git.samba.org - metze/wireshark/wip.git/log

radius(verizon): sync with FreeRADIUS

commit d3ea6dd565a1836314814d258efc19054d3e6a45
Author: Alan T. DeKok <aland@freeradius.org>
Date: Mon Sep 10 13:43:24 2018 -0400

added verizon dictionary

Change-Id: I162aa1d08845fc39b068ef2a49c582ce0e29fee3
Reviewed-on: https://code.wireshark.org/review/29627
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Wiretap isn't meant to be a packet-capture library [any more].

Wiretap was originally being writen to be a packet-capture library which
might eventually replace libpcap but that's no longer the case: it's now
meant to be a library for accessing multiple types of files.

As such, don't describe it in the README as a packet-capture-library-to-be;
in fact since it's really internal to Wireshark don't mention it at all.

Don't discuss the fact that ancient (pre-2003) versions of zlib don't work
for Wireshark's purposes.

Change-Id: I2387d0ecc65a66c21dd7db3a38b8fee7d32add7f
Reviewed-on: https://code.wireshark.org/review/29786
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sharkd: minor code style fixes.

Change-Id: I0cb87f124fb9cb377250adab125a593ddcd9ba44
Reviewed-on: https://code.wireshark.org/review/29799
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

checkAPIs.pl: speed up check_value_string_arrays and remove_if0_code

The initial execution time on packet-ieee80211.c was 940ms. Optimize:
- Assume that "static const value_string ... = { ... };" does not have
  other preceding stuff (including optional whitespace). This speeds up
  check_value_string_arrays and reduces runtime by 440ms to 500ms.
- Rewrite remove_if0_code to avoid invoking a substitution for every
  line. This reduces runtime by 130ms to 370ms.

packet-rrc.c used to take 9.4s. The fixes improved it to 3.0s and 2.8s.

Change-Id: Ifc7efa447d64dccba3e211f0741099451b61b95a
Reviewed-on: https://code.wireshark.org/review/29794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

FP: Fix comments

Rephrasing, remove commented code/irrelevant
remarks

Change-Id: I4da5bae1b87cce97595d20ab8634a4c0f600536b
Reviewed-on: https://code.wireshark.org/review/29798
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: support CRYPTO_ERROR (draft -13)

Append a corresponding TLS alert description if available.

Change-Id: Ief6f458f1c1e623cb7e0b0f57333b72890f48d91
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29740
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: shorten labels for transport error codes

Use short names (and add a missing one for INVALID_MIGRATION), otherwise
columns and lines become too long. Use range_string to prepare for
addition of CRYPTO_ERROR.

Change-Id: I9c2742cdc8010443a456e8cfff2fc9012b1efe7e
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29739
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mswsp: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: Id521ecbdbaa1818b6480d9fcd4257104dc3699bb
Reviewed-on: https://code.wireshark.org/review/29774
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sharkd: Fix check request for empty "" filter

For empty filters dfilter_compile() return success but with NULL dfcode.
NULL dfcode cannot be used in dfilter_deprecated_tokens().

Request: {"req":"check","filter":""} was crashing sharkd.

Change-Id: Id677fc84251ab27bf691ec8aaee4c5bdf55e4d6c
Reviewed-on: https://code.wireshark.org/review/29797
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>

FP: Fix Sub-Frame number dissection

For E-DCH TYPE 1 frames, the field showed in the tree
was showing 1 bit instead of 3.

Change-Id: Ia28b2a8381f02a0f636ccb47b95b707915b90ff8
Reviewed-on: https://code.wireshark.org/review/29793
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Automatic update for 2018-09-23]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I8a70ff9590e5adb3d0bdcd504b3f2886a314548c
Reviewed-on: https://code.wireshark.org/review/29790
Reviewed-by: Gerald Combs <gerald@wireshark.org>

fix-encoding-args.pl: fix terrible performance with large files

"fix-encoding-args.pl epan/dissectors/packet-ieee80211.c" used to take
over 12 seconds to complete. After this change it is reduced to 400ms.
Profiling with Devel::NYTProf showed two issues:
- find_hf_array_entries (5 seconds): matching leading whitespace
  triggers a candidate match against every line. Fix this by removing
  whitespace prior to matching.
- fix_encoding_args_by_hf_type (7.5 seconds): executing 2131 different
  substitution patterns is slow. Fix this by grouping field names and
  execute the substitution only once afterwards (in total 6 calls).

packet-rrc.c is by far the largest file with 215k lines, this used to
take forever (321s) and now completes in 1.3s.

