git.samba.org - metze/wireshark/wip.git/log

Test: Add sharkd tests.

Change-Id: I0e5049700ab9285196ce6b4567bd2d034529e763
Reviewed-on: https://code.wireshark.org/review/28327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

HTTP: fix in desegmentation of HEAD requests and responses

Previously HTTP message bodies following a HEAD request in the same conversation
were not desegmented, resulting in spurious "Continuation" messages and failure
to reassemble HTTP bodies. Fix this by properly taking the current HTTP message
type (request or response) into account.

Bug: 14793
Change-Id: I1ffb052468cf414b73243447138466aca47db3e6
Reviewed-on: https://code.wireshark.org/review/28312
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

travis: remove unnecessary qt5 in PATH for macOS

Since v2.5.0rc0-1101-ged15895221 ("cmake: look for Qt5 from Homebrew on
macOS"), qt5 no longer needs to be in the PATH.

Change-Id: I1edadcb0eec8a38c4f7364353e57f92c80ca400f
Reviewed-on: https://code.wireshark.org/review/28352
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Check the address type, not the address length, in multicast/broadcast tests.

The tests assume an IPv4 address; check for IPv4 addresses. They're
always 4 octets long, so no need to check the length.

Change the XXX comment to ask whether the check for an IPv4 address is
even necessary.

Change-Id: Ic55d2c208d5472ec995aa0c150b09a2118f04a76
Reviewed-on: https://code.wireshark.org/review/28353
Reviewed-by: Guy Harris <guy@alum.mit.edu>

MAC NR: upgrade dissector to v15.2.0

Change-Id: Id7e7bf6b06f029d162666928a39362e685a8b747
Reviewed-on: https://code.wireshark.org/review/28350
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

lwm2mtlv: Add Object name tables

Change-Id: I719194743dad0af12ba2e7c722eeddc3ca46b318
Reviewed-on: https://code.wireshark.org/review/28349
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

RTP: Code cleanup 2

Removed unused items.

Change-Id: Ic83d7bfae12424f11e3fc2a9a678c28a0ff6b72e
Reviewed-on: https://code.wireshark.org/review/28345
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PDCP NR: upgrade SDAP dissection to v15.0.0

Change-Id: I590ff86fd0964715ece691adbb7f475ff6662d81
Reviewed-on: https://code.wireshark.org/review/28348
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

LTE RRC: upgrade dissector to v15.2.0

Change-Id: I89f3a3e3f2020d68ea1b165c0ed9d731256fbe94
Reviewed-on: https://code.wireshark.org/review/28346
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

CMake+macOS: Allow the use of ENV{CMAKE_PREFIX_PATH}.

If we find /usr/local/opt/qt5, pass it as a PATHS option to find_package
instead of adding it to the CMAKE_PREFIX_PATH CMake variable. This
allows setting a Qt path via the CMAKE_PREFIX_PATH environment variable.

Change-Id: I5d23fcd092c0ea137482253f3f86c1a6d27f7a5e
Reviewed-on: https://code.wireshark.org/review/28341
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

RTP: Encapsulation of comparsion of two rtpstreams

Changes:
- rtpstream_id_t is introduced and its related functions. It encapsulates comparsion of two rtpstreams.
- dest_* renamed to dst_*
- src_port and dst_port are 16bits only.
- sharkd_session.c use common id functions
- IAX2 part related to RTP updated to common *id* function

Change-Id: Id38728a4e5d80363480c7ce42ff9c6eaad069686
Reviewed-on: https://code.wireshark.org/review/28340
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nas5gs: Fix bitmask for NAS key set identifier.

