Gerald Combs [Sun, 2 Dec 2018 02:32:28 +0000 (18:32 -0800)]
maxmind: Simplify our read logic.
Don't bother checking to see if our pipe has data.
Change-Id: I55f24850a16f66be9c679ad51e35df9f35c206db
Reviewed-on: https://code.wireshark.org/review/30877
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Kenneth Soerensen [Fri, 30 Nov 2018 12:43:34 +0000 (13:43 +0100)]
ZigBee: Correct unsolicited nwk update notify
- Correct cluster ID
- Parse ZDP Status
- Move from client to server
- Classify as notify instead of request
Change-Id: Idb3d26d3212af2762465d7ec02efcb8978830af3
Reviewed-on: https://code.wireshark.org/review/30859
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Kenneth Soerensen [Fri, 30 Nov 2018 12:47:52 +0000 (13:47 +0100)]
ZigBee: Classify mgmt_nwkupdate as notify instead of request
Change-Id: Ic559133086f4529f8dcc7b99cce6dbb97c11e197
Reviewed-on: https://code.wireshark.org/review/30860
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Kenneth Soerensen [Fri, 30 Nov 2018 12:34:52 +0000 (13:34 +0100)]
ZigBee: Use ZDP Status for IEEE Joining List Response
Change-Id: I66506048fbca06f124aab49a142fe24092760206
Reviewed-on: https://code.wireshark.org/review/30858
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Sat, 1 Dec 2018 07:59:00 +0000 (17:59 +1000)]
TFTP: Minor tweaks to tftp.destination_file field.
Two trivial cleanups of the definition of the tftp.destination_file field:
There is probably no need to shout DESTINATION in capital letters, and change
"source" to "destination" in the field's blurb.
Testing Done: Built on macOS 10.12.6. Examined the capture attached to
bug 10305 (tftpConversationError.pcapng, which includes a TFTP WRQ), and saw
that the capitalization of the "Destination File" field is as expected in
the packet dissection, and that the status bar now describes the field as
the "TFTP destination file name".
Change-Id: I9f5bded321c16d4e200bf1caf80ad5733ecc8287
Reviewed-on: https://code.wireshark.org/review/30857
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Fri, 30 Nov 2018 19:26:29 +0000 (20:26 +0100)]
Apply port preferences during dissector handoff registration
Handling of preferences is often done in the dissector handoff
registration. Therefore this function is often registered as
callback while registering preference handling for the module.
In this way the preferences are processed both when registering
the dissector and when changes happen.
Some dissectors opt to register a seperate callback function to
be called when preferences change. Now these have to be called
from the dissector handoff function explicitly, in order to have
the preferences processed during dissector registration.
This becomes explicitly apparent when the port registration comes
into play. With the migration to using dissector registration on
ports with preference this port (range) is often retrieved from
the preferences to match against the ports in a packet to determine
an incoming or outgoing packet of a server. In case the callback
function is not called from the dissector registration this
determination fails, until the preferences are applied/changed,
causing the preference handling callback to be called.
This change add the calling of the callback during dissector
registration, fixing some dissector port registrations in the
process.
Change-Id: Ieaea7f63f8f9062c56582a042a3a5a862e286406
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30848
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Sat, 1 Dec 2018 04:33:50 +0000 (14:33 +1000)]
Re-balance DINDENT/DENDENT macros in conversation.c.
The indent macros used for DEBUG_CONVERSATION have become unbalanced, making
the conversation debug output migrate rightwards for no good reason. This
simple change corrects it by ensuring that DINDENT and DENDENT are neatly
paired up throughout conversation.c .
Testing Done: Built on macOS 10.12.6 with DEBUG_CONVERSATION enabled. Tested
tshark with a few captures, and observed that the debug output, while still
being indented, generally stayed along the left margin of the screen instead
of migrating steadily over to the right.
Change-Id: Ic91e4562296d34f74c4d832edbf75172562672b8
Reviewed-on: https://code.wireshark.org/review/30856
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Sat, 1 Dec 2018 01:39:52 +0000 (17:39 -0800)]
maxmind: Process responses one character at a time.
Process mmdbresolve output one character at a time and only after
ws_pipe_data_available tells us that we can do so without blocking.
