Age | Commit message (Collapse) | Author | Files | Lines |
|
The PGSQL "STARTTLS" protocol is documented at
http://www.postgresql.org/docs/9.4/static/protocol-flow.html
While at it, convert some tvb_length[_remaining] users.
Tested against pgsql-ssl.pcapng,
Tested against imap-ssl.pcapng,
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
Change-Id: I1a00a6daa7f03de93339c2c13b07b4cfb8cdbd86
|
|
RFC 2830 describes the Start TLS operation as follows:
1. ExtendedRequest is sent by client with the requestName OID set to
"1.3.6.1.4.1.1466.20037".
2. Server responds with an ExtendedResponse having a resultCode and
optionally a responseName (OID).
The text mentions that the field *must* be set but the definition allows
it to be optional. The previous code then made assumption that once (1)
was seen, then any ExtendedResponse signals an acknowledgement.
That is not entirely correct, a server could reject the request. This
patch corrects that by checking the ExtendedResponse_resultCode for
success, and then uses the new ssl_starttls_ack() helper to kick off
SSL. This simplifies the code a bit.
Tested against ldap-ssl.pcapng (which has no responseName) from
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
The result is the same as before, except that "Protocols in frame"
changed from "...:ldap:ssl:ldap" to "...:ssl:ldap".
Change-Id: Id7e40c5a50a217c4d3d46f08241d704f19d195dd
|
|
This patch lets a dissector hand over control to the SSL dissector which
simplifies dissector code ("TCP | App | SSL | App" becomes
"TCP | SSL | App").
After this patch, all of the affected dissectors will now be dissected
as SSL with its Application Data being treated as the protocol before
STARTTLS. This was previously not the case because the port was not
registered for dissection via ssl_dissector_add.
The desegmentation issue within the MySQL dissector is now also gone.
Convert some tvb_length[_remaining] users in pop and smtp as well.
Tested against mysql-ssl.pcapng and mysql-ssl-larger.pcapng(*1),
Tested against pop-ssl.pcapng (note: only first stream is decrypted,
either the key after negotiation is wrong or there is a bug),
Tested against smtp-ssl.pcapng and smtp2525-ssl.pcapng (with Decode As)
and smtp-ssl.pcapng with filter "tcp.len>0",
Tested against xmpp-ssl.pcapng,
http://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys
*1) mysql-ssl-larger has MySQL dissector errors for the fragmented
SSL packet, but reassembly seems to work. Needs further
investigation.
Bug: 9515
Change-Id: I408ef8ff30d9edc8954dab9b3615900666dfa932
|
|
All STARTTLS-like dissectors (protocols which can switch to SSL/TLS
after a protocol command) currently fail to get called after decryption.
The reason for this is that the port is not registered for SSL
dissection via ssl_dissector_add. Besides this, the MySQL dissector
breaks in the event of multiple segments because it does not properly
set desegmentation.
The call path TCP | App | SSL | App is a bad, error-prone pattern which
requires duplication of required functionality in dissectors. This patch
enables to bypass the App (TCP | SSL | App) by registering a SSL as
conversation dissector after a STARTTLS switch.
Logical overview of changes:
- Move srv_addr, srv_ptype and srv_port to SslSession and adjust the
users. This allows passing SslSession around which will never be null
unlike SslDecryptSession. This is needed for looking up the packet
direction (server or client) before calling a subdissector.
- Add app_handle to store the dissector and last_nontls_frame the
frame that initiated STARTTLS.
- The same app_handle is now used to store the dissector handle from
a ssl association.
- Moved conversation data (SslDecryptSession) to ssl-utils to avoid
code duplication. Merge ssl_session_init into it. The new
ssl_session_get() is needed for STARTTLS frame/handle storage.
- Introduce new "ssl_starttls_ack" function to signal the last non-TLS
packet.
- Ensure that match_uint is set before calling the conversation
dissector. This ensures that dissectors using match_uint to check
the direction of a packet (client vs. server) see the TCP port
instead of the IP proto. At least the MySQL and SMTP dissectors
require such special treatment.