Change-Id: Ic92b6f9ccfe8fe95e84443d840185bcfe0cf1b78
Reviewed-on: https://code.wireshark.org/review/28342
Reviewed-by: Anders Broman <a.broman58@gmail.com>

User Guide: change MATE ref from Wiki to own document

Change-Id: Icc4db66ccc5685a7466475ee02da4ad3e008b484
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28339
Reviewed-by: Gerald Combs <gerald@wireshark.org>

RTP: Code clean up

Changes:
- rtpstream_packet renamed to rtpstream_packet_cb to follow *_cb pattern
- variables/types used in iax2_analysis_dialog were created as copy of *rtp* ones, but names were left as *rtp* -> *iax2*
- struct _rtp_stream_info replaced with rtp_stream_info_t
- there was tap-rtp-analysis.h, but no tap-rtp-analysis.c - related content was moved from tap-rtp-common.c
- *rtp_stream* functions renamed to *rtpstream*
- renamed rtp_stream_info_t to rtpstream_info_t to follow *rtpstream* pattern.
- renamed ui/rtp_stream.c rtpstream_draw -> rtpstream_draw_cb

Change-Id: Ib11ff5367cc464ea1b0c73432bc50b0eb9cd203e
Reviewed-on: https://code.wireshark.org/review/28299
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Updating T6aT6b specific DIAMETER AVPs per 29.128 15.3

Change-Id: I35c7f4584696f34fc794bde9c973fe34d099bf14
Reviewed-on: https://code.wireshark.org/review/28338
Reviewed-by: Anders Broman <a.broman58@gmail.com>

make-version.pl: If the VCS isn't git there is no commit_id.

Change-Id: Ideee81a0df72203805427447f50bcf4db14ca184
Reviewed-on: https://code.wireshark.org/review/28337
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS-5GS: Fix dissection of security header.

Change-Id: If023a4afd4dcc84dd5ad2bb27b8ef5ccc73a1775
Reviewed-on: https://code.wireshark.org/review/28336
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gitlab-ci: add fedora build.

Change-Id: Ie5e49a4eb35dac2793ac3d8be8ba87d663ff359b
Reviewed-on: https://code.wireshark.org/review/28322
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

DNS: changed maximum length of dns names from 1025 to 255

According to RFC1035 there are limitations on the maximum length of DNS
names. The maximum length in the code was defined as 1025, this commit
changes it to 255. Also a new macro is introduced which holds the
minimum length of a DNS name.

Bug: 14041
Change-Id: Ic63b332b2a357e33728df183c05ab0e222faf13f
Reviewed-on: https://code.wireshark.org/review/28309
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PDCP NR: fix IP tvbuff creation when MAC-I is present

Change-Id: I5241af9068937bdeefe1d0ea6caaa49959cf2a44
Reviewed-on: https://code.wireshark.org/review/28335
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Documentation: Add version to Guides

Previously, before the AsciiDoc conversion, the Users' and
Developers' Guide used to carry version information on the
title page. This seems to have been dropped, for reasons
unknown to me.

At least AsciiDoctor allows to add a subtitle, so the
wireshark-version attribute can be expanded into it.

Change-Id: Ib0a90393aff1a323b7026c49e2aa11f5115b3ec7
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Adding changes for S6t AVPs to dictionary.xml based on 29.336 V15.3

Change-Id: Iacec9cd3ff85dd4d7cbb689be03748fb4b4e9659
Reviewed-on: https://code.wireshark.org/review/28331
Reviewed-by: <daveb64@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CheckPoint FW-1 New encrypt check point added

Change-Id: I7c0a92eaa914a48a2ccdf77ba867f6673767a671
Reviewed-on: https://code.wireshark.org/review/28333
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove an unused recent setting.

Change-Id: I071f47e21b8e7b18bc7411967d96cad05749c47e
Reviewed-on: https://code.wireshark.org/review/28332
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Test+CMake: Make our test grouping more fine-grained.

Split our tests by suite_*.group_* instead of suite_*. There are quite a
few dfilter tests and this should make them more parallelizable.

Change-Id: I52371409618cda70dc99811e8de1fb1ad9d9a3b6
Reviewed-on: https://code.wireshark.org/review/28329
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Get rid of some occurrences of Q_UNUSED

- Trivial by just doing it the C++ way
- Non-Trivial where the whole function can be put into the #ifdef instead of the variable use case

Change-Id: I034751b8a3c70211173f0c06c954def94450db46
Reviewed-on: https://code.wireshark.org/review/28311
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

802.11: Dissect locally originated mesh frames

Mesh frames that are originated at the host where traffic is captured
may have no QoS header, as it is typically added by the wlan firmware.
The dissector was using a bit on that header to indicate the presence of
a Mesh Control Header, and so locally originated mesh frames were
incorrectly dissected.

