Age | Commit message (Collapse) | Author | Files | Lines |
|
A filter for payload makes it easier to exoprt it.
Change-Id: I0732c60c7fac37283fcbe6508d5e27bcd3c603fd
Reviewed-on: https://code.wireshark.org/review/35519
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
dpauxmon relies on libnl that is linux specific. Skip the test
for other platforms.
Fix skip message while here.
Change-Id: I744d83d0a56e41e1c32e45ade8ca0d9dd29876e1
Reviewed-on: https://code.wireshark.org/review/35525
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Fixes:
- sdjournal is available on linux only.
- The systemd library has been put in the right group in debian-setup.
Change-Id: Ie022f29da4313d17d55201b6e7ea1ab2ae740e18
Reviewed-on: https://code.wireshark.org/review/35478
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
All the shipped extcaps will be tested against:
--help
--extcap-interfaces
--extcap-interface <IFACE> --extcap-dtls
--extcap-interface <IFACE> --extcap-config
Bug: 16268
Change-Id: I7949103940c95c9c23fc5dd3743c15995d3a152d
Reviewed-on: https://code.wireshark.org/review/35409
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I71a28535f2c9081e965004f02ec85ff500f9278b
Reviewed-on: https://code.wireshark.org/review/35428
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Bug: 16207
Change-Id: I95047f76430f5e83083b950a8ed7400e6cdd40ec
Reviewed-on: https://code.wireshark.org/review/35117
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add a test to verify that PTK can be derived for WPA3 SuiteB-192
captures and that encrypted keydata field is decrypted so that
GTK can be dissected.
NOTE: Capture file contains no encrypted data frames as currently
Wireshark does not support decrypting GCMP-256 encrypted data.
Ping-Bug: 16197
Change-Id: I57fbc14a4b4bca58790c4edcee14f1ef73d73fd5
Reviewed-on: https://code.wireshark.org/review/35068
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug: 16187
Change-Id: Ie8d6dd1a8ff203bd6270dcfcbbeda953d57733f3
Reviewed-on: https://code.wireshark.org/review/35046
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
According to https://www.elastic.co/guide/en/elasticsearch/reference/6.7/date.html
a timestamp can be string or integer. Print the absolute times as string and the
relative times as integers.
The format for the time will be "date_nanos" as described here
https://www.elastic.co/guide/en/elasticsearch/reference/current/date_nanos.html
Ping-Bug: 15784
Change-Id: I430939961767fa65d11f2d3c939b203c8c84e88e
Reviewed-on: https://code.wireshark.org/review/34166
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Support Extended Key ID for Individually Addressed Frames from
IEEE 802.11 - 2016.
Extended Key ID allows unicast (PTK) keys to also use key ID 1 and has
an additional RSN attribute "KeyID" in EAPOL #3.
Add the additional attribute KeyID to the RSN parser, stop assuming
unicast keys are only using key ID 0 and add a test case to verify
Extended Key ID parsing and decoding.
Change-Id: I43005c74df561be5524fa3738149781f50dafa14
Reviewed-on: https://code.wireshark.org/review/34883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
If a ProtoField object was created, but not linked to a Proto, then the
strings field and all elements (depending on type) would leak.
This is a follow-up to g79fef2ae and fixes the real issue in g44870fb1.
Change-Id: I01880a92bb20fae45f68c754b07daeb07630deec
Reviewed-on: https://code.wireshark.org/review/34872
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Add the newly create ProtoField to the test_proto.fields in order to be freed.