- Move epan/conversation.h outside HAVE_LIBGNUTLS, remove from dtls
(as it is already included by ssl-utils).
- Various comment/debug string updates. Remove outdated comment before
SSL association lookup.
Besides setting match_uint and caching the app_handle, existing
dissectors should not be affected by this patch. Follow-up patches
will update existing dissectors to use the new ssl_starttls_ack
interface.
Bug: 9515
Change-Id: I795d16b6a901e672a5d89e922adc7e5bbcda0333
|
|
- Remove some boilerplate comments;
- Use a consistent indent style (gnu);
- Use a consistent format for hf[] entries;
- Whitespace;
- Long lines;
- Rename a generic macro;
Change-Id: Ic2edcf8a8c0151d63a0d0ad901ddea9d7443ad19
Reviewed-on: https://code.wireshark.org/review/6994
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Found by MSVC2013 Code Analysis
Change-Id: If8138ff3eab7daa1da728781314f8024e36545be
Reviewed-on: https://code.wireshark.org/review/6992
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
can be considered TOS 0.
Use similar logic in LSA-Summary processing.
Ping-Bug: 6302
Change-Id: I0a74b95f6c4413ebce240e6e1b46c7e88311713a
Reviewed-on: https://code.wireshark.org/review/6951
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iaaa9445ae99b37cfb1865251d50f38375f3eb272
Reviewed-on: https://code.wireshark.org/review/6985
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Since 'values' is always 'length/4', we can have it as 'gint' and avoid
the Clang warning concerning the while cycle.
>> cannot optimize loop, the loop counter may overflow [-Wunsafe-loop-optimizations]
Change-Id: I4342f9e3fcd5df7779f41414ab6f789fe402e3af
Reviewed-on: https://code.wireshark.org/review/6979
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: If70dc3972d99d34d8e37dd26045076e515fd4d2c
Reviewed-on: https://code.wireshark.org/review/6968
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Remove emem's 8-byte-memory-alignment configure check as well as references
to all the environment variables emem used.
Change-Id: I897aec9e9c68e064454561e7a9f066b18892ec66
Reviewed-on: https://code.wireshark.org/review/6950
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
They've been deprecated for a very long time. Replace them with
getaddrinfo. Note that we might not want to do synchronous name
resolution at all.
Add HAVE_GETADDRINFO to the KfW win-mac.h collision list.
Change-Id: If59ce8a038776eadd6cd1794ed0e2dad8bf8a22c
Reviewed-on: https://code.wireshark.org/review/6958
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I1bed28c33d1942b9d8ee8ef341d7017d2df21f37
Reviewed-on: https://code.wireshark.org/review/6977
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Change-Id: I21e573c3800a245cbdae4fcb4d4cfaf36f3a0abd
Reviewed-on: https://code.wireshark.org/review/6976
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I63e965d819413299bf3e9a400b80ded23225598a
Reviewed-on: https://code.wireshark.org/review/6975
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
- Complete internal cleanup of 'fastser' -> 'fastmsg' syntax
- Includes all variables, comments and filter values
Change-Id: Ib58e470c9552387cb8c1d8c68fa1574cf7aa1691
Reviewed-on: https://code.wireshark.org/review/6974
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 10920
Change-Id: Ibf3539c188431d2514c523c094d1e2d86b77f0b5
Reviewed-on: https://code.wireshark.org/review/6967
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
'modbus' one.
(This error was missed by me when confirming recent changes to the RTAC
serial dissector and fixes decoding of RTAC serial Modbus captures.)
Change-Id: I2df609f88263e90ae4815722ff76b6a0b988a01e
Reviewed-on: https://code.wireshark.org/review/6973
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ia5781bcb55b2cf2e5ab2bc8c6587348ffe62a5c2
Reviewed-on: https://code.wireshark.org/review/6972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Hopefully Gerald's change will fix this annoyance once and for all.
Change-Id: I547b221a670f1435fa86cb96b084cfa5b788c57f
Reviewed-on: https://code.wireshark.org/review/6971
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
We tend to clobber the reader with admon blocks. Make the preceding and
succeeding ones normal paragraphs.