When QoS header is missing, look ahead into the next header to determine
if a mesh control header is present.

Tested on mesh traffic captured on a monitor interface on ath10k.

Bug: 14629
Change-Id: I64169f9dea79518c8af802f045168180861e9081
Reviewed-on: https://code.wireshark.org/review/27156
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

rbm: remove unused ei field.

Change-Id: I007d26f93e6c69d219200d743e1a1a3f8a32cd9d
Reviewed-on: https://code.wireshark.org/review/28324
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rbm: fix no previous prototype.

Change-Id: If2af62e7284b53acd6a3258f1d60ee547f887b5f
Reviewed-on: https://code.wireshark.org/review/28323
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

expert: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: Ib38b37223bb7fe134bb2022668287ddc4c9bacbe
Reviewed-on: https://code.wireshark.org/review/28214
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Diameter: Update S6t interface AVP:s

Bug 14879
Change-Id: I9f5da7517b8fe765b668e130ba31786c9cb3f999
Reviewed-on: https://code.wireshark.org/review/28321
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Bluetooth HCI update

Add dissection of commands:
- LE Periodic Advertising Create Sync
- LE Periodic Advertising Terminate Sync
- LE Add Device To Periodic Advertiser List
- LE Remove Device From Periodic Advertiser List
- LE Write RF Path Compensation
- LE Set Privacy Mode

Add dissection of command complete events:
- LE Read Periodic Advertiser List Size
- LE Read Transmit Power
- LE Read RF Path Compensation

Misc:
- Corrected identity address type decoding in privacy
related commands
- Corrected PHY decoding in LE Set Ext Scan Parameter
and LE Ext Create Connection commands
- Added decoding of missing LE scan filter policy values
- Units added for time parameters where missing

Change-Id: I8d3fa4571f511df2e128877078609c8d112821dd
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/28302
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CIP: Improve I/O handling

1. Add new dissector table that allows for registration of CIP Class 0/1 I/O
   against CIP Class that was used in the Forward Open. CIP Safety is still
   a special case that gets checked before this table. The default handling is
   generic CIP Class 0/1 I/O.
2. Changed most I/O items labelled "ENIP" to "CIP I/O". ENIP is a separate
   protocol/layer, and all the I/O traffic is actually CIP. It was very
   confusing explaining to people they had to look at the wrong protocol
   layer in Wireshark before.
3. Add the generic Class 0/1 I/O as a separate tree layer. CIP Motion and
   CIP Safety I/O were already doing this.
4. Update CIP conversation filtering naming to be more accurate.
5. Clean up some offset handling

Change-Id: I1c226fe1bd8974ed0e90640c875bef21f15f3095
Reviewed-on: https://code.wireshark.org/review/28290
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Better name for the routine.

It doesn't necessarily produce an FT_BYTES value any more.

Change-Id: I7bad1e328394a829400bd139c48a9538c4892818
Reviewed-on: https://code.wireshark.org/review/28318
Reviewed-by: Guy Harris <guy@alum.mit.edu>

For the contains operator, both sides have to have the same type.

Have charconst_to_bytes() take the desired type as an argument, and pass
it to dfilter_fvalue_from_unparsed().

Bug: 14084
Change-Id: I11db417311b9681b18c4a3fca2862b35837194d7
Reviewed-on: https://code.wireshark.org/review/28315
Reviewed-by: Guy Harris <guy@alum.mit.edu>

character constant in dfilter now must fit into one byte

  The value of a string in single quotes in dfilter must fit into one
  byte. The parser correctly parsed the beginning of the string,
  however it didn't check whether there are more characters to parse.

Bug: 14084
Change-Id: Ifa2d7a31052b2c1020d84c42637b9b7afc57d8c0
Reviewed-on: https://code.wireshark.org/review/28298
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Automatic update for 2018-06-17]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Iff1e25720254f07647efeb166178c5e6ea1c4234
Reviewed-on: https://code.wireshark.org/review/28305
Reviewed-by: Gerald Combs <gerald@wireshark.org>

FP: Decode more fields and show units

Change-Id: I6743441b892eec6f2879a21822f582e5965a250d
Reviewed-on: https://code.wireshark.org/review/28300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GSUP: Add Supplementary Service relate ddecoding

There are some new information elements and message types in the GSUP
protocol which are used for transport of non-call-SS and USSD between
MSC/VLR and HLR.