Bug: 14701
Change-Id: Ib8f5eabed28e9385585a022d948b83f830c6358c
Reviewed-on: https://code.wireshark.org/review/30850
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Sat, 1 Dec 2018 02:40:17 +0000 (03:40 +0100)]
TLS: really delay key lookup until it is necessary
Even if the certificate has a RSA public key, be sure to lookup the key
only if it is an actual RSA key exchange. Move the hashtable to the
secrets module to enable reuse.
Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5
Reviewed-on: https://code.wireshark.org/review/30854
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Sat, 1 Dec 2018 01:57:18 +0000 (01:57 +0000)]
CMake: Avoid link_directories()
Change-Id: Ia5fbf638dfef9150978f74c6dd4d54e207483a5c
Reviewed-on: https://code.wireshark.org/review/30852
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Fri, 30 Nov 2018 22:30:44 +0000 (23:30 +0100)]
ipsec: remove unnecessary gcry_control calls
This is already done in epan_init.
Change-Id: I2bbfd22ef4a552003dc3644e9d21b5a5ca3465ba
Reviewed-on: https://code.wireshark.org/review/30849
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
João Valverde [Sat, 1 Dec 2018 01:58:14 +0000 (01:58 +0000)]
CMake: We require version > 2.8.12
Change-Id: Ic2e8565792bd581724c5a80b382e3f125519d56d
Reviewed-on: https://code.wireshark.org/review/30851
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Bruno Verstuyft [Fri, 30 Nov 2018 13:45:34 +0000 (14:45 +0100)]
DOCSIS: Added Modem Capabilities 47-51
Change-Id: I66efc73bb27d8703872b9477c86bf7471446a32a
Reviewed-on: https://code.wireshark.org/review/30846
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Fri, 30 Nov 2018 13:42:34 +0000 (14:42 +0100)]
User Guide: fix reference to menu item
The Supported Protocols list has move from Help to View.
Also everything is presented in one dialog now.
Change-Id: Ie6105741b1307a0de062a33e4f5e3f933cd14caa
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Christophe GUERBER [Fri, 30 Nov 2018 08:12:43 +0000 (09:12 +0100)]
Fix AODV flags dissection for version draft_01_v6
Apply change 30835 to dissector functions for version draft_01_v6 of the
protocol.
Dissector code added flag values in the "branch" label. Individual flags
are '0' when expanding the branch in the packet details pane due to
wrong definition.
Values on the branch label should be added by proto_tree_add_bitmask.
Use proto_tree_add_bitmask_with_flags instead. Remove code that adds
flag values to label "by hand" and remove unused local vars.
Change-Id: I1f639e4b0e617834276f2e11283315ac8b1594f1
Reviewed-on: https://code.wireshark.org/review/30843
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Fri, 30 Nov 2018 12:00:07 +0000 (13:00 +0100)]
win32: adjust some names in the Npcap installation page
Change-Id: I29c573628c01771fd82c88c58053bb7066ac8239
Reviewed-on: https://code.wireshark.org/review/30844
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
nakarlsson [Wed, 28 Nov 2018 11:51:56 +0000 (12:51 +0100)]
PROFINET: fix dissection of IO conversasion direction
Bug: 15313
Change-Id: I5255f8b03f9d86cd7da8be34a71f0a3932bfca5c
Reviewed-on: https://code.wireshark.org/review/30821
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Fri, 23 Nov 2018 20:39:47 +0000 (20:39 +0000)]
CMake: Generate cmake target exports on Windows
CMake requires zlib to be added to the exports via epan and wiretap
targets.
Ping-Bug: 15301
Change-Id: I5cfe746e67c195eb83b1d159a2cc2a645c8c47ea
Reviewed-on: https://code.wireshark.org/review/30793
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Gerald Combs [Thu, 29 Nov 2018 01:08:27 +0000 (17:08 -0800)]
NSIS: Install NPcap instead of WinPcap.
Install NPcap 0.99-r7 instead of WinPcap in the NSIS installer. Update
and/or remove installer text, variables, and variable names accordingly.
Change-Id: Ied36f00c2516127969894f55698e70401dfffb4f
Reviewed-on: https://code.wireshark.org/review/30829
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Thu, 29 Nov 2018 23:59:25 +0000 (15:59 -0800)]
maxmind: Move response processing to a thread.
Move response processing to a thread. Blind attempt at fixing bug 14701.
Bug: 14701
Change-Id: I2b7e6a0669c4784c7c169e659fa37ea2e62c96a3
Reviewed-on: https://code.wireshark.org/review/30837
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 30 Nov 2018 00:43:57 +0000 (01:43 +0100)]
test: fix "DeprecationWarning: invalid escape sequence \("
Use the 'r' prefix to prevent backslashes from being interpreted.
