aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors
AgeCommit message (Collapse)AuthorFilesLines
2020-01-12[Automatic update for 2020-01-12]HEADmasterGerald Combs1-0/+8
Update manuf, services enterprise numbers, translations, and other items. Change-Id: Ie93b6e343a90ab33b15e5be1814e9b988101ee28 Reviewed-on: https://code.wireshark.org/review/35750 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2020-01-11S1AP: upgrade dissector to v15.8.0Pascal Quantin9-3840/+3841
Change-Id: I53d1a30f02f8325472a7fd63cb16ca2b1917f9a1 Reviewed-on: https://code.wireshark.org/review/35748 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-11Compilation fixes when CMAKE_BUILD_TYPE = MinSizeRel (-Os flag).Roman Koshelev6-7/+11
Compiler - gcc 8.3.0 These are mostly errors 'may be used uninitialized in this function' Change-Id: I6a8f7172c99024fd449570937b030e37c0ea5c3d Reviewed-on: https://code.wireshark.org/review/35746 Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-11ber: display x509af.utcTime year in 4 digitsAndre Luyer18-32/+87
Because: - the 2-digit year can only be in the range 1950..2049 according to https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 - to avoid confusion, interpreting the year/month/day in a different order may still represent a valid date. - now both utcTime and GeneralizedTime are displayed in exactly the same way. - some tools, like Perl, apply a different date range when converting 2-digit years. In packet-ber.c two parameters are added to the function dissect_ber_UTCTime: datestrptr: if not NULL return datetime string instead of adding to tree or NULL when packet is malformed tvblen: if not NULL return consumed packet bytes Also the memory allocation for outstr is now done using the recommended method as described in the README.developer document. The calling function in x509af/x509sat uses this to prepend the century. Added generated files. Change-Id: I714c2e8e7f899211caaa1f4136ca0d27cb1aba4a Reviewed-on: https://code.wireshark.org/review/35414 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org> Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-11Add Cisco Miscabling ProtocolJoerg Mayer2-0/+308
Change-Id: Iab98bfeb2ab8aa2314e74ff4330b85e7f6533a48 Reviewed-on: https://code.wireshark.org/review/35116 Petri-Dish: Jörg Mayer <jmayer@loplof.de> Tested-by: Petri Dish Buildbot Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2020-01-11Implement all mapping macros for the new proto tree APIJaap Keuter2-3/+3
The new proto tree API uses mapping macros to map calls to the proto_tree_add_* functions. These were defined for the up til then in use functions. In the mean time functions have been added and workarounds for non mapped functions were used. This change adds the missing mapping macros so that now all proto_tree_add_* functions taking a hfi address are mapped properly. Also fix two dissectors that failed the mapping. Change-Id: I91d800439fe2c4487ca53c00c44d7aa46ce70e1d Reviewed-on: https://code.wireshark.org/review/35743 Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Jörg Mayer <jmayer@loplof.de> Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2020-01-10Use symbolic values for Cisco's LLC PIDsJoerg Mayer8-30/+36
Change-Id: I4cc99cef1e52fcce308608dd95befa2286787b16 Reviewed-on: https://code.wireshark.org/review/35728 Petri-Dish: Jörg Mayer <jmayer@loplof.de> Tested-by: Petri Dish Buildbot Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2020-01-10DOIP: Trivial typo fixedDr. Lars Völker1-1/+1
In doip_versions is a trivial typo "identifcation", which is fixed by this patch. Bug: 16325 Change-Id: Ia432d505fdf57606cd72ac63c80fca5066c37ff3 Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de> Reviewed-on: https://code.wireshark.org/review/35736 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
2020-01-10DLT: Fixing parsing of multiple DLT message in a single UDP packet.Dr. Lars Völker1-6/+7
The current implementation of DLT will only dissect the first message and skips all other messages in an UDP packet. Wireshark will mark all bytes in the UDP payload belonging to the first message. This is wrong and being fixed in this patch. Bug: 16321 Change-Id: I7929caaf415e59220c29a8481d8671e71b00db0c Signed-off-by: Dr. Lars Völker <lars.voelker@technica-engineering.de> Reviewed-on: https://code.wireshark.org/review/35731 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-10NAS 5GS: correction of QoS Rules with the length of two octetsJoakim Karlsson1-4/+7