Change-Id: Idd3bb7ed8d4ba3f958cffcb29c6042c047646f70
Reviewed-on: https://code.wireshark.org/review/28301
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rbm: improve fields layout and decode more types.

Change-Id: Ib16118e9c0ce5b612ae1dcb6c678224a79889a93
Reviewed-on: https://code.wireshark.org/review/28287
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

GSUP: fix incorrect message types

In the reference libosmocore's implementation we have:

  OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0b00001100, // 0x0c
  OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0b00001101, // 0x0d
  OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0b00001110, // 0x0e

while here we had:

  OSMO_GSUP_MSGT_PURGE_MS_REQUEST = 0x0c,
  OSMO_GSUP_MSGT_PURGE_MS_ERROR = 0x0e, // != 0x0d
  OSMO_GSUP_MSGT_PURGE_MS_RESULT = 0x0f, // != 0x0e

Same problem with the 'OSMO_GSUP_MSGT_LOCATION_CANCEL_RESULT'.

Change-Id: Ie49fd2fca8298d97c21e03649935704309015324
Reviewed-on: https://code.wireshark.org/review/28297
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix NFSv4.2 CHANGE_TYPE constants

See https://tools.ietf.org/html/rfc7862#section-12.2.3

As far as I can tell these were zero-based even in the earliest protocol
drafts, so this was just a mistake in the original wireshark submission
that nobody caught because change_attr_type hasn't been widely
implemented.

While we're here, move the defines before the array for better
readability.

Change-Id: Ie721250748fe77098aee4e2cc502ae43fc497a2d
Reviewed-on: https://code.wireshark.org/review/28271
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Put the entire server response into the Info column as is.

Don't assume that the 3-digit code we got was followed by a blank, and
display the code followed by a blank followed by the parameters..
Instead, just put the raw text of the entire line into the Info column.

Bug: 14878
Change-Id: I1e081366bf859723158a36f10e86614fe52f124d
Reviewed-on: https://code.wireshark.org/review/28292
Reviewed-by: Guy Harris <guy@alum.mit.edu>

dot11decrypt(crypt): Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I33c6e456bc8c4bae47f4df1457799cb0d09b520f
Reviewed-on: https://code.wireshark.org/review/28289
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

bthfp: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I0d14e7a893d24b75955819286900ae007183168a
Reviewed-on: https://code.wireshark.org/review/28288
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

Add -Wextra-semi to (clang) C and C++ flags to make sure the buildbots will find this.

Fix all warnings that come up.

Change-Id: Ib426e79f7c75152589a3c2af153de35ca5d63783
Reviewed-on: https://code.wireshark.org/review/28268
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

NAS 5GS: Add dissection of Security header.

Change-Id: I970ce077a44941e5835e8d0f6c1d9c74fb89053a
Reviewed-on: https://code.wireshark.org/review/28269
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

MAC NR: fix dissection of single byte padding CE

Change-Id: Icff0ffb4600bd778946ca879995edf710cc38e48
Reviewed-on: https://code.wireshark.org/review/28284
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

pfcp: add handle of IEs with null length

Acccording to 3GPP TS 29.244
ch5.6.3   Modifying the Rules of an Existing PFCP Session
- updating the Rule including the IEs to be removed with a null length,
  e.g. by including the Update URR IE in the PFCP Session Modification Request
  with the IE(s) to be removed with a null length.

Change-Id: Ib8928edc24e72c25f6d608bee874c1d8603c8620
Reviewed-on: https://code.wireshark.org/review/28264
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Just extract the title length once.

Extract it into title_length before checking it, and then check the
value of title_length.

Change-Id: I7f2c334dbce5eeaa12cd5d8bb8e289852fd15c4f
Reviewed-on: https://code.wireshark.org/review/28282
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix some "bad file" messages.

The number being compared against is the amount of data *remaining* in
the comment information, not the *size* of the comment information.

And it's unsigned, so format it with %u.

Change-Id: I5f02302ad4acbc3b27655ff5518e6e56d464020d
Reviewed-on: https://code.wireshark.org/review/28280
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Convert NetMon comment titles to UTF-8 when reading the file.

