Age | Commit message (Collapse) | Author | Files | Lines |
|
Add dissection of the following IEs:
- Serial-Number
- Warning-Type
- Data-Coding-Scheme
- Warning-Message-Contents
- Message-Identifier
Reuse the code from S1AP wherever possible
Change-Id: Icaf78b21532cf91fc2cd225d687a6a11813a20d8
Reviewed-on: https://code.wireshark.org/review/22352
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ib91dc1fca0d39b53f5f55223405f473dfa816a84
Reviewed-on: https://code.wireshark.org/review/22350
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I7a6a409df5c977db1898aec6a47ae3dd8427a00c
Reviewed-on: https://code.wireshark.org/review/22286
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
The broadcast message page content is always converted to UTF-8 in the
dissect_cbs_data function using tvb_get_string_enc(...)
Change-Id: I5fe3d421917b38ccb07438f01f3c4d4ea8cbd787
Reviewed-on: https://code.wireshark.org/review/22315
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
With RFC7770 the Opaque ID for Router Information is not longer be zero
Change-Id: I22f9917ac5b5b0261e36b1097765dab6ce216a46
Ping-Bug: 13823
Reviewed-on: https://code.wireshark.org/review/22329
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
During the esPcape challenge at SharkFest 2017 US, we had a SSL
decryption challenge. Normally you have to use Decode As to recognize
the custom port number, but the latest development branch has a feature
that automatically recognizes TLS (heuristics dissector).
SSL 2.0 Client Hello messages were however not recognized by this
heuristics which totally broke TLS decryption. Add some very strong
heuristics to detect these. "Mosterd na de maaltijd" :p
Change-Id: I0ac6aa666393335bb191e395faa1d32d3588ded7
Reviewed-on: https://code.wireshark.org/review/22337
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Added displaying of raw data for unknown ASDU type
Change-Id: I17e2ae048dbec61718610dd86d6878cdc0563ef0
Reviewed-on: https://code.wireshark.org/review/22341
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Filter expressions needs support for a checkbox (bool) and
string field that verifies display filters.
Change-Id: Idfbffd6cdb5abaee8914126a05d890e834c17306
Reviewed-on: https://code.wireshark.org/review/22340
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
While you can add both the sequence number and next sequence number as
columns, the latter would remain empty if it was the same. This disrupts
the user reading flow who would have to look left and right, so just
display the field unconditionally.
Change-Id: I80efb972eaa9a16813a87ac0fdf6a045a3eb9d2f
Suggested-by: Laura Chappell
Reviewed-on: https://code.wireshark.org/review/22307
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Format tcp.hdr_len in the tree similar to ip.hdr_len. Add comments
noting that they should be consistent.
Change-Id: Ic64282d8386c8ed339811bc9c22b5962c707d292
Reviewed-on: https://code.wireshark.org/review/22314
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I2b0d1a4795e3278a1702d51d4fd532a37a4eba19
Reviewed-on: https://code.wireshark.org/review/22332
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iaa06b2e43a69f9a399ff81dd7a1e389e078608e4
Reviewed-on: https://code.wireshark.org/review/22292
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Reused TCP connections with multiple HTTP requests/responses (in
particular: HTTP request/response and HTTP proxy request/response)
exhibit the following problem: the first response sets "startframe" such
that the proxy response accidentally assumes that the proxy response
starts in that first response.
Fix this by only setting startframe if there is actually a transport
upgrade. Tested with original capture and the Websocket dissection still
works while Christian's capture has no longer the reported problem.
Change-Id: I8a7878b9a2a98878a9e5be4f680d4f109fd8ab55
Fixes: 94ae27661e80 ("WebSocket dissector improvements")
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22294
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Issue reported by Bo-Han Liao
Bug: 13821
Change-Id: I74641bef723e747bfe5fa87e946b7f4f74b94bf6
Reviewed-on: https://code.wireshark.org/review/22299
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Define a dissector that can handle both requests and responses.
Look at pino->p2p_dir to detect if we have a request or repsonse.
(At the moment, there's a dissector for request+response in one packet
and two other dissectors for request and response messages.)
Use the new mechanism for USB CCID.
Change-Id: I7eb9861802b4244f92770602179f39642eb28641
Reviewed-on: https://code.wireshark.org/review/22289
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
More than one packet could be meant by that
Change-Id: Ie751a282c927608414673c2cd48b11dc5e6d5ea6
Reviewed-on: https://code.wireshark.org/review/22283
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Make two minor adjustments to allow building on Windows when the source
directory is specified in UNC notation (\\server\volume\directory)
instead of mapping such a directory to a drive letter.
Cmake's add_custom_command() calls "cd <work_dir>" if a working
directory is define as part of the rule. However,
cd \\server\volume\directory
is not allowed.
Modify the two occassions where the working directory is derived from
CMAKE_SOURCE_DIR.
For copying some install files, we can get away with using the absolute
path for each source file to be copied.
The perl script that creates the tap listing for lua does not depend on
a working directory at all. We can simply remove the WORKING_DIRECTORY
parameter.
Change-Id: Iac8e0addc44650692c1263fdca11f68315f50c63
Reviewed-on: https://code.wireshark.org/review/22236
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Prepare the USB CCID code for replacing the "next protocol" preference
with Decode As.
USB CCID has a length field for the payload data. Use this field to
create the next_tvb. There's no need for different payload lengths
depending on the next protocol.