Regression tested by removing "ENC_ASCII" and "ENC_UTF_8" in
dissect_venue_name_info, the expected warnings are still visible.

Change-Id: I071038e8fcb56474ac41223568ce6724258c059d
Reviewed-on: https://code.wireshark.org/review/29789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

TFTP: Use a GByteArray.

Replace the file_block_t struct with GByteArray.

Change-Id: I95c2a92b91aa7248e45722b1d06dcb0cd6b1c0c3
Reviewed-on: https://code.wireshark.org/review/29788
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

rtp-ed137: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: If45175162c249308747de2a27451993f44a2349d
Reviewed-on: https://code.wireshark.org/review/29775
Reviewed-by: Jirka Novak <j.novak@netsystem.cz>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mbim: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I3455235e54e2a166e812c743bccf09fee8b22d88
Reviewed-on: https://code.wireshark.org/review/29773
Reviewed-by: Jano Svitok <jan.svitok@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove packet-gnutella.h

packet-gnutella.h doesn't export any functions and nothing appears to
depend on it. Pull its contents into packet-gnutella.c.

Change-Id: I9bab0bfed87af3ac520fb8d8daa89d3fa3dc6f17
Reviewed-on: https://code.wireshark.org/review/29785
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove some unneeded headers.

Move the contents of packet-clearcase.h, packet-fcp.h, packet-klm.h,
packet-rquota.h, packet-rwall.h, and packet-spray.h to their respective
.c files. packet-pktc.h didn't contain anything so just remove it.

Change-Id: I019db0cb14bf527c5d73c6d18bee922dd822bc43
Reviewed-on: https://code.wireshark.org/review/29787
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

evs: remove double semicolon.

Change-Id: I7760fd8dede9f40e3f626e42b4f33bb8f0507b06
Reviewed-on: https://code.wireshark.org/review/29783
Reviewed-by: Gerald Combs <gerald@wireshark.org>

README.md: remove autotools (./configure) references.

Also remove some, extra, commas and fix some other minor issues.

Change-Id: Idfd45bba26ad9d1dc55d2f0ca241fc4c70fabbb6
Reviewed-on: https://code.wireshark.org/review/29784
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ProfiNet: Fix order in AssetManagment

According to the current Profinet specification in regard
to the coding of the AM_DeviceIdentification field, the
dissection order of DeviceId and VendorId is in the wrong
order.

Bug: 15140
Change-Id: I9954619a938db382967104de91e2b905677cc171
Reviewed-on: https://code.wireshark.org/review/29780
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

ieee802154: Make a variable volatile

This fixes a warning:
[...]/epan/dissectors/packet-ieee802154.c:3196:17: error: variable ‘length’ might
be clobbered by ‘longjmp’ or ‘vfork’ [-Werror=clobbered]
guint16 length = (guint16) (ie_header & IEEE802154_PAYLOAD_IE_LENGTH_MASK);

Change-Id: I556b2199f8ab028e87e4c9d868da9831f7076402
Reviewed-on: https://code.wireshark.org/review/29779
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

QUIC: improve Info column and packet details when decryption fails

If decryption is not possible due to missing keys, say so rather than a
vague "packet number decryption failed". Ensure that the Info column is
populated for a protected packet even if decryption fails. Show the
remaining unprocessed data as a tree item.

Change-Id: I47294d7af20836976cb619ccab45e2b379a863cb
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29762
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Stop advertising support for Solaris.

Stop listing Solaris as a supported platform. I'm not sure if you can
compile Wireshark out of the box on it any more and the available binary
packages I can find are ancient.