Fix indentation, and note that the comment "description" (contents) are
RTF (as opposed to plain text).

Change-Id: I668a08c06e39a32318454d2ee73933083c5cb516
Reviewed-on: https://code.wireshark.org/review/28279
Reviewed-by: Guy Harris <guy@alum.mit.edu>

No need to check for a UTF-16 string's length being a multiple of 2.

utf_16_to_utf_8() just ignores the extra octet.

Change-Id: I7bf003b674e5d9b0fb0265b0e8c6c142107084e3
Reviewed-on: https://code.wireshark.org/review/28277
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix indentation.

Change-Id: I6a3db704c9046ff696820ce157423c5867c2c2e8
Reviewed-on: https://code.wireshark.org/review/28275
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix the handling of paths in the process information.

Pathnames are not limited to 260 characters in recent versions of
Windows; boost the limit to handle up to 32767 UTF-16 octet pairs worth
of path.

The pathname is in UTF-16-encoded Unicode; convert it to UTF-8 for our
internal use.

Bug: 14876
Change-Id: I4ef19fd47c7dbdd74dcaf31a7a80f432d57dbb0d
Reviewed-on: https://code.wireshark.org/review/28273
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

nas_5gs: fix ifdefs in nas_5gs_mm_message_type_vals.

The command tshark -G values gave the error:

** (process:26713): WARNING **: Extended value string 'nas_5gs_mm_message_type_vals' forced to fall back to linear search:

that caused regression tests to fail.

Fixes: v2.9.0rc0-947-g587b5a7.
Change-Id: I6c8b8c7e93838f407a363390ba2385603dc62338
Reviewed-on: https://code.wireshark.org/review/28270
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS 5GS: Further updates according to 2.0.0

Change-Id: I427cda8b371e66ba00980509aa42bb12cd1c2d82
Reviewed-on: https://code.wireshark.org/review/28266
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

VoIP: fix in prepare filter for VOIP calls

Make sure that the filter for VoIP calls includes RTP streams when calling
Prepare filter.

Bug: 13440
Change-Id: Ia55073151817b88b3fa6a3fd30f98fdf683621a4
Reviewed-on: https://code.wireshark.org/review/27955
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ISUP: Add an expert entry for wrong optional parameter length.

Change-Id: I5be7854a7f135265f3994fe9fd62c016a7e9b480
Reviewed-on: https://code.wireshark.org/review/28267
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[GSM A RR]: Fix Feature Indicator (10.5.2.76)

In 3GPP TS 44.018 version 14.4.0 Release 14 both Immediate assigment
extended (9.1.19) and Immediate assignment reject (9.1.20) have Feature
Indicator (10.5.2.76) half octet right after the Page Mode (10.5.2.26)

The Feature Indicator is part of GSM_A_PDU_TYPE_RR and not
GSM_A_PDU_TYPE_COMMON so previously it was not decoded correctly in the
Immediate assigment extended

Change-Id: I117d1ee42d43d01d77da67eea506c28ca0ae3056
Reviewed-on: https://code.wireshark.org/review/28263
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

pfcp: corrected Graceful Release Period tree Header for better readability

    For the 'Infinite value', tree header is now
    "Graceful Release Period: Infinite (<val>)"
    instead of
    "Graceful Release Period: <val> Infinite"

Change-Id: I130e997ffbb3503078e1364fd64c11ead28111b1
Reviewed-on: https://code.wireshark.org/review/28262
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

HTTP2: prevent a segmentation fault if HTTP2 dissector was not called on first pass

With HTTP2 heuristics to identify the conversation, a packet can be
skipped on first pass and then decoded as HTTP2 on subsequent ones.
Check that header data is available before attempting header
decompression.

Bug: 14869
Change-Id: I8ef7669ca33835b509acb38d797e33d6167a1bd1
Reviewed-on: https://code.wireshark.org/review/28257
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

ENIP: Pull out CPF items to separate functions

dissect_cpf was huge and too hard to read and update.
This change pulls out item parsing into individual functions to make
it easier to read, help troubleshoot a bug related to ENIP TLS
connection filtering (Still investigating), and prep for future features.

There are no functional changes.

