag to true if it's the end of the buffer.
Change-Id: I135d052fce04807ce61b5feb9af121ff4528f595
Reviewed-on: https://code.wireshark.org/review/11731
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I9e9746dc5f17daea7830ddc37f5df0ba16def397
Reviewed-on: https://code.wireshark.org/review/11762
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This is a dissector for the ISO14443 protocols between a contactless
smartcard and a card reader.
The overall approach is similar to DVB-CI. We have a pseudo-header in
front of the captured data that has information about the type of the
captured data and the direction.
For now, the dissector registers itself by name so it can be linked to a
user-DLT. I am applying for an official DLT.
Change-Id: I9c4a28ef5b220f205baf58381bf1962996887a9d
Reviewed-on: https://code.wireshark.org/review/11663
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
format_text() is specifically intended to handle strings when displaying
them to the user; code such as AirPDCap, which doesn't display strings
to the user, should be handed the raw SSID.
Put in a comment indicating what we probably *should* be doing here.
Bug: 11685
Change-Id: Ic30114c35d1d8f3d791ae904e33a4d81ddc215ec
Reviewed-on: https://code.wireshark.org/review/11757
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Fixes Qt GUI supported protocols display.
Change-Id: If51aae0f6cb2a7d182aa1c40bd827e09bbddbb09
Reviewed-on: https://code.wireshark.org/review/11536
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug:11685
Change-Id: Ibe7a2909f0aed33fa35685ac5c8e0e1a8a626742
Reviewed-on: https://code.wireshark.org/review/11652
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The functions str_to_ip() and str_to_ip6() are not yet exposed to plugins so
they cannot be used there.
Now they are added to the plugin API.
Change-Id: I9df267934ad43887a6326c8c9a1a666f263c08a2
Reviewed-on: https://code.wireshark.org/review/11728
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I758c39698847d65447e0a7490104a9369c85f6cd
Reviewed-on: https://code.wireshark.org/review/11684
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I7f5724e263ab81d42421d0cfcb1fc4b63a55d79e
Reviewed-on: https://code.wireshark.org/review/11590
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
accept the node key as a first parameter.
wmem_tree accepts all sort of keys (strings, integers, soon ranges),
thus it is of interest for various purposes (testing, greedy search) to
know the key of the node.
Change-Id: Ie748b917bef91f0b1ba8cce15bd1b471922641dc
Reviewed-on: https://code.wireshark.org/review/11683
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I24185128e664a0f7cc2b59d5d653582cddd04df1
Reviewed-on: https://code.wireshark.org/review/11686
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I98905988ceb394d27307d1cbe883d8fe95ac23e4
Reviewed-on: https://code.wireshark.org/review/11703
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Added IP address and port number to the comp_req_list_entry so
get_mfn_from_fn_and_reqid can check for matching IP and port number
when searching for the reply to a request.
Change-Id: Iad00bca5c1104cf8c335001f84264fe55d2e45fc
Reviewed-on: https://code.wireshark.org/review/11599
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Checking WIRESHARK_ABORT_ON_DISSECTOR_BUG here looks somewhat redundant but it's not:
it's needed to prevent REPORT_DISSECTOR_BUG() from throwing an exception when
we're not dissecting (when nobody's going to catch the exception).
Change-Id: I4dfc484bdf13bca236bfff1388d4399e26880ad7
Reviewed-on: https://code.wireshark.org/review/11272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib9719ac893288b9f26acabb81158ed42b2351fb5
Reviewed-on: https://code.wireshark.org/review/11572
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
DCERPC)
Change-Id: Ie6f28fd749219ddadc53820f94866e91cca297cb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/11596
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It doesn't actually *close* any handle, so it's best called a "finish"
routine rather than a "close" routine.
In libwiretap modules, don't bother setting the finish routine pointer
to null - it's already initialized to null (it's probably best not to
require modules to set it).
Change-Id: I19554f3fb826db495f17b36600ae36222cbc21b0
Reviewed-on: https://code.wireshark.org/review/11659
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I28ce51f3c06f78b85792bce4a13ef39eb75d7890
Reviewed-on: https://code.wireshark.org/review/11648
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3c1ee97f68af4539b97d50b75c03ff82147dbc5e
Reviewed-on: https://code.wireshark.org/review/11649
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I93c001e78f9365300d393bac6714535f454c6515
Reviewed-on: https://code.wireshark.org/review/11647
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
[-Wmissing-prototypes]
Change-Id: Ib2be8c4ebbaf8492fe76632fae2b5076a44f74ce
Reviewed-on: https://code.wireshark.org/review/11653
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This change should fix some complains from coverity.
Change-Id: Ic46212e12892779b2aa0276e028fea2d9fbb6985
Reviewed-on: https://code.wireshark.org/review/10545
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I5da56a10b8c73f804e98124895c513ad4c97a37b
Reviewed-on: https://code.wireshark.org/review/11643
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id8aad52198905eb33ecccf5ace01287954f31d2e
Reviewed-on: https://code.wireshark.org/review/11526
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|