Change-Id: I0c70af93feb586d2e8f6120e2842fab52379b76f
Reviewed-on: https://code.wireshark.org/review/6970
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Semi-blind attempt to fix what appears to be a race condition on the OS
X x86 buildbot.
Change-Id: I379c7dec26c2bca092d0c9a49465ee56a01d15ec
Reviewed-on: https://code.wireshark.org/review/6969
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
from building as well as a hint about downloading the vcredist_xYY.exe file.
Change-Id: I6ae9a045939a77ba2c9584f05124fdc8f355f11c
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/6916
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
|
|
Change-Id: I19031eac4d26a5620dc05f2632c403d82d7a4ab2
Reviewed-on: https://code.wireshark.org/review/6966
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
From
<http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::HandshakeResponse>
(emphasis mine):
Starting with MySQL 5.6.6 the client **may** send attributes if CLIENT_CONNECT_ATTRS is set:
Does this mean that the capability *may* be set, but the list of attributes can be empty?
Issue reported by Peter Wu
Ping-Bug:10351
Change-Id: Ib83c27f4a15341f791c443471d7a3bdbd942aef4
Reviewed-on: https://code.wireshark.org/review/6965
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Should probably fix an unintialized memory access caught by valgrind, although I
can't reproduce it because out-of-tree plugins are still broken.
Bug: 10919
Change-Id: Ib8c46e13922f25260ca0e8886368f5ce24e3d0b0
Reviewed-on: https://code.wireshark.org/review/6962
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
proto_tree_add_bitmask(_with_flags) change
Warn Dissector bug, protocol CAPWAP-CONTROL, in packet 1: proto.c:7802: field capwap.control.message_element.wtp_frame_tunnel_mode is not of an FT_{U}INTn type
Warn Dissector bug, protocol CAPWAP-CONTROL, in packet 2: proto.c:7802: field capwap.control.message_element.ac_descriptor.security is not of an FT_{U}INTn type
...
Change-Id: I03f70ca664d99771ad27457052e6df11f9d5ad9e
Reviewed-on: https://code.wireshark.org/review/6964
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Issue reported by Massimo Vellucci
Bug:10918
Change-Id: I7f3b15536f66496d975696b3ff29fbc5b77ee5a8
Reviewed-on: https://code.wireshark.org/review/6963
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It didn't fail with cp, so maybe that's just random luck, or maybe the
built-in copy functions have an issue, or maybe just copy_if_different
has an issue (64-bit inode number issues?). Try just copy, and see what
happens.
Change-Id: I84abf3846af9305c19ad4a78d5c9df31b1e1e61e
Reviewed-on: https://code.wireshark.org/review/6961
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The 32-bit OS X build is failing rather often due to cmake -E
copy_if_different failing to copy wireshark.html, and to call cmake's
copy functions completely crappy at reporting errors is to insult
software that's merely completely crappy at reporting errors. Try using
cp in the hopes that it'll actually tell us *WHY* the copy is failing
and see if we can fix it.
Change-Id: I723150c52c2ec0fe704d54191ef27fb6caf47fba
Reviewed-on: https://code.wireshark.org/review/6960
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ibc2aa3127efcfbae33e6f3729d0e1e427db1c0fe
Reviewed-on: https://code.wireshark.org/review/6959
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
PROJECT_VERSION_EXTENSION was updated to match g528a857 config.nmake.
Try to preserve it if it's set.
Change-Id: I48edfcd149ef5adafff7ece68e0d43a9cdec0b59
Reviewed-on: https://code.wireshark.org/review/6957
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id03d0243f20b33873a92be7444b61952d0b18638
Reviewed-on: https://code.wireshark.org/review/6956
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: If4a4fb9009da61bd67a8577f17c9e0dedcb6de6d
Reviewed-on: https://code.wireshark.org/review/6955
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
This implementation is slightly different compared to other dialogs
since we have nested items.
Tweak the bar highlight color look better on Windows while we're here.
