epan: Fix netlink dissector with FPM. FPM Header is repeatedIn case of traditional netlink, the "cooked" header is only once
per packet, followed by multiple netlink packetes.
In case of FPM, we repeat the FPM header for each netlink block
inside the packet
Signed-off-by: Martin Winter <mwinter@opensourcerouting.org>
dot11decrypt: Fix Fast BSS Transition decryption on big-endian systemsThe mdid field used as input for the PTK derivation for Fast BSS
Transition is incorrectly converted to little-endian byte order.
Due to this the derived PTK is invalid on big-endian systems,
making the decryption fail. This error also results in a few failed
tests on big-endian systems.
The mdid field is a 2-octet value, not a 16-bit value so byte order
conversion should not be applied. Fix b...
ieee80211: Fix Block Ack bitmap parsing for large bitmapsMake sure to use the correct bit offset for retrieving the bit
and reporting frame number after the first 8 bytes of the offset.
Fix up issue accidentally introduced by 43d06c9fb3b287a3b9c0c85cd7
when trying to support the 64 and 128 byte block ack bitmaps in
802.11be (Wi-Fi 7)
Fix #20156
Diameter: Dissect User-Name as EAP NAI on STa, SWm, S6b, etc.Per 3GPP TS 29.273, on STa, SWm, S6b, SWa, and SWd when Command
Code 268 (Diameter-EAP) is used, the User-Name AVP "shall be represented
in NAI form as specified in IETF RFC 4282 [15] and shall be formatted
as defined in clause 19 of 3GPP TS 23.003 [14]. This IE shall include the
leading digit used to differentiate between authentication schemes,"
Dissect it as such. Note that on the those app...
RADIUS: Split out the illegal Ascend attributes in RFC 6929 spaceAscend products used a large number of RADIUS attributes in an
illegal manner. The subset of attributes in the IETF RFC 6929
extended attribute space are still fairly commonly used, especially
242.
By default we dissect those as the RFC 6929 extended attributes.
We have a preference to disable the RFC 6929 handling.
Including by default a dictionary with the Ascend illegal attributes
in the e...
Restrict Wi-SUN Vendor ID to 2 bytesFrom Wi-SUN FAN 1.1v08 sections 6.3.2.3.1.6 and 6.3.2.3.2.3:
This field MUST NOT exceed 2 octets in length, providing for Vendor
Identifiers no larger than ((2^14) -1).
dftest: Read (list of) filters from a file (inc. stdin)dftest is very fast about compiling and testing filters;
almost all of its runtime is the startup procedure. Sometimes
you might have a large number of filters all of which need
to be checked for validity.
The existing dftest, like some of the other command line programs,
after processing options concatenates all the positional arguments
into one big string, with a single space between them. (...
TCP: Defer getting the window size until laterIf the TCP header isn't long enough to contain the window size
(due to truncation), don't do sequence analysis (because we
need the window size for that) but otherwise defer retrieving
the window size and adjusting it until we're ready to add it to
the tree and we're done adding the stream number, flags, etc.
This allows a lot more information to be put in the tree in the
edge case where the T...
DHCP: Dissect generic encapsulated vendor-specific optionsPer RFC 2132 8.4, 'if a vendor potentially encodes more than
one item of information in this option [43], then the vendor
SHOULD encode the option using "Encapsulated vendor-specific
options"'.
Thus, have a test for generic encapsulated vendor-specific
options before falling back to single opaque bytes. This is
done after all the vendor-specific heuristic dissectors, and
treats each suboption ...
dot11decrypt: Fix TKIP broadcast frame decryptionFor WPA2 mixed mode (CCMP+TKIP) the EAPOL key_version can't be used
to determine that TKIP method is used. Instead as per IEE 802.11
specifications the encryption method used for pairwise and group
traffic is negotiated through cipher suite selection. Fix TKIP
broadcast frame decryption by adding a check on used group cipher
suite.
Add also a test case to avoid future regression.