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x55e041f5ef86 in realloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x222f86)
#1 0x7fd8e0919e7d in g_realloc gmem.c:164:16
#2 0x7fd8e08e457b in g_array_maybe_expand garray.c:820:21
#3 0x7fd8e08e4b49 in g_array_append_vals garray.c:428:3
#4 0x7fd8ef112b6e in value_string_from_table /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:294:9
#5 0x7fd8ef10ee10 in ProtoField_new /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:646:24
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x55e041f5ef86 in realloc (/home/vasko/sources/wireshark/build_clang/run/tshark+0x222f86)
#1 0x7fd8e0919e7d in g_realloc gmem.c:164:16
#2 0x7fd8e08e457b in g_array_maybe_expand garray.c:820:21
#3 0x7fd8e08e4b49 in g_array_append_vals garray.c:428:3
#4 0x7fd8ef111e2e in range_string_from_table /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:226:17
#5 0x7fd8ef10e43f in ProtoField_new /home/vasko/sources/wireshark/epan/wslua/wslua_proto_field.c:642:24
Fixes: v3.1.1rc0-497-g0371994223 ("wslua: Improve parameter check in ProtoField.new()")
Change-Id: I05b8bf3d78c8a540c6cf33d11dc3f3e01f83b8c5
Reviewed-on: https://code.wireshark.org/review/34834
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Improve paremeter check in ProtoField.new() when using ftypes.CHAR:
- Check valid base types and give an error when not supported instead of
terminate in a g_error() (base.DEC is not supported).
- Give an error if used with base.UNIT_STRING instead of silently remove
the flags.
- Support base.RANGE_STRING instead of removing the flag.
Support using base.NONE with a valuestring.
Add ftypes.CHAR to the list of supported types.
Change-Id: I0e3f9698074c807f5da0de23ccd1be7446271135
Reviewed-on: https://code.wireshark.org/review/34783
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
pytest 5.2.0 added support for callable scopes. In order to distinguish
those (`@pytest.fixture(scope=fn)`) from decorators (`@pytest.fixture`),
it added extra arguments which was not expected by our wrapper. See
https://github.com/pytest-dev/pytest/pull/5776 for the change.
Fixes the following error:
ImportError while loading conftest 'test/conftest.py'.
test/conftest.py:42: in <module>
from fixtures_ws import *
test/fixtures_ws.py:198: in <module>
@fixtures.fixture
test/fixtures.py:36: in fixture
return pytest.fixture(scope, params, autouse, ids, name)
E TypeError: 'bool' object is not iterable
We do not use non-keyword arguments, so it is safe to use `*` instead of
`*args` in the prototype.
Change-Id: I96220e0e85249ad58880e5de75f8987a0fdc16ef
Reviewed-on: https://code.wireshark.org/review/34672
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The HTTP/2 protocol multiplexes a single TCP connection into multiple
independent streams. The Follow TCP output can interleave multiple
HTTP/2 streams, making it harder to analyze a single HTTP/2 stream.
Add the ability to select HTTP/2 Streams within a TCP stream.
Internally, the HTTP/2 dissector now stores the known Stream IDs in a
set for every TCP session which allows an amortized O(n) lookup time for
the previous/next/max Stream ID.
[Peter: make the dissector responsible for clamping the HTTP/2 Stream ID
instead of the Qt code, that should permit future optimizations.]
Change-Id: I5d78f29904ae8f227ae36e1a883155c0ed719200
Reviewed-on: https://code.wireshark.org/review/32221
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexander Gryanko <xpahos@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 15393
Change-Id: I931813ce3492557a5673e6bbd0269d34c0d550b2
Reviewed-on: https://code.wireshark.org/review/31416
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Dumpcap doesn't support fifos with streams created on a machine with
different endianess. Until dumpcap will support that, we need to skip
some tests so the whole test suite can pass.
Ping-Bug: 15754
Change-Id: Ia7fdf833715bf975fcee76968a7c1d75d084bd6f
Reviewed-on: https://code.wireshark.org/review/34173
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
The local and group address flags are shared between destination and
source addresses. This makes filtering difficult sometimes. Create
unique fields for them, while moving the existing fields into hiding.
This breaks the output format tests, so the baseline files need to be
updated as well. At the same time document how this can be done.