Change-Id: I89afef01abe05986ce660327731c5504c6622ff7
Reviewed-on: https://code.wireshark.org/review/29764
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Get rid of unused variable, update a comment.

We no longer use red.libssh.org, so the file number isn't needed any
more.

Change-Id: I4cc6eb242eac51219742731cfa82a7bfe9fff2c3
Reviewed-on: https://code.wireshark.org/review/29771
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Try downloading libssh directly from libssh.org.

Downloading from red.libssh.org got "curl: (51) SSL: no alternative
certificate subject name matches target host name 'red.libssh.org'" on
my Mojave virtual machine.

Change-Id: Iab8016c4dc5200c80bff3c0cdc776bc922f4dd59
Reviewed-on: https://code.wireshark.org/review/29768
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update the URLs for GnuPG.

Use HTTP rather than FTP; the FTP server appears no longer to be
available.

Change-Id: I4446cc48818f419a341880da53db8670170794ae
Reviewed-on: https://code.wireshark.org/review/29765
Reviewed-by: Guy Harris <guy@alum.mit.edu>

checkAPIs: Add a max termout count for TRANSUM.

Change-Id: I241da2d1c2e46947c31743f9527faa5884767ed9
Reviewed-on: https://code.wireshark.org/review/29763
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

DTN: updated dissection of confidentiality and integrity blocks

Bug: 15137
Change-Id: I544c46030bfb74caa64c82f88b41f9d2a3c3d7de
Reviewed-on: https://code.wireshark.org/review/29695
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

checkAPIs.pl: improve value_string validation in field definitions

Use of 32-bit value_string for 64-bit fields currently results in a
runtime error during use, better catch it earlier. Use of 64-bit
val64_string without BASE_VAL64_STRING will probably crash.

Since many dissectors use no macro for value_string_ext, accept both
VALS_EXT_PTR(x) and &x forms.

Change-Id: I59a3f67425e7c00bdd54cbffd91e498ee0b078cd
Reviewed-on: https://code.wireshark.org/review/29756
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

checkAPIs.pl: recognize fields with spaces in display

Fields with display values such as "BASE_RANGE_STRING | BASE_DEC" used
to be ignored, make sure that the regex detects such fields.

Change-Id: I80d4331e3fb75092ffd768dabb85c5f13c9b5462
Reviewed-on: https://code.wireshark.org/review/29755
Reviewed-by: Anders Broman <a.broman58@gmail.com>

checkAPIs.pl: support for new-style dissectors in check_hf_entries

Tested with dissectors like epan/dissectors/packet-netlink-sock_diag.c.

Change-Id: Icb43892d68896a8f61f4c0caf413327f0479f007
Reviewed-on: https://code.wireshark.org/review/29754
Reviewed-by: Anders Broman <a.broman58@gmail.com>

skinny: remove comment that matches field label (callState)

Fixes checkAPIs error:

Error: the blurb for hf_skinny_callState ("CallState") matches the
field name ("callState") in epan/dissectors/packet-skinny.c

Change-Id: Id12396eb101bf66e148aed95d5c773b90d06ff34
Fixes: v1.99.0-rc1-1511-g276a697a6b ("[RFC] Skinny: Rewrite using automatic code generation")
Reviewed-on: https://code.wireshark.org/review/29747
Reviewed-by: Anders Broman <a.broman58@gmail.com>

proto.h: add type checks for VALS/VALS64/VALS_EXT_PTR/TFS/RVALS

These macros were evil as they silently ignored bad casts. Together with
an updated checkAPIs.pl, this should reduce the likelihood of errors.

Change-Id: I40ecc48a57b2061b4c65db4f4f7fffff21f159a8
Reviewed-on: https://code.wireshark.org/review/29757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

FP: Show E-DCH entity in tree

Change-Id: I28755b38b168bc30ea4dc1addba3d9b5b31b3870
Reviewed-on: https://code.wireshark.org/review/29761
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rawshark: avoid RVALS for casting hfinfo->strings

No functional change, it just makes gcc -Wc++-compat happy.