Use call_data_dissector() instead of referencing data_handle.
Set pinfo->p2p_dir regardless of the next protocol.
Change-Id: I042ecc9bd75245ee1d4d8a94532c9fd1de83e859
Reviewed-on: https://code.wireshark.org/review/22288
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Not all media types are IANA registered
https://www.iana.org/assignments/media-types/media-types.xhtml
http://www.gsma.com/newsroom/wp-content/uploads/IR.95-v2.0-3.docx
http://www.openmobilealliance.org/release/XDM/V2_2_1-20170124-A/OMA-ERELD-XDM-V2_2_1-20170124-A.pdf
Change-Id: I7e2e1ef5ddcff91f04655d84836e10b9bf20d765
Reviewed-on: https://code.wireshark.org/review/22273
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Removed 'len' from IPv4, not needed
Added more test coverage for IPv6 in dftestlib
Change-Id: I1ca80e2525f32f6095ad73352baba733f4694ced
Reviewed-on: https://code.wireshark.org/review/22260
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I2def75c999faec0cbb16fd87133f09544bff78c4
Reviewed-on: https://code.wireshark.org/review/22264
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Allows duration to be calculated to 0
Handles generators where PHY type is not reported, but it can be
determined from the rate.
Change-Id: Ic0b9e1b0e3e51f4d5b670d25fea064daf250a55f
Reviewed-on: https://code.wireshark.org/review/22261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13813
Change-Id: Ic1582406896b2d4d3505ae1d3bb79cdbafa481da
Reviewed-on: https://code.wireshark.org/review/22247
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
There are lots of if (tree) checks. Start removing some which
are obviously unnecessary.
Change-Id: I3f8e4b82cd84d8e92ae79492d705438e2df739bb
Reviewed-on: https://code.wireshark.org/review/22238
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
We can simply stop the dissection and exit.
Change-Id: Ida8895513a1949fe5826ab89ffec2168642a9e89
Reviewed-on: https://code.wireshark.org/review/22237
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The 'U-RNTI' field in RLC Info struct is both used in the code and shown in the UI as a generic unique 'UE ID' (not specificly U-RNTI, although sometimes it is)
This commit renames the field to fit it's usage.
Change-Id: Ib42b8ed5192fe60c9a164d6d225634be53708c66
Reviewed-on: https://code.wireshark.org/review/22225
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Previous code assumed that list decoding was successful and that some
bytes were consumed. Let's explicitly check this.
Bug: 13780
Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb
Reviewed-on: https://code.wireshark.org/review/22235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13792
Change-Id: Id0c116655288c5a3347911281a932ae80250c24f
Reviewed-on: https://code.wireshark.org/review/22233
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Check that we do not have any overflow when converting words to bytes
Bug: 13810
Change-Id: I43604f7bab427fc542c281e386ab9b994338366d
Reviewed-on: https://code.wireshark.org/review/22227
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In 609ea4baa62a523434cdd8ff350d56d135d588ae
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I4769fc10d74fe7358f9794b9697591c61324e883
Reviewed-on: https://code.wireshark.org/review/22239
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 13799
Change-Id: I611e3e888f91f78262e0d685e613a2bc221687c5
Reviewed-on: https://code.wireshark.org/review/22210
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ieebb199e181251fd0730dbabb4b8e71d6ad46a6d
Reviewed-on: https://code.wireshark.org/review/21973
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Heuristic PCH dissector was trying to access the packet's header (4 bytes) without asserting these bytes exist
Change-Id: Id2747e00ed353b1962293b3cd3ea6fbe9449a81d
Reviewed-on: https://code.wireshark.org/review/22220
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
To match the recently renamed file name.
Change-Id: Id784b955ec96a52a5f380d415094dce81e1774d5
Reviewed-on: https://code.wireshark.org/review/22222
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Implemented dissector to parse zigbee commands within SE metering cluster
Change-Id: Iffb179c3e6db88b91b9ec96ed4d4b12bbeac682e
Reviewed-on: https://code.wireshark.org/review/22221
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I3bdca418801305d71b33fa07396497d82ad06e33
Reviewed-on: https://code.wireshark.org/review/22212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
In 609ea4baa62a523434cdd8ff350d56d135d588ae
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I7cf216378e1610350949910091ee187ce150ca05
Reviewed-on: https://code.wireshark.org/review/22213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Original sanity check was missed for fragmentation
Bug: 13755
Change-Id: If9e24e01a119c869b02f198456776c8e6c6f2ad0
Reviewed-on: https://code.wireshark.org/review/22193
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: I9a55ca147bd4e42b9caded98294597acfad99909
Reviewed-on: https://code.wireshark.org/review/22203
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: Id59aafdca242ef25bab5bde0e3adf5e8324c6e2d
Reviewed-on: https://code.wireshark.org/review/22202
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6c6ac2f54adb0b4610e2f475312801bfae6715ed
Reviewed-on: https://code.wireshark.org/review/22201
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
crash."
This reverts commit fa3aa6781797dc8d838d1a1311555a3d5c342ed1.
Change-Id: I974606b2c7963d92832b74e05681431442542202
Reviewed-on: https://code.wireshark.org/review/22200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I867c1f78554fc6fabd2579107fe679a6f6033c0c
Reviewed-on: https://code.wireshark.org/review/22199
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|