Solves: #19994
tools: Use esnacc instead of snacc in asn2debThe snacc package is about to be removed from Debian, but esnacc,
a newer active fork from http://esnacc.org/ stays available.
wmem_tree: Actual removal of wmem trees with 32 bit int keysThe current fake removal of entries from wmem_trees works fine
with wmem_tree_lookup32 but breaks wmem_tree_lookup32_le, because
the removed element is found, and there's no backtracking to find
the next larger non-removed element.
Implement actual removal, including fixing up the red-black tree
after the deletion.
Add a few tests
file: Fix find with no frame selected, wrap, and no matchWhen searching with no frame selected, the previous frame
number is set to 0 and the original frame data is NULL. If
wrapping is allowed, then the current frame and frame data will
never match those values, so the search will never end in failure.
That means that if no frame matches the search criterion, the
find will never stop unless the user manually stops it.
Don't wrap when no start packe...
test: Fix Sharkd TLS secrets test on Big-EndianThe file used, tls12-dsb.pcapng, has two used CLIENT_RANDOM
secrets, and the order in which they're output is related to
iterating over a hash table and is unpredictable. In particular,
it's different on Big Endian platforms than Little Endian.
Test for the Base64 of either of the two possibilities.
Ping #19965
DHCP: Strengthen Alcatel-Lucent Option 43 heuristicsThere are other vendors besides Alcatel-Lucent that for Option 43
use a generic encapsulated suboption structure like in Option 125.
If the Alcatel-Lucent Option 43 heuristic dissector sees a suboption
number that is used by Alcatel-Lucent Option 43 with a fixed length
but the actual length is wrong, reject it. It might be that of a
different vendor.
That prevents reporting errors and aborting...
FTDI FT: Fix endpoint to interface mappingThe endpoint to interface mapping is broken since commit baf0bfc263ea
("USB: Store endpoint with direction flag in usb_conv_info"). Fix the
issue by using both endpoint number and direction flag in the switch
statement. Correct the endpoint IN and OUT comments to adhere to USB
specification naming (IN is from device to host, OUT is from host to
device).
rtp_media: Support playback of RTP/IuUP/AMR(-NB) packetsAllow playing IuUP over RTP streams containing AMR narrowband payload.
Support for AMR-WB or other formats is left as a TODO for the future,
since some networks operate solely with AMR-NB.
rtp_media: Refactor rtp_decoder_t creation and lookupMove rtp_decoder_t creation and lookup to helper functions, so it can be
called from several places in the future.
This will be needed once we add RTP/IuUP/AMR playback support, since
we'll need to hook an intermediate code path to pass trhough the IuUP
frame and then generate AMR frames from the AMR IuUP payload which the
AMR decoder can digest.
rtp_media: Make decode_rtp_packet_payload() staticThis function is not used anywhere other than in the same file, hence
mark it as static to ease understanding the whole rtp_media code.
packet-iuup: Add header file packet-iuup.hSome of these will be needed by ui/rtp_media module
later on in order to be able to feed RTP/IuUP/AMR payload
to the RTP player.
packet-{rtp,iuup}: Add field in rtp_info to identify as iuupThis can be used later on by the RTP decoder/player to easily identify
IuUP payload inside RTP and have special logic to decode AMR inside it.
packet-amr: Drop struct amr_oa_hdr definitionSince packed structures are not accepted, this structure lost its
purpose, hence drop it since it won't be used by follow-up patches.
SMB2: Fix a null pointer dereferenceWhen one of the dissectors in the smb2_dissector array is
called (ed. this should probably be a dissector table),
si, the smb2_info_t is never NULL. However, si->saved might
be NULL.
Check for si->saved in one case. Fix #20149.
Remove some redundant checks for si when we only need to test
for si->saved, which quiets about a dozen Coverity warnings
about unnecessary extra null checks.
David Lamparter
Martin Winter
Mikael Kanstrup
John Thacker
Taisuke Sasaki
John Thacker
Martin Mathieson
Gerald Combs
Tomasz Moń
Martin Mathieson
Chuck Craft