Change-Id: I2d5c2e714067ec3198e24c54145315c009b56198 Reviewed-on: https://code.wireshark.org/review/35729 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-10Add initial version of a dissector for the Paloalto heartbeat backup protocol.Joerg Mayer2-0/+123
Change-Id: I79b6c42df983c6dae6cce866f3cfdd673a6a7f0b Reviewed-on: https://code.wireshark.org/review/35721 Petri-Dish: Jörg Mayer <jmayer@loplof.de> Tested-by: Petri Dish Buildbot Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2020-01-10BGP: MPLS label for EVPN Extented communityUli Heilmeier1-1/+19
Dissect MPLS label fields for EVPN Extented Community. RFC7432 section-8.2.1 defines only a SHOULD for ESI label set to a MPLS label when Single-Active redundancy mode is desired. Therefore and not break current implemntation we only add the additional dissection of the MPLS label bits. Bug: 16313 Change-Id: Iad2561b90aeace212f79a874efb59af917aca3f1 Reviewed-on: https://code.wireshark.org/review/35692 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2020-01-10tpncp: replace stack variable with dynamic allocation.Dario Lombardo1-3/+1
The size of the stack triggers an error on clang: ../epan/dissectors/packet-tpncp.c:410:1: error: stack frame size of 26152 bytes in function 'init_tpncp_data_fields_info' [-Werror,-Wframe-larger-than=] init_tpncp_data_fields_info(tpncp_data_field_info *data_fields_info, FILE *file) ^ 1 error generated. Change-Id: Ia7d1d609b339eff6ffa023d9c0bf47caf6bd9851 Reviewed-on: https://code.wireshark.org/review/35715 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-10Netlink: Properly interpret and mask out attribute typeJaap Keuter1-5/+10
The netlink attribute type is a 16 bit field, of which the two top most bits are booleans. Interpret them as such. The remaining 14 bits form the attribute type value. Due to the flexible way the interpretation is setup, through the use of family specific code, the header field for the attribute type value has to have a proper mask. Otherwise the two top bits are taken (incorrectly) as part of the value. Since this may not be obvious to the netlink family dissector creator better enforce it by adding the masked value in the underlying netlink dissector, using whatever header field is given for this. Change-Id: I791f9b1de01505d4a4793abbcf62e596b864e2f0 Reviewed-on: https://code.wireshark.org/review/35725 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-10packet-kerberos: try to fix the build on macOS 10.14Gerald Combs2-17/+39
/usr/lib/libkrb5.dylib doesn't have krb5_pac_verify(). This hopefully fixes the build problem introduced by commit d9aab840a75ededc286b8e9894e5af7ce6298bbc Change-Id: Ib354a59cbc20c6bf97ddc029d8b042d4aea6dae9 Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35713 Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs <gerald@wireshark.org>
2020-01-09NR RRC: upgrade dissector to v15.8.0Pascal Quantin6-192/+323
Change-Id: I2001239b765ab766c31c0e4181e25e43d8d9c761 Reviewed-on: https://code.wireshark.org/review/35723 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-09LTE RRC: upgrade dissector to v15.8.0Pascal Quantin11-1116/+1115
Change-Id: Ib480626891c1796623902c6dfe24183ead59112e Reviewed-on: https://code.wireshark.org/review/35722 Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Pascal Quantin <pascal@wireshark.org>
2020-01-09packet-ip.c: The return value is already calculated and returned by the ↵Joerg Mayer1-4/+2
previous call. Change-Id: I9471e4f823d82d31d41ccd21728358ab363854cd Reviewed-on: https://code.wireshark.org/review/35719 Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2020-01-09Add Ethertype 8988 used on the heartbeatlink inside a Paloalto firewall clusterJoerg Mayer1-1/+2
Change-Id: Id1aef0ba84e17ee15c51af3110a1af4636fd6e4d Reviewed-on: https://code.wireshark.org/review/35718 Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2020-01-09TPNCP: Update from downstreamOrgad Shaneh1-445/+405
* Support little-endian systems * Improve error reporting * Implement some new features in the protocol Change-Id: I73e07a588c4a028fd0c22e1570adb7957ba2d52f Reviewed-on: https://code.wireshark.org/review/35467 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2020-01-09TCP: fix DESEGMENT_UNTIL_FIN handling in combination with OoO trackingPeter Wu1-2/+27