Main changes:
1. Pulled out the following code into separate functions:
    dissect_item_list_identity
    dissect_item_cip_security_information
    dissect_item_list_services_response
    dissect_item_sockaddr_info
    dissect_item_sequenced_address
    dissect_item_connected_address
    dissect_item_unconnected_message_over_udp
    dissect_generic_io
    dissect_cip_class01_io
2. More documentation. It was a little hard to follow before.
3. Corrected offset inside the while loop in dissect_cpf(). Previously,
offset pointed to 2 bytes *before* the item actually being processed.

Change-Id: I47894fd5c50b4c3d07f916f81e1b21f8890c8396
Reviewed-on: https://code.wireshark.org/review/28205
Reviewed-by: Dylan Ulis <daulis0@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DOCSIS: correct reassembly of UCD in REG-RSP-MP and DBC-REQ messages

Change-Id: I7c84b6cce113b71aea0c17741024916f9b17bdf9
Reviewed-on: https://code.wireshark.org/review/28202
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Bluetooth: HFP: Implement some Apple-specific AT commands

AT-commands:
+XAPL
+IPHONEACCEV
+APLSIRI
+APLEFM

Add UUID128:
Apple Notification Center Service

Based on: https://developer.apple.com/hardwaredrivers/BluetoothDesignGuidelines.pdf

While adding new UUID remove also tabs from packet-bluetooth.

Change-Id: Ic29b028338a21464fe018f8145ade82297ccd146
Reviewed-on: https://code.wireshark.org/review/28222
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make sure *both* sides are unsigned.

Change-Id: Id25ea93aee888eda665f52da4c00d75970ee69e8
Reviewed-on: https://code.wireshark.org/review/28253
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Try again to fix the signed vs. unsigned comparison warning.

Change-Id: I97dae4b6325fe5fe952c579e1d1ab3f0b37f461a
Reviewed-on: https://code.wireshark.org/review/28249
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix signed vs. unsigned comparison warning.

(In retrospect, signed offsets probably were the wrong choice; we
rarely, if ever, use them to signify offsets from the end of the packet.
Let's not do so any more in the future.)

Change-Id: I7ace539be8bf927e21148c34b71e9c2b7535581e
Reviewed-on: https://code.wireshark.org/review/28245
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add some length checks, remove a DISSECTOR_ASSERT().

Do more checks to make sure we don't run past the end of the data we're
handed, and don't do a DISSECTOR_ASSERT(), as there may well be packets
that don't have enough data to pass the assertion - that was causing
some errors to show up in the 2.6 buildbot when doing 802.11 decryption
tests. Those errors should instead be reported as "sorry, we can't do
decryption" errors by the decryption code.

(XXX - the 802.11 *dissector* should probably be extracting the relevant
fields and doing the relevant checks, and hand the data to the
decryption code, so that we don't duplicate 802.11 frame parsing with
code that might not do as much necessary work as the 802.11 dissector.)

Tweak some comments while we're at it.

Change-Id: I1d230e07cec2fca8c23f265b5875a0bf83f79432
Reviewed-on: https://code.wireshark.org/review/28240
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Doxygen updates.

Ignore warnings about undocumented code. Start excluding directories.

Change-Id: I01db891cddc3b342bace401f63ddd4b99f4c1024
Reviewed-on: https://code.wireshark.org/review/28239
Reviewed-by: Gerald Combs <gerald@wireshark.org>

BT Common: fix btcommon.eir_ad.entry.le_role filter

Bug: 14868
Change-Id: Ia52764c45d509a27545e266328702b79db3985b7
Reviewed-on: https://code.wireshark.org/review/28226
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Don't let randpkt write packets libwiretap can't read.

Wiretap imposes an arbitrary limit on the maximum packet size, to
prevent it from trying to allocate a huge packet buffer and possibly
running out of address space on ILP32 platforms or just eating too much
backing store on LP64/LLP64 platforms. Don't write packets with a
length greater than that limit.

Bug: 14107
Change-Id: Iba4fe3b008b044215647ba3f838ae7b3ac66c585
Reviewed-on: https://code.wireshark.org/review/28232
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Clean up handling of counted blobs of bytes.