Change-Id: If0607c4624f304042fe3d6c8a941756b342e703d
Reviewed-on: https://code.wireshark.org/review/6953
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id4fc195e54dba19f697d20d2085f2e1f922c8ced
Reviewed-on: https://code.wireshark.org/review/6954
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Iac5066ff97d26de1660c38b9cd3f17781a521823
Reviewed-on: https://code.wireshark.org/review/6949
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
0.4.0.1.1.1.0.0 cs1-ssp-to-scp.
Change-Id: Ib7261ef199d7a3aedaed14e7f869af8b64c21c92
Reviewed-on: https://code.wireshark.org/review/6948
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug:10910
Change-Id: I131d81b0d6332cc72e7b32dc81cb7fec4ca3d407
Reviewed-on: https://code.wireshark.org/review/6947
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Resolve mixed space/tab issue in the RTSE and BER dissectors and included modelines in both templates.
Change-Id: I4b75bad94ed111d0faee205e026b2322b7dafbd1
Reviewed-on: https://code.wireshark.org/review/6932
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 10914
Change-Id: I28eb9d7b5192a02f82fe604d20e57aedd706f528
Reviewed-on: https://code.wireshark.org/review/6946
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index_off' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index_off' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1500: warning: 'sstree' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1500: note: 'sstree' was declared here
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: warning: 'hf_index_len' may be used uninitialized in this function
/Users/buildslave/Documents/wireshark/osx105x86/build/epan/dissectors/packet-qnet6.c:1502: note: 'hf_index_len' was declared here
Remove not needed includes.
Change-Id: Iac91954b3d6c8f9799c6fe816af93376419d1b21
Reviewed-on: https://code.wireshark.org/review/6945
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The numerical values are platform-specific, so call them QNX_PC_; that
also avoids collision with the values on the platform on which we're
building Wireshark (such a collision broke the Solaris build).
Change-Id: I04291eccb818a290eb44eadb17a56ed684285a70
Reviewed-on: https://code.wireshark.org/review/6944
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
no ethertype 0x8203-0x8205 support in trunk.
0x8204 is QNX OS VER 6's qnet ethernet protocol number.
Bug:3934
Change-Id: I52555b568c3a304f1512fe25f949330b46f49a93
Reviewed-on: https://code.wireshark.org/review/6363
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ib13d9391b64dad19321a4399c95b95d7fb791284
Reviewed-on: https://code.wireshark.org/review/6421
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
aren't present. Only warn if no forwarding blocks are present.
Simplify the code a bit while also removing a proto_tree_add_text(). (There
are a number of similar proto_tree_add_texts()s here.)
Hang the "no forwarding blocks" expert info off the LSA item rather than off
the Metric. The warning is about how much data is in the LSA--it has
nothing to do with the Metric.
Ping-Bug: 6302
Change-Id: I1903ba5ad78101ec4fa2602a1f21e8192f1d8d53
Reviewed-on: https://code.wireshark.org/review/6943
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
commit 852f15c72d41c637865776d5b80097e8ffbbb444
Author: Alan T. DeKok <aland@freeradius.org>
Date: Mon Jan 26 13:08:21 2015 -0500
As found on the net
commit 53bf263d6ca9010acdc004bada894b1bfe0ed676
Author: Tobias Hachmer <tobias@hachmer.de>
Date: Mon Jan 26 13:45:04 2015 +0100
add perle dictionary
Change-Id: I15dd8705277f3a0cedd2ea12a7cac9974dadf3c0
Reviewed-on: https://code.wireshark.org/review/6835
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I39ff2e15b91981111f8de091e6e5dfb7586b4599
Reviewed-on: https://code.wireshark.org/review/6937
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iddd1200e62bf3200cb1a68408378dd9d47120b77
Reviewed-on: https://code.wireshark.org/review/6939
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This is mostly for GUI usage, but a few dissectors needed some "non-packet scope" conversions.
val_to_str officially now uses wmem_packet_scope()
Change-Id: Ic9413eeb3406d7a7683222b86709f3675d628d81
Reviewed-on: https://code.wireshark.org/review/6933
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|