Change-Id: I9001373686ccafd3252089ced8e5b630efbcaca2
Reviewed-on: https://code.wireshark.org/review/29760
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

erf: do not use VALS to cast a void pointer

No functional change, but makes gcc -Wc++-compat happy.

Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e
Reviewed-on: https://code.wireshark.org/review/29759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

netlink-*: fix various VALS/TFS misuse

No functional change, this just updates the annotations.

Change-Id: I5517a6fd65452db128cdaaa6a90df8c578b5e8d0
Reviewed-on: https://code.wireshark.org/review/29753
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

lte-rrc: avoid BASE_EXT_STRING field without strings

Change-Id: Ifb2b721972de8d80af20f24a6bfd3b17d593e0bd
Fixes: v2.5.0rc0-2357-gc634a73c95 ("LTE RRC: upgrade dissector to v15.0.1")
Reviewed-on: https://code.wireshark.org/review/29746
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

epan: fix various misannotations of VALS/RVALS/VALS64/TFS

No functional change, just using the correct macro for value_strings.
Other fixes: Taking the address of the first element of an array gives
the same address as the array itself. An array of a structure with a
single element is the same as the single element itself (packet-sprt.c).

Change-Id: I08bc9de49fbd1659a6700ace863e5f05144c7b3e
Reviewed-on: https://code.wireshark.org/review/29752
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

simple: fix value_string type mismatch with simple.link16.rc

Due to alignment, mapping a range_string as value_string happens to work
on 64-bit systems. On 32-bit systems it will treat it as an empty list.
In either case, this type confusion is undesired, fix accordingly.

Change-Id: I6f1a249caf822acae2628e7f2df492bab6cc1c5c
Fixes: v2.1.0rc0-1726-geeae61bc93 ("packet-simple: SIMPLE dissector")
Reviewed-on: https://code.wireshark.org/review/29751
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

ospf: avoid BASE_EXT_STRING without strings

dissect_ospf_lsa_mpls uses gmpls_sonet_signal_type_str_ext to map the
first byte, so do the same for the field definition. The function
actually uses proto_tree_add_uint_format, so this does not make much of
a difference though.

Change-Id: Idba0c1b882ce81512bac221f98464f1322986fa8
Fixes: v1.99.6rc0-12-g4afaad75d5 ("Remove proto_tree_add_text from packet-ospf.c")
Reviewed-on: https://code.wireshark.org/review/29750
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

ieee80211: fix potential crash due to value_string type mismatch

Mixing 32-bit and 64-bit value_strings could lead to a crash.

Change-Id: Iedfae66103046a478ce5198416247d256dc1840e
Fixes: v2.9.0rc0-1769-gad6eb33684 ("WIP:ieee80211.c: Add support for D3.0 of 802.11ax")
Reviewed-on: https://code.wireshark.org/review/29749
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

nfapi: fix potential crash with nfapi.csi.rs.flag due to type mismatch

Pass a "true_false_string" instead of a "value_string".

Change-Id: I371b344fd56925ce242467e37a68ca6e3eb61b93
Fixes: v2.5.0rc0-1331-g1dd0111f5e ("Initial submission of the nfapi dissector")
Reviewed-on: https://code.wireshark.org/review/29748
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: use application error codes for some frames

Since draft -07, the application/transport error code space was split.
RST_STREAM and APPLICATION_CLOSE use application-specific error codes.
Likewise for STOP_SENDING, but the value zero is not special there. See
https://tools.ietf.org/html/draft-ietf-quic-transport-14#section-11.4

Change-Id: I8ed9ce66b248c638921212dc7de03ae1168ca2ae
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29738
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: simplify and fix frame item length in some cases

Some frames (like ACK) did not update the frame type tree size. Fix this
and reduce code duplication. Remove extra empty lines while at it.

Change-Id: If2e8d616af4ea6067c5901b96ad2d4dd7a9fbfdd
Reviewed-on: https://code.wireshark.org/review/29723
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: simplify PADDING frame

Report the correct amount of padding (including the "Frame Type" field)
and remove the explicit padding field.