For dissectors that expect reassembly at FIN (for example, the WHOIS dissector), the expected end of the reassembly is not known until the FIN packet is received. We cannot rely on 'nxtseq' being valid, and certainly not use it to set the end of the reassembly using fragment_reset_tot_len. Since (1) OoO segments before FIN are already properly handled without extra care, and (2) OoO FIN is already broken, just disable OoO handling when DESEGMENT_UNTIL_FIN is requested. This ensures that reassembly at FIN is not skipped due to lack of data. Explicitly calculate 'nxtpdu' for the FIN case. Previously it happened to work because streams were often smaller than DESEGMENT_UNTIL_FIN (0x0ffffffe, 256MiB), but that was not obvious. Bug: 16289 Change-Id: I9b9468925d49765e21e58136c8a2366da082eeba Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments") Reviewed-on: https://code.wireshark.org/review/35543 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09GSUP/SMS: also dissect ToN/NPI header in SM-RP-DA/OAVadim Yanitskiy1-4/+8
Unlike IMSI, both MSISDN and SMSC Address in SM-RP-OA/DA not only contain the BCD encoded digits, but also a little header with NPI (Numbering Plan Identification), ToN (Type of Number), and Extension fields. IE: SM-RP-DA (Destination Address) Information Element Identifier: SM-RP-DA (Destination Address) (65) Information Element Length: 8 Address Type: SMSC Address (3) 1... .... = Extension: No Extension .001 .... = Nature of number: International Number (0x1) .... 0001 = Number plan: ISDN/Telephony Numbering (Rec ITU-T E.164) (0x1) E.164 number (MSISDN): 447785016005 Country Code: United Kingdom of Great Britain and Northern Ireland (44) Let's dissect that header and following address bytes using the public API from MAP dissector - dissect_gsm_map_msisdn(). Change-Id: Idc8a098926d38770002ba689efcf2c794c6b18d9 Reviewed-on: https://code.wireshark.org/review/35664 Reviewed-by: Pascal Quantin <pascal@wireshark.org> Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09DCERPC: display various driver version fields as hexGünther Deschner1-4/+4
Guenther Change-Id: I39eecf3e864df401dff9236d9614a5bd6ca68427 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-on: https://code.wireshark.org/review/35693 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09packet-kerberos: try to verify the PAC checksums and display the used keysStefan Metzmacher2-7/+239
This makes it much easier to analyze how PAC signing is supposed to work with trusted domains. Change-Id: I9993e5d92b7efee5aa91cd0e2005787f7d384444 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35704 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09BGP: Add EVPN Layer 2 Attributes Extended Community (RFC 8214)Jaap Keuter1-0/+76
Bug: 16287 Change-Id: Ic76972c2c99d0206c68703bee924c0e16ffdeae7 Reviewed-on: https://code.wireshark.org/review/35702 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09packet-kerberos: add a hint to the used decryption key into the proto treeStefan Metzmacher2-15/+33
This makes it much easier to understand which key is used were. Change-Id: I6f4bb1e46abb30212a87be2b574dc2679d8b7aed Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35695 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-09packet-kerberos: re-add dissection of ntstatus (KERB_EXT_ERROR) in PA-PW-SALTStefan Metzmacher3-62/+188
We autodetect the length a 12 bytes and the 0 (4 bytes) and 1 (4 bytes) values after the 4 bytes NTSTATUS field. See [MS-KILE] 2.2.1 KERB-EXT-ERROR. Change-Id: I19345cb3f9c863e54a8f16002987912487f7d76a Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35694 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-08Netlink: remove encoding copies and, by extension, nl_data copiesJaap Keuter7-177/+136