Don't treat the count+blob as itself a blob of bytes; use FT_NONE.
Create it with an unknown length (-1, meaning "to end of packet, for
now"), and set its length once we've finished dissecting it. Dissect
the raw bytes of a prefixed-bytes item regardless of whether we're
building a protocol tree or not.

This means we do a better job of handling a too-large length; instead of
overflowing the offset, we throw an exception and stop dissecting, so we
don't run the risk of looping infinitely.

Bug: 14841
Change-Id: I593be9b6ba9aa15d8529f96458e53b85ace6402a
Reviewed-on: https://code.wireshark.org/review/28228
Reviewed-by: Guy Harris <guy@alum.mit.edu>

gtpv2: Avoid possible misuse of comma operator warning

Change-Id: I514c86fafca0478713d73d7050fdf09fcf847b52
Reviewed-on: https://code.wireshark.org/review/28227
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

GTPv2: updated Presence Reporting Area IEs

    According to TS 29.212 v14.7.0
    8.108 Presence Reporting Area Action
    8.109 Presence Reporting Area Information

Change-Id: I4b73fb4cd47468aa4cf90ef9a7bee3e17f9b9485
Reviewed-on: https://code.wireshark.org/review/28219
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS-5GS: Update towards spec 2.0.0

Change-Id: I31b1dda0f06bf1b719dc949dfd1a44c151f452b9
Reviewed-on: https://code.wireshark.org/review/28217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wisun: fix name of Netricity Frame Type IE

Change-Id: I8cafb3b6475991b223146dbe6fc59bfb915b1bf2
Reviewed-on: https://code.wireshark.org/review/28220
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ber: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I9cab3c6e6308b8603dede34ccf907dd326c23957
Reviewed-on: https://code.wireshark.org/review/28211
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

BT Common: use bluetooth_address_type_vals with btcommon.eir_ad.entry.le_bd_addr.type

Bug: 14866
Change-Id: I087469dabe0cebc2a94e70953a7ec00c48d72862
Reviewed-on: https://code.wireshark.org/review/28218
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Diameter: added AVPs 2845 and 2846 to 'dictionary.xml'

According to 3GPP TS 29.212 v14.7.0

Change-Id: Ia1020e5ea04280f6435a4fb737368f6e6b2111df
Reviewed-on: https://code.wireshark.org/review/28216
Reviewed-by: Anders Broman <a.broman58@gmail.com>

zbee nwk gp: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I831047c30a55813b149bc331a63701568319c4b5
Reviewed-on: https://code.wireshark.org/review/28213
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: <atsju2@yahoo.fr>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

inap: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I3f1edac3f9ff7ec26244dd119353beaa4854db51
Reviewed-on: https://code.wireshark.org/review/28215
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

http: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: If24054d91a07724e687913c4f92861219bbb7dc6
Reviewed-on: https://code.wireshark.org/review/28212
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

opa-fe: Add Support for Reassembly of FE TCP Packets

Used tcp_dissect_pdus API to reassemble FE TCP packets.

Change-Id: I82bb270bacbd3f5790c015c5a876981417e271fa
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28203
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Windows: HiDPI-ify our native print dialogs.

Call set_thread_per_monitor_v2_awareness and
revert_thread_per_monitor_v2_awareness when showing native print
dialogs.

Change-Id: I295540953e50547ee0bb0b162c805f2d568d88ba
Reviewed-on: https://code.wireshark.org/review/28208
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Give more detailed information about capture permissions on Debian.

Indicate what you're supposed to do when running dpkg-reconfigure
wireshark-common, and indicate that you have to run it as root using
sudo.

Emphasize in README.Debian, and indicate in the permission failure
secondary message, that you have to add users to the "wireshark" group
after doing that, and that a user may have to log out and log in again
to make this change take effect.

Bug: 14847
Change-Id: Ia83ff8e92bd2f00b6c3779272322a40201416da0
Reviewed-on: https://code.wireshark.org/review/28206
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Rewrite make-{dissectors,taps} in Python

Having these build tools in machine code poses problems when cross-compiling.
The most significant being that we need to find the host and build GLiB
dependencies at compile-time.

There is no noticeable speed difference between the Python and C implementation.