Change-Id: I4ecfb0daae0bca727400b9db5ac9881d404120cf
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29692
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Try to discourage the use of APIs via counting.

Add the ability to specify maximum function counts for each group to
checkAPIs. Add maximum counts for the "termoutput" and "abort" groups
where needed. Show summaries in various checkAPI targets.

Switch uses of ws_g_warning back to plain g_warning.

Change-Id: I5cbddc8c671729e424eed8551f69116d16491976
Reviewed-on: https://code.wireshark.org/review/29721
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

XRA: Display length information in XRA protocol description. Set correct length of XRA header.

Change-Id: I8bde77dca812f2d4eeb21c8d502799894e93c463
Reviewed-on: https://code.wireshark.org/review/29741
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NBAP: Change E-DCH type choosing condition

Change-Id: If6f07db858c92cd82ff2049c631606a00aba13dc
Reviewed-on: https://code.wireshark.org/review/29742
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

quic: put quic_connection_add_cid into ifdef.

It's used by dissect_quic_frame_type only, that is defined within
HAVE_LIBGCRYPT_AEAD.

Change-Id: Ib670930fcc0f8334c99884a0d6c45dbd00777e87
Reviewed-on: https://code.wireshark.org/review/29737
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

NAS-5GS: Add dissection of Parameters content and bug fixes.

Change-Id: Ie7d51a2dba425072407217340f96c70831277cd8
Reviewed-on: https://code.wireshark.org/review/29736
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

quic: mark unused parameter in quic_process_payload.

Change-Id: I60b9d2aee936f2ff0b6d3ef414ce1a5f825b2762
Reviewed-on: https://code.wireshark.org/review/29735
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

GTPv2: Update 8.38 MM Context.

Change-Id: Ie04878b92133c00a668fea74736c694d4e9a87dc
Reviewed-on: https://code.wireshark.org/review/29732
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: recognize short header packets after connection migration

Improve QUIC heuristics to detect Short Header packets that have a DCID
matching with an earlier connection. Tested with "picoquicdemo -f".

Change-Id: I0c28e527ffa29784f8752a695e2d22bdea9797c4
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29728
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: small connection tracking optimization

Track valid CID lengths, this makes it possible to detect whether any
valid QUIC long packet is present in the capture and allows for skipping
some hash-table lookups.

Change-Id: I20db2ca1d40af2a9b34fffe24b4b636f358d5795
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29727
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: use NCI to improve connection tracking

Short packets failed to be decrypted because no connection could be
matched after connection migration. Slightly refactor addition of new
connections (keyed by CID) to prepare for further changes.

Tested with "picoquicdemo -f" (5ecdabd9e31d, draft -14). Requires Decode
As QUIC since heuristics does not detect QUIC short header packets).

Change-Id: I0309f077d7d190c51e8998016ed513f8bac8c301
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29726
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: Add new initial_max_stream_* TP (draft -14)

Split initial_max_stream_data (0) into
* initial_max_stream_data_bidi_local (0),
* initial_max_stream_data_bidi_remote (10),
* initial_max_stream_data_uni (11)

Change-Id: I4ab7785059391f91703c9cdee9fcd111ad7e88a6
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29722
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

make-manuf.py: Add response headers.

Add comments containing the resonse headers for the URLs we fetch.
standards-oui.ieee.org currently returns inconsistent results depending
on which host you happen to resolve.

Change-Id: I4adba7e51628d0350ba8e091523807ec85009700
Reviewed-on: https://code.wireshark.org/review/29729
Reviewed-by: Gerald Combs <gerald@wireshark.org>

update-tx: Fix our file list.

LUPDATE_FILES is a string, not an array.