Bug: 15955
Change-Id: I849bb306f044c09d4ed0836fe92fef8981912500
Reviewed-on: https://code.wireshark.org/review/34139
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ice2e1e2e4d94f6c9da7c651866cfa1a8ac4a31d8
Reviewed-on: https://code.wireshark.org/review/34096
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Some dissectors populate pinfo->p2p_dir with a packet's direction
(incoming / outgoing). Make this info available to lua dissectors.
Add a simple test for Pinfo's new p2p_dir attribute to the wslua
test suite. It checks that p2p_dir is unknown for dhcp packets.
(The dhcp dissector does not set p2p_dir).
Change-Id: I8cc39a11cff840d10ef7fa94d30cbac8bf9b533f
Reviewed-on: https://code.wireshark.org/review/33935
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
The latest iteration of Microsoft updates to SMB3 added compression to
the protocol. This commit implements decompressing and dissecting
compressed payloads.
The compression algorithms that can be used are "Plain LZ77",
"LZ77+Huffman" and "LZNT1" which you can read more about in the
[MS-XCA] documentation. This set of algorithm is sometimes referred to
as XPRESS.
This commit reuses the existing uncompression API scheme already in
place with zlib and brotli and adds 3 tvb_uncompress_*() function
implemented in:
* epan/tvbuff_lz77.c
* epan/tvbuff_lz77huff.c
* epan/tvbuff_lznt1.c
A new function wmem_array_try_index() was added to the wmem_array API
to make bound checked reads that fail gracefully. New tests for it
have been added as well.
Since both reads (tvb) and writes (wmem_array) are bound checked the
risk for buffer overruns is drastically reduced. LZ77+Huffman has
decoding tables and special care was taken to bound check these.
Simplified versions of the implementations were succesfully tested
against AFL (American Fuzzy Lop) for ~150 millions executions each.
The SMB2/3 dissector was changed to deal with the new transform header
for compressed packets (new protocol_id value) and READ request
flags (COMPRESSED). Badly compressed or encrypted packets are now
reported as such, and the decryption test suite was changed to reflect
that.
This commit also adds a test capture with 1 packet compressed with
each algorithm as returned by Windows Server 2019, along with 3
matching tests in test/suite_dissection.py
Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7
Reviewed-on: https://code.wireshark.org/review/33855
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
epan/dissectors/packet-smb2.c:
- factor out decryption code from transform header dissector
- rewrite CCM decryption to use the proper gcrypt cipher
- add GCM support
- change weird 1 element CCM bitmask to value_string
test/suite_decryption.py: add smb2 GCM decryption test
- add one test
- add a new capture to test smb3.1.1 AES-128-GCM decryption
Change-Id: Id5ab75e1830bc24ace9f9b2f2dbd5a3c20666d52
Reviewed-on: https://code.wireshark.org/review/33600
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
pcapng spec update is here: https://github.com/pcapng/pcapng/pull/62
Bug: 15571
Change-Id: I2f1921b1da70ac0bab8c38dd5138a9dfe7843fea
Reviewed-on: https://code.wireshark.org/review/33300
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The v2.5.0rc0-478-g558fe23226, the dissection of ip.frag_offset changed
to be listed under "Flags", this is not correct. The Fragmentation
Offset is a separate field according to the RFC. This change corrects
that behavior. Also, the raw value from the header was shown instead of
the real byte offset, this is also corrected.
Change-Id: I1d6dfc4314091eb6f3eef418c5a17ed37f7a1200
Fixes: v2.5.0rc0-478-g558fe23226 ("[IP] Simplify paring of flags field by using proto_tree_add_bitmask_with_flags().")
Reviewed-on: https://code.wireshark.org/review/33422
Petri-Dish: Sake Blok <sake.blok@SYN-bit.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
|
|
Ping-Bug: 15784
Change-Id: I2d8d01465718239e55787f56c35524614d4db5cf
Reviewed-on: https://code.wireshark.org/review/33265
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The outputs of -T ek and -G elastic-mapping don't match. To be effective
the fields in the mapping report and the fields in the traffic output must
be the same.
