3b4c215a5f associated .scap files with Wireshark. Make sure they're just
associated with Stratoshark.
Split our wiretap file extension lists into separate versions based on
application flavor.
Fixes#20583
If a subset tvb is passed in and dissection starts at zero relative
to that tvb, the returned value is already correct and doesn't need
the parent tvb offset subtracted.
The max indent was 160. For deeply-nested protocol trees, as was
found in a NR Radio Resource Control packet, reported by
Tamás Regős, this maximum could be reached. This fix increased it to
1024.
The CHANNEL_DATA in these cases are stdout and stderr, so this is
more appropriate. If a pty has been negotiated there will be ANSI
escape codes included.
as specified in the standard, the call identifier is a 14 bit word,
but in many pdu-types in the in tetra.asn the call identifier was
declared as a 10 bit word.
This mistake is corrected, and the file epan/dissectors/packet-tetra.c
is automatically generated with asn2wrs.py
For reference see the following tables of ETSI TS 100 392-2:
- Table 14.21
- Table 14.23
- Table 14.31
- Table 14.32
- Table 14.24
- Table 14.22
- Table 14.5
- Table 14.4
- Table 14.7
- Table 14.8
- Table 14.6
- Table 14.16
- Table 14.18
Adding heuristic dissection function to detect
NMEA0183 over UDP ports. Adds manufacturer
lookup table values as part of the heuristic
detection logic. Heuristic disabled by default.
Use an existing true_false_string that has the correct values for
Client to Server and Server to Client. Also fix a spelling in an
expert info description.
Check for an identical personal plugin or extcap directory, and don't
try to load extcap or plugins a second time from an identical directory.
This mostly can happen when using the --global-profile option, though I
suppose there are other methods as well like links.
Prevents some warnings about trying to load the same plugin or extcap
(or a plugin or extcap of the same name) like:
tshark: The plugin 'usbdump.dll' was found in multiple directories
** (tshark:11896) 07:28:36.907856 [Extcap WARNING] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap.c:1955 -- process_new_extcap(): Cannot store interface C:\Program Files\Wireshark\extcap\ciscodump.exe, already loaded as personal plugin
tshark: Unable to load sinsp plugin C:\Development\wsbuild68\run\RelWithDebInfo\plugins\falco\cloudtrail.dll: Caught sinsp exception cannot register plugin C:\Development\wsbuild68\run\RelWithDebInfo\plugins\falco\cloudtrail.dll in inspector: found another plugin with name cloudtrail. Aborting..
Ping #20454
Add the ability to specify is a custom UUID is a long attribute to
the custom UUIDs UAT. Abstract the access to the trees involved,
in case the storage changes. Constify a few functions.
Fix#20537
After ae9da806947f66d2ea8bf77ca9c2ccdcd89f5483 androiddump properly
checks to see if sockets timeout on Windows (recv doesn't set errno
on Windows), so we can use a timeout instead of stalling.
Fix#20526
"Error codes set by Windows Sockets are not made available through the
errno variable... The WSAGetLastError function is intended to provide a
reliable way for a thread in a multithreaded process to obtain per-thread
error information."
https://learn.microsoft.com/en-us/windows/win32/winsock/error-codes-errno-h-errno-and-wsagetlasterror-2
So on Windows, do not check errno to determine if we have timed out but
instead check if SOCKET_ERROR was returned and call WSAGetLastError.
Ping #20526
The next commit will re-introduce a timeout on non-blocking sockets
(this change prevents re-opening #20386.)
Note that unfortunately the SSH protocol does not specify the encoding
for these strings, which must match whatever the server expects. (The
bytes returned in CHANNEL_DATA messages are affected by environment
variables and the shell defaults, but these strings are passed directly
to execve.) In practice they must not have internal NULs or use wide
characters (so no NUTF-16), and OpenSSH ports to Windows, IBM z/OS, etc.
force the use of UTF-8 or ISO-8859-1 rather than attempt to deal with
non ASCII-compatible encodings.
Also fix the indentation in ssh_dissect_connection_specific to match the
rest of the dissector and EditorConfig.
Use socketcan.[c|h] for shared (Socket)CAN functionality where the wiretaps create records of the WTAP_ENCAP_SOCKETCAN encapsulation type.
Adjust existing "homegrown" structures to use as much of the "shared" data structures from socketcan.h so that all can use the single function wtap_socketcan_gen_packet() to create records.
RFC 4253 6: "[T]he length of the concatenation of 'packet_lVength',
'padding_length', 'payload', and 'random padding' MUST be `a multiple
of the cipher block size or 8, whichever is larger,... even when
using stream ciphers."
Modes that do not encrypt plen with the same key as the other three
cannot follow this as written and delete 'packet_length' from the
above sentence. As padding_length is one byte and random_padding at
least four, packet_length must be at least 8 in all modes.
This is not really necessary for AES GCM, because the block size is
16, but does affect some other modes such as -etm modes or ChaCha20.
Calculate the dropped packet count percentage from the total
number of packets, not only the captured packages. This gives
a better number for percentage of dropped packets.
Add a SSH heuristic dissector that looks for the Version Identification
String.
If we have heuristics, we can't just use match_uint (which isn't set
when heuristics or conversation matching are used for the dissector.)
There should be some additional changes later to handle the rare case
where the server version string comes first, or if the client version
string is missing. The initial strings and SSH_MSG_KEXINIT are equivalent
in either direction; it is not until the key exchange actually starts that
server versus client can be determined.
Add the block option OPT_PKT_DROPCOUNT to cf->drops. This will
show the number of dropped packets in the status bar, and in the
Capture File Properties dialog if the capture does not have a
Interface Statistics Block.