Change-Id: Ibeef6fd45805f82eeff8c26f7110779603d9d30a
Reviewed-on: https://code.wireshark.org/review/29724
Reviewed-by: Gerald Combs <gerald@wireshark.org>

QUIC: Add frame type on Connection Close (draft -13)

Change-Id: I94fe93236f5ff93ce15d80665ac13294d3a993ba
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29698
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

docsis: minor improvements in displaying MDD TLV 22.4.2

Change-Id: I29d74f5e940c07fb59453391bd26ee1bd9409143
Reviewed-on: https://code.wireshark.org/review/29717
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: Remove old Hello Extension (26)

Remove in draft-13

Ping-Bug: 13881
Change-Id: I572dfded151569ddce3c0c90f8775a3b4a2052ba
Reviewed-on: https://code.wireshark.org/review/29720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Fix a checkAPIs warning.

Switch a g_warning to ws_g_warning in packet.c.

Change-Id: I3191bc7d66e1de782b45bfaac1173dbd27a346e4
Reviewed-on: https://code.wireshark.org/review/29718
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

TRANSUM: fix crash with current top of tree

ssl filters were renamed to tls.
Also protect against not found fields to avoid a crash in the future.

Change-Id: I181a252557b8261fa134b1331c31096a6205635f
Reviewed-on: https://code.wireshark.org/review/29715
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

docsis: add MDD TLV 21, 22 support

Change-Id: I3ced696fb0e12f1fb46065c35d10c7d0e828f57b
Reviewed-on: https://code.wireshark.org/review/29714
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PROFINET: AM_Reserved is added on AM_FirmwareOnlyInformation
block

According to specification, AM_FirmwareOnlyInformation is
extended with AM_Reserved.
Dissection of I&M3 was only for read response. Dissection is
also added for write request.

Change-Id: I281efa2324416b0f98d22ee4e50f2c8f711e2913
Reviewed-on: https://code.wireshark.org/review/29693
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tshark memory leak: g_free(cf_name) moved under 'clean_exit' label

Change-Id: Ie29af2e2ff2eac2e3a97323175391070c7bceb73
Reviewed-on: https://code.wireshark.org/review/29710
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make the maximum block size big enough for max-size D-Bus packets.

Change-Id: I352db07084294629160f16f6cf1e07f902a2844f
Reviewed-on: https://code.wireshark.org/review/29711
Reviewed-by: Guy Harris <guy@alum.mit.edu>

QUIC: drop support for draft -12

The CONNECTION_CLOSE frame changes in draft -13. Instead of adding
compatibility for draft -12, let's drop it and focus on draft -14.

Change-Id: I535666741bb7ea4b31f5aa259edd341fc641d9c3
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29705
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

make-manuf.py: Add back our user agent.

Change-Id: I39c54fa38c791f3244075b03a0045babc4f249ec
Reviewed-on: https://code.wireshark.org/review/29706
Reviewed-by: Gerald Combs <gerald@wireshark.org>

QUIC: fix decryption failure with larger PKN (draft -13)

The packet number prefix was missing.

Change-Id: Ia82e7d2131a364c8448084c77f638495da748213
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29704
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot

QUIC: Remove error code UNSOLICITED_PATH_RESPONSE (draft -14)

Change-Id: I887cce2069c16fc8d1b560f43c053780d32a5852
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29703
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Change value ACK_ECN (draft -14)

with draft-14, it is now 0x1a (following order) and not 0x20

Change-Id: I0fe992d1525494e3499a85052621b995164d837a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29702
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: implement new Retry Packet (draft -14)

Packet Length and dummy PKN were removed, ODCIL got changed.
https://tools.ietf.org/html/draft-ietf-quic-transport-14#section-4.4
Tested with ngtcp2-14.pcap from the linked bug.