The underlying netlink dissector sets up a data structure to help maintain information about the netlink packet. This contains the encoding information as determined for this packet. Use this value in place of the copy that every netlink dissector makes in its private data structure. As a consequence the encoding field can be removed from these private data structures. Since the encoding field is now directly available from the data structure setup by the underlying netlink dissector, the private data structures also do not need to keep a pointer to this underlying netlink dissector data structure. This change replaces the use of the local copy of encoding with the original one. This change, by extension, also removes the encoding field and the pointer to the underlying netlink dissector data structure as these are no longer needed. The exception is the generic netlink dissector, which implements the dynamic netlink famiily subdissector table. Change-Id: Ida0065379c19ae68caf6d87860828b48766c1998 Reviewed-on: https://code.wireshark.org/review/35698 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-08packet-smb2: add support for SMB2_FILE_NORMALIZED_NAME_INFOStefan Metzmacher1-0/+31
Change-Id: I58d9db510181c5872be14e9feb4f35c2e6e41a39 Reviewed-on: https://code.wireshark.org/review/35595 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2020-01-08packet-dcerpc-netlogon: relax the data model for netlogon_auth_keyStefan Metzmacher1-70/+34
This is a change into the correct direction and allows decryption even if DCERPC security context multiplexing is not used. The final design is added as comment, which would make it possible to do decryption in all cases allowed by the protocol. Change-Id: Ided40e0028967f2a047bf2722e627800ca77054d Reviewed-on: https://code.wireshark.org/review/35680 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-08Netlink: stop hiding packet_netlink_data pointerJaap Keuter8-230/+244
The underlying netlink dissector sets up a data structure to help maintain information about this netlink packet. It gets passed through the familiy specific netlink dissectors private data structures to reappear when support funtions of the underlying netlink dissector are needed. In the mean time a copy of data (the value 'encoding' to be precise) in this structure is also maintained in these familiy specific netlink dissectors, adding to the confusion. This change is to make the underlying netlink dissector data structure a normal part of the function interfaces, so that it is present without being dependant on another private data structure. This change is a first step towards removing the unnessesary copy of the encoding value. Change-Id: I69e78a2b15e58e149e82e89c19e519ef041ee6b1 Reviewed-on: https://code.wireshark.org/review/35688 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07dcerpc-netlogon: fix compilation with older gcrypt versions.Dario Lombardo1-1/+9
GCRY_CIPHER_MODE_CFB8 has been introduced in gcrypt 1.8.0: https://abi-laboratory.pro/?view=changelog&l=libgcrypt&v=1.8.0 Add conditional compilation code for older versions. Change-Id: I756cc118fce261a6e1a580f4a6a244c8ff0b381f Reviewed-on: https://code.wireshark.org/review/35678 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Dario Lombardo <lomato@gmail.com>
2020-01-07BGP: update Well-known CommunitiesUli Heilmeier1-1/+10
Update the well-known communities as defined by https://www.iana.org/assignments/bgp-well-known-communities/bgp-well-known-communities.xhtml Communities for expired drafts has been ignored. Change-Id: I3dedea2bdaad8feda3c7f1d9886092d4c02d6f95 Reviewed-on: https://code.wireshark.org/review/35602 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07TFTP Header End FixRoman Koshelev1-2/+4
Change-Id: I70d66bb49384f2eac865a81ffc23b76362c37191 Reviewed-on: https://code.wireshark.org/review/35578 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07NL80211: Remove global variable m_pinfo from dissectorJaap Keuter1-29/+40
The Netlink 80211 dissector has a global variable to pass the pinfo pointer to dissection routines that need it. Replace this by properly passing it to the functions via a new private data structure, akin other netlink dissectors. Change-Id: Ie08e370b65f7068c01cc93100657e3b8baa5fd63 Reviewed-on: https://code.wireshark.org/review/35657 Reviewed-by: Pascal Quantin <pascal@wireshark.org> Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-smb2: handle SMB2_CHANNEL_RDMA_V1_INVALIDATE for readStefan Metzmacher1-0/+1
Change-Id: I96045fb2b07d8bae26360558f34dd6de3442ecd0 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35594 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-smb-direct: move Flags into data_tree.Stefan Metzmacher1-1/+1