Ping-Bug: 14622
Change-Id: Id13f823c7f4abf51edfa291e703028873748989f
Reviewed-on: https://code.wireshark.org/review/28130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

More shellcheck fixes.

Change-Id: Iee9e464b3935d4c8a09fa9954f73496eae33f30f
Reviewed-on: https://code.wireshark.org/review/28092
Reviewed-by: Gerald Combs <gerald@wireshark.org>

debian-setup: fix GnuTLS installation for Ubuntu 14.04

Ubuntu 14.04 ships with gnutls28 3.2.11 which might be
license-incompatible with GPL 2.0 and should thus not be used. Fallback
to the older gnutls-dev package in that case.

Change-Id: I39824a5aee08de1df3790a1a8ff84c9769afd158
Reviewed-on: https://code.wireshark.org/review/28200
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

dct2000: call LTE NAS dissector for r13 release

Change-Id: I35208b9bea8613468da53ae1541d0c5083cd27c0
Reviewed-on: https://code.wireshark.org/review/28201
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

Offer a permissions suggestion for macOS.

If the user installed from the wireshark.org package, perhaps they chose
not to install the "Set capture permissions on startup" item. Suggest
that they choose otherwise.

Change-Id: Ic5053da9cb6e54e7a7b1aa5a9dd59a1a84ddee16
Reviewed-on: https://code.wireshark.org/review/28197
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix names in declarations to match definitions.

Change-Id: I7b3dd147b523fd3251d93dd1917d2e2c47433207
Reviewed-on: https://code.wireshark.org/review/28195
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Improve the secondary error messages for pcap errors.

On Windows, if WinPcap isn't installed, warn about that for errors other
than failed attempts to start capturing.

On HP-UX, if we appear to have an old version of libpcap, warn about
that for errors other than failed attempts to start capturing.

If we know the error is a permissions problem, don't make suggestions
appropriate to other problems.

If we know the error is *not* a permissions problem, don't make
suggestions appropriate to permissions problems.

For permissions problems, or possible permissions problems, on Linux,
suggest doing dpkg-reconfigure wireshark-common if you've installed from
a package on Debian or a Debian derivative such as Ubuntu.

Change-Id: If4aac0343095ac0b984eebc21853920c3b6d3c63
Ping-Bug: 14847
Reviewed-on: https://code.wireshark.org/review/28189
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Automatic update for 2018-06-10]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I11da626692a0aedff9e58256e0e326fd1cb33123
Reviewed-on: https://code.wireshark.org/review/28190
Reviewed-by: Gerald Combs <gerald@wireshark.org>

If device->active_dlt = -1, show "Unknown" rather than "DLT -1".

It means we don't know the active link-layer header type - probably
because the device can't be opened, so we can't get the default linktype
or the list of available linktypes - so show it as "Unknown".

Bug: 14847
Change-Id: I5a1ad360d2ae461e8db57e387679700a566b0949
Reviewed-on: https://code.wireshark.org/review/28185
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Do bounds checking of the offset and length in proto_tree_add_string().

Throw an exception if they don't correspond to data available in the
packet - and do so even if the protocol tree argument is null, so that
we catch very long strings that could cause the offset to overflow.

Ask why we try to handle a null pointer passed as the string argument,
while we're at it.

Bug: 14738
Change-Id: I2fa79ad0dcd1f41608844a573e045197ac60aa62
Reviewed-on: https://code.wireshark.org/review/28179
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use FT_NONE, not FT_STRINGZ, for the field that covers the packet.

They're collections of binary data divided into subfields, not
null-terminated strings, so give them the right type.

Change-Id: If2685b9b41ca6711e12de6688ae51d5211767770
Reviewed-on: https://code.wireshark.org/review/28175
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RRC: Simplify private data creation

Change-Id: I4ecb82ab553631c47ffc1acf3a2cb84be913331b
Reviewed-on: https://code.wireshark.org/review/28173
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NBAP: Simplify private data creation

Change-Id: Ief23e5675f74564a3b303b5a13b4fcbd9e814c90
Reviewed-on: https://code.wireshark.org/review/28172
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RANAP: Simplify private data creation

Change-Id: Id6dd45789b7418143dc1046dc465a0e60ee87c91
Reviewed-on: https://code.wireshark.org/review/28171
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>