Change-Id: I004643634ea94e538c08d077fcb2f397c83bfcd1
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29689
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Initial support of draft -14

Update quic_version_vals value string
and update spec URL (and invariants spec)

Change-Id: I89067a53bbab9fbbc79b8da625a74c96d8ec2605
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29701
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Update Error codes (draft -13)

FRAME_FORMAT_ERROR -> FRAME_ENCODING_ERROR (0x7)
New INVALID_MIGRATION (0xC)

Always no yet supported CRYPTO_ERROR (ex FRAME_ERROR)

Change-Id: I99b2c726184fb16da2f690e3971f124b166b10ea
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29700
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Add new Frame type (draft-13)

Add New Token (0x19) and ACK ECN (0x20)

Change-Id: I8e54f3190194da87f671a4341929b0286f084dd9
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29699
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: CRYPT => CRYPTO

Change-Id: I3d8f2390b297e344db5fa1597c451314f8fd3943
Ping-Bug:13881
Reviewed-on: https://code.wireshark.org/review/29697
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: fix Initial decryption with Token field (draft -13)

With the addition of the Token field, the authenticated header could
grow larger than the previous limit and trigger an assertion failure.

Change-Id: I28a89b348492e211a544e01d9b829c0101fc8468
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29694
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: fix connection tracking/decryption after Retry (draft -13)

Since draft -13, the Initial Packet following a Retry Packet no longer
continues the handshake, but is instead treated as a new "first Initial
Packet" which results in a new cryptographic state. See
https://tools.ietf.org/html/draft-ietf-quic-transport-13#section-4.4.1

Tested with ngtcp2-14.pcap (draft -14).

Change-Id: I534d7d77717bc08ba615e5dea936e623deb63e00
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29691
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: implement new Retry Packet (draft -13)

The Retry Packet is not encrypted at all since draft -13 so instead of
complicating dissect_quic_long_header, let's create a separate routine
that also prepares for draft -14 support. No pcap available, spec link:
https://tools.ietf.org/html/draft-ietf-quic-transport-13#section-4.4.2

Change-Id: I32f03d723213b857a6140d0f1348baf51df4385e
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29687
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

NAS5GS: Bugfixes and small enhancements.

Change-Id: I953c734f448548cdab4ab7af7736a02074393dc9
Reviewed-on: https://code.wireshark.org/review/29688
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: implement decryption using new traffic secrets (draft -13)

QUIC draft -12 and before used the TLS Exporter to derive the protected
payload secrets. Starting with draft -13, the handshake and 1-RTT
protected payloads use keys derived during the TLS 1.3 handshake (but
with the "quic " label for HKDF-Expand-Label instead of "tls13 ").

That unfortunately means that previous CLIENT_HANDSHAKE_TRAFFIC_SECRET,
SERVER_TRAFFIC_SECRET_0, etc. are unusable. As a quick workaround,
extend the key log format with new labels similar to the old one (but
with "QUIC_" prepended to it).

To match draft -13, rename the original "handshake cipher/secret" to
"initial cipher/secret" and add a new "handshake cipher".

Potential limitation: if the client/server addresses/ports change since
the Initial Packet, then a new TLS session is created in the TLS
dissector. Attempting to retrieve secrets after the change will fail
since the Client Random is empty and the secret cannot be linked.

Another more common limitation: (Certificate) handshake messages that
span multiple CRYPTO frames are not correctly recognized.

Change-Id: I2932c3cc851fae51e8becf859db53ccc5f4beeda
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29677
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

packet-rsl: Fix dissection of "CB Command Type" IE

The "CB Command Type" IE is described in 3GPP TS 48.058 Section 9.3.41,
and consists of three fields. Prior to this patch, the dissector would
decode none of them and instead produce a non-applicable "channel type"
dissection.

Change-Id: Ibb97432871df1276524fe96512ac1b67d5c5d3f0
Reviewed-on: https://code.wireshark.org/review/29683
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NBAP: Remove #if 0'd code

Change-Id: I26802540239fbb94112e60bea4b10b2ca237d7f4
Reviewed-on: https://code.wireshark.org/review/29685
Reviewed-by: Anders Broman <a.broman58@gmail.com>

FP: Remove #if 0'd code

Change-Id: I422cc21bec0b9b12747dfc0d370ec4cf479a6e25
Reviewed-on: https://code.wireshark.org/review/29682
Reviewed-by: Anders Broman <a.broman58@gmail.com>

FP: HS-DSCH - Use RLC mode from NBAP

If found in NBAP, use the RLC Mode indicated and spare guessing by the MAC-d Flow ID.