Change-Id: I919994c084d4f5702b0a6d504c8cd5a8b716498b Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35596 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: implement NETLOGON_FLAG_AES decryptionStefan Metzmacher1-14/+159
Change-Id: I2ff05f528fe8c3ab6f5407c0289064b62f3f0202 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35593 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: remove STRONGKEY related processing from get_seal_key()Stefan Metzmacher1-24/+27
This won't be needed for NETLOGON_FLAG_AES. Change-Id: I668bca15ed13e5a2767fa3e39c5cad0d510a8f5d Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35592 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: split out prepare_decryption_cipher[_strong]()Stefan Metzmacher1-11/+56
Change-Id: Ie63c2d0311be058c5694245d8576ea75d7e6bc14 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35591 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: split out uncrypt_sequence_strong()Stefan Metzmacher1-2/+16
Change-Id: Ie58377b319632c74ad61c2df42e690466b5c5608 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35590 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: use the correct NETLOGON_FLAG_AES flagStefan Metzmacher1-8/+10
See [MS-NRPC] 3.1.4.2 Netlogon Negotiable Options, it's flag W: Supports Advanced Encryption Standard (AES) encryption (128 bit in 8-bit CFB mode) and SHA2 hashing ... Change-Id: I4b677e1ca1c3b3b9bc47ccc412380cc18659fd5d Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35589 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07packet-dcerpc-netlogon: fix the build with DEBUG_NETLOGONStefan Metzmacher1-2/+2
Change-Id: Iab70f2847343f934864cf205569fe64cf9e98d9b Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/35588 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07UDP: Add a filter for payload.Anders Broman1-3/+16
A filter for payload makes it easier to exoprt it. Change-Id: I0732c60c7fac37283fcbe6508d5e27bcd3c603fd Reviewed-on: https://code.wireshark.org/review/35519 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-07NAS 5GS: add missing R15 bits in 5GS network feature support IEPascal Quantin1-1/+29
Bug: 16310 Change-Id: I52a3e8bbe6ae89c227cd0eee58bb46ba37eceeb6 Reviewed-on: https://code.wireshark.org/review/35676 Reviewed-by: Pascal Quantin <pascal@wireshark.org> Petri-Dish: Pascal Quantin <pascal@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-01-06USB MSC: Dissect subclass and protocol codesTomasz Moń2-1/+64
Change-Id: I7a818a11352e437a9492f896557c3348abe33c95 Reviewed-on: https://code.wireshark.org/review/35668 Petri-Dish: Tomasz Moń <desowin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2020-01-06USB Audio: Fix Feature Unit Descriptor dissectionTomasz Moń1-12/+26
Properly calculate the number of logical channels in the cluster. Report expert info if number of channels does not turn into integer. Bug: 16305 Change-Id: I028f3f00912629351641ef9297864ea832629cf0 Reviewed-on: https://code.wireshark.org/review/35656 Petri-Dish: Tomasz Moń <desowin@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2020-01-05IPv4: Fix incorrect expert info for IGMP TTLJoão Valverde1-4/+7
IGMP uses TTL = 1 for the network control block. The code assumes a certain registered multicast destination address always carries traffic for that protocol, which isn't true. For example mDNS usually uses a TTL of 255 but IGMP Membership reports use a TTL of 1 for the same destination address. The end result is that IGMP traffic to mDNS multicast destination shows a confusing and incorrect "TTL != 255 for the Local Network Control Block" expert info. Rename the "ttl" variable for clarity. Change-Id: I693306cd6531aa250a6f5884a6731a2ea254bf2a Reviewed-on: https://code.wireshark.org/review/35639 Reviewed-by: João Valverde <j@v6e.pt> Petri-Dish: João Valverde <j@v6e.pt> Tested-by: Petri Dish Buildbot Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2020-01-05SIP: authorization validation segfault on missing fieldserikdejong1-1/+2
Fix for segfaults caused by missing username and or realm fields when validating SIP authorization. Change-Id: Ia418f2a7f036ef706fcd6e4a766ea43098a6883d Reviewed-on: https://code.wireshark.org/review/35644 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2020-01-04IPv4: Fix indentation (use spaces)João Valverde1-3/+2
Change-Id: Ie89c3c958567182c1f5fe66cff23522e797a3e78 Reviewed-on: https://code.wireshark.org/review/35640 Reviewed-by: João Valverde <j@v6e.pt>