2 issues have been fixed. The elastic-mapping requires the parent protocol
to be prepended to the field to match the traffic output. The field "dns.a"
has been changed to "dns_dns_a".
The traffic output prints some fields with a leading "text_". This happens
for some fields that have been created under a text only field. One example
is "dns.a", that was printed as "text_dns_a". This has been fixed by accessing
the parent hfinfo resulting in "dns_dns_a" as other fields for the dns
protocol.
Bug: 15759
Change-Id: Ibd000c865102ca49bb6a6394019a475483eae4cc
Reviewed-on: https://code.wireshark.org/review/33099
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
Newer versions of elastic are using 'doc' as type. Change the code
according to that.
Fix point (4) of the linked bug.
Bug: 15763
Change-Id: Ia28102a0914c6308eb3516daa57af2e49ce9a4e5
Reviewed-on: https://code.wireshark.org/review/33111
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
This is the new standard in recent Elastic versions.
Fix point (3) of the linked bug.
Bug: 15763
Change-Id: I64ef085c2a8ad9d25ced30a337287c8cb77903e4
Reviewed-on: https://code.wireshark.org/review/33112
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Eneko Gómez <eneko.gomez.tecnalia@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
|
|
The string type is the default in elasticsearch, then there is no
need to put those entries in the mapping report. This shortens a lot
the list.
Small indentation fix, while here.
Change-Id: If304d409a3ee2c30f24b5de4d90be522bbfae41e
Ping-Bug: 15719
Reviewed-on: https://code.wireshark.org/review/33053
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Lack of handshake reassembly caused Certificate handshake messages to be
reported as "Encrypted Handshake Messages" and broke decryption in some
cases. Fix this by properly tracking handshake fragments and delay
dissection until all fragments are available.
Now when a fragmented Handshake message is found:
* The first fragment will have "(fragmented)" appended to the record
tree item as well as the "Handshake Protocol" item.
* "Reassembled Handshake Message in frame: X" is added for fragments.
* The last reassembled handshake message will be displayed together with
a fragment list.
Note: Previously, handshake records with a message length larger than
the available data was assumed to be encrypted. This restriction had to
be lifted, but can now cause false positives (reporting encrypted data
as unencrypted handshake fragments).
The provided capture is not minimal but should be comprehensive as it is
generated with randomly sized TLS record and TCP segment lengths using
`./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and
https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py
(A copy of this script is attached to bug 3303.)
Bug: 3303
Bug: 15537
Bug: 15625
Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764
Reviewed-on: https://code.wireshark.org/review/32857
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I9c09f55673187f6fee723fcd72798fb6b9958b03
Reviewed-on: https://code.wireshark.org/review/32745
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The WIRESHARK_EXTCAP_DIR environment variable is currently only used on
Windows, and on UN*X when not running from the build directory. In order
to avoid copying the sampleif.py test utility to the program directory,
let's prioritize the environment variable over the build directory.
Update the outdated comments while at it, the version directory has been
removed long time ago. (The comments are based on the one for plugins.)
This also fixes the test suite on macOS where the extcap subdirectory is
located in the appbundle directory and not the build directory.
Change-Id: I329bb233b1dd0b9c1422c2ebd60a6455347e1d62
Reviewed-on: https://code.wireshark.org/review/32890
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Setting PYTHONIOENCODING=utf-8 would also work, but only if it is done
for every test that could possibly invoke the extcap. Let's patch the
script instead to force UTF-8 for its output encoding. Thanks to Greg
for the suggestion at https://stackoverflow.com/a/4374457/427545
Change-Id: I2e39e65e49465392c5b077c8b13ed931073661fb
Reviewed-on: https://code.wireshark.org/review/32868
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fix tests without pcap.