Change-Id: Ie46922d53863667db630957a771092bc5ad00912
Reviewed-on: https://code.wireshark.org/review/29686
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: refactor packet protection cipher initialization

The old key update mechanism was never tested and was probably broken
(using "pp_state->cipher[1 - key_phase]" does not seem correct). To
prepare for the handshake cipher (draft -13), refactor it a bit and
remove the PKN parameter.

Change-Id: I481cc00e2e1d44024a709f8b4115ffe5924988e7
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29676
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: use single field for all long header payloads

Until draft -12 all payloads were the same. To prepare for draft -13
where different ciphers are used, combine them for now to make
refactoring easier.

Change-Id: I2df57ea48b8f5fda4b1d96f0fa35d64a32ccebf8
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29675
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: wire up CRYPTO frames with TLS 1.3 Handshake (draft -13)

This recognizes the Client/Server Hello message in the Initial Packets.
Full (handshake) decryption remains a task for later.
Prevent STREAM 0 from being treated as TLS while at it.

Change-Id: I27193a15be777c568b6b009141cbc59bcf3e8ad6
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29646
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Add TP disable migration from draft-13

add new Transport Parameter disable_migration(9) from draft-13

Ping-Bug: 13881
Change-Id: Ie80cc16c8548264875311f4a66e43bd7bfcb883e
Reviewed-on: https://code.wireshark.org/review/29674
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Fix typo and align code

Ping-Bug: 13881
Change-Id: I2377f4e1d193c8a2948f6cfebb029a1c80d370b3
Reviewed-on: https://code.wireshark.org/review/29672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Update TP to draft-12

Add new TP preferred_address and also update comment

Ping-Bug: 13881
Change-Id: I94d015769165933ef76123a338982b3a4238fb59
Reviewed-on: https://code.wireshark.org/review/29671
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Update assigned Transport Parameters (draft-13)

There is a conflict with some other extensions (compressed_certificate...)

with draft-13, QUIC use 0xffa5 (65445) for Transport Parameters extensions

Ping-Bug: 13881
Change-Id: Iaeeb21dd68038fbb8865d91c89f3216bd4a97af5
Reviewed-on: https://code.wireshark.org/review/29673
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

QUIC: Remove OMIT_CONNECTION_ID Transport Parameter

Remove in draft -11

Ping-Bug: 13881
Change-Id: I27275167f006e30afe9f2a5eff43692fa3be4315
Reviewed-on: https://code.wireshark.org/review/29670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

gsm-gsup: correct value OSMO_GSUP_CANCEL_TYPE_*

The value has to be reduced by one as the comment already describes.

Change-Id: Ib33465e0450f05779856f23800fc3bb1703cbff6
Reviewed-on: https://code.wireshark.org/review/29678
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

[Automatic update for 2018-09-16]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I0dd227496fdf196a63f29e57aac716c41a70dd48
Reviewed-on: https://code.wireshark.org/review/29679
Reviewed-by: Gerald Combs <gerald@wireshark.org>

FP: Fix trying to resolve out-of-range LCHID

LCHID value of 15 indicates 'BCCH or PCCH' over
HSDSCH and hence the MAC Content shouldn't
be resolve by the ID.
Also, make separate 'c/t' and 'lchid' concepts
in the dch conversation info parsing.

Bug: 14889
Change-Id: I7a3a8556108caf60c527e4cb5241dfad4ea9a331
Reviewed-on: https://code.wireshark.org/review/29657
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssl,ssl-utils: remove PCT support

This protocol was superseded by SSLv3 and has been disabled in MS
products long time ago.

Change-Id: If29bcfad394ba55c7d6605626762c29055a02ae9
Reviewed-on: https://code.wireshark.org/review/29667
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

lwm2mtlv: Show resource name in a generated item

Change-Id: I9892755f8a97e535ba893ec7987df3a0bf39870a
Reviewed-on: https://code.wireshark.org/review/29663
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>