Change-Id: Ib3057d072bd8ced3d1c04b862f6fd7cc07400aa8
Reviewed-on: https://code.wireshark.org/review/32837
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Check for utf8 valid line instead. Add a testcase that shows
how the former code was buggy on special characters extcap sentences.
Bug: 15668
Change-Id: Ic045c4791388af98705916e6ea84be8fc9b3c5b8
Reviewed-on: https://code.wireshark.org/review/32754
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
PTK key derivation algorithm for WPA1 uses SHA1 not MD5.
MD5 is used for MIC only.
To avoid regression also add a decrypt test for WPA1 with
GTK rekeying.
Change-Id: Iabcf40c2f74d5dbc1d72cba0718c77020d97f61f
Fixes: v3.1.0rc0-342-g9cf77ec5e1 ("ieee80211: Support decrypting WPA3-Personal / SAE captures")
Reviewed-on: https://code.wireshark.org/review/32691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add support for decryping OWE (Opportunistic Wireless Encryption)
captures.
Ping-Bug: 15621
Change-Id: I223fd0cd96260408bce2b5d7661f216c351da8a8
Reviewed-on: https://code.wireshark.org/review/32524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
209 is LINKTYPE_IPMB_LINUX; add _LINUX/_linux to the WTAP_ENCAP_ name
and function/structure names, to clarify that it's not I2C in general,
it's I2C with a particular pseudo-header.
199 is now LINKTYPE_IPMB_KONTRON, not LINKTYPE_IPMB, as it doesn't have
raw I2C packets, it has I2C packets with a pseudo-header. Change the
WTAP_ENCAP_ name, and add a dissector for it.
Change-Id: Ie097f4317b03d2b2adfd9b81a4b11caf6268399e
Reviewed-on: https://code.wireshark.org/review/32539
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Idb2e4f9964cf0b5c1237a0d4b5e0954adfd5e6b6
Reviewed-on: https://code.wireshark.org/review/31895
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
While the documentation of "editcap --inject-secrets" mentions support
for key log files only, people might misinterpret that and assume
support for RSA private keys. This is explicitly not supported due to
the sensitivity of these files. In order to be helpful, print a warning.
Change-Id: Ia7b464c17f1dfb550729dd35775290ed28e14510
Reviewed-on: https://code.wireshark.org/review/31893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I46ea83c0295d53f3b0b1d7f372c4fef2fb292e6c
Reviewed-on: https://code.wireshark.org/review/31785
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
If a display filter contains a set for the set membership operator and
an error occurs, then gen_relation_in() (called via dfw_gencode() will
not take ownership of the set and a memory leak occurs.
Fix this by implementing a free callback for STTYPE_SET nodes which
frees unclaimed data. Add tests to verify the effectiveness, ASAN no
longer complains after this fix.
Bug: 15442
Change-Id: If37cf047660464b2d0304748034d0bc22111e5d6
Reviewed-on: https://code.wireshark.org/review/31758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
add 3 tests and 2 sample captures to check smb2 decryption with:
- bad key (should fail gracefuly)
- smb3.0 AES-128-CCM
- smb3.1.1 AES-128-CCM
Change-Id: I099f5f00f83fd39ac6de9ce9ce374624297aef61
Reviewed-on: https://code.wireshark.org/review/31728
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Instead of just reporting a mismatching error code, include the program
output. This should help tracking down unexpected errors. While at it,
check the expected error message too.
Change-Id: Ib8fe51cc06b795bb54bfe1e6eaa828c6ba1128ef
Reviewed-on: https://code.wireshark.org/review/31714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Do not rely on strptime("%b") to parse the month, it does not correctly
recognize English month abbreviations on non-English systems. While at
it, do not try to parse milliseconds if seconds are missing.
Change-Id: Ia049bf362195eef1eba2f04ff7217049fa6a7d9d
Reviewed-on: https://code.wireshark.org/review/31707
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|