Change-Id: I736d70c72a862086501a59b3c1acac0d77e2d6d3
Reviewed-on: https://code.wireshark.org/review/30840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 30 Nov 2018 00:41:21 +0000 (01:41 +0100)]
test: skip tests when GnuTLS is unavailable
GnuTLS is an optional dependency, allow tests to run without it.
Change-Id: Ib1bd7beaf1d885a157a0e1a630ccc4fbc8786af1
Reviewed-on: https://code.wireshark.org/review/30839
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 30 Nov 2018 00:31:32 +0000 (01:31 +0100)]
test: use assertRun instead of runProcess where possible
The case_decrypt_tls.test_tls_rsa_pq test is unexpectedly passing when
GnuTLS is disabled. It checks for '/' in the output, but that also
matches an error message. Use assertRun here and pretty much everywhere
else to catch such issues. Remove a few redundant returncode checks.
Change-Id: I0f9d1dadc0ca73eef9cffb3e2f452aa7c8395c95
Reviewed-on: https://code.wireshark.org/review/30838
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Christophe GUERBER [Thu, 29 Nov 2018 17:49:29 +0000 (18:49 +0100)]
Fixes AODV packet dissector for flags in RREQ, RREP and RERR
Dissector code added flag values in the flag branch label.
Values should be added by proto_tree_add_bitmask.
Individual flags were all '0' when expanding the branch
in the packet details window.
Use proto_tree_add_bitmask_with_flags instead and correct
flags values and length (as in packet-ip.c). Remove flag
values adding to label "by hand" and remove unused local vars.
Change-Id: Id5bc63d2e1a0453664d21f554f0f3b8c36d7263f
Reviewed-on: https://code.wireshark.org/review/30835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 30 Nov 2018 01:03:08 +0000 (02:03 +0100)]
debian-setup: accept GnuTLS 3.2.11 on Ubuntu 14.04 for Travis
Travis still uses Ubuntu 14.04 which ships with GnuTLS 3.2.11-2ubuntu1.
That package uses libgmp10 5.1.3+dfsg-1ubuntu1 which is not GPLv2+
compliant (libgmp10 6 or newer is needed), but aside from that it still
works. Drop the version requirement to enable GnuTLS with Travis builds.
Change-Id: I235f1127e4f56df3e16b5fa279f1929a1b9577f6
Reviewed-on: https://code.wireshark.org/review/30842
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Fri, 30 Nov 2018 00:52:05 +0000 (01:52 +0100)]
travis: increase verbosity with apt logging
Show the packages that are about to be installed.
Change-Id: Ifef21ae852075c5eb672bc0ca7b360f5b438283a
Reviewed-on: https://code.wireshark.org/review/30841
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Milan Stute [Thu, 25 Oct 2018 10:59:54 +0000 (12:59 +0200)]
Add Apple Wireless Direct Link (AWDL) dissector
More information on Apple's proprietary AWDL protocol can be found in
Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples'
Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol"
in ACM MobiCom '18. https://doi.org/10.1145/
3241539.
3241566
Bug: 15245
Change-Id: I5ce18125b3c957f338909e46f18e30405a3d3941
Reviewed-on: https://code.wireshark.org/review/30413
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 29 Nov 2018 13:47:01 +0000 (14:47 +0100)]
tls-utils: use GnuTLS for RSA decryption
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for
decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer).
Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9
Reviewed-on: https://code.wireshark.org/review/30833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 29 Nov 2018 13:46:21 +0000 (14:46 +0100)]
Drop support for GnuTLS 2.12.x, require GnuTLS 3.2 or newer
Upcoming changes need GnuTLS >= 3.0.2. Require GnuTLS 3.2 (or newer) for
licensing reasons. The Debian control file still mentions 3.2.14 because
older packages linked with a GMP library that was not GPLv2+ compatible.
RHEL6 only has 2.12.23, but is already unsupported anyway.
Change-Id: I024b2a734ebb16b73a624bb2435c254e963d8b7d
Reviewed-on: https://code.wireshark.org/review/30832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 29 Nov 2018 12:01:30 +0000 (13:01 +0100)]
(D)TLS: defer RSA private key lookup until it is really needed
RSA private keys can only be used for decrypting TLS sessions with a
full handshake that use the RSA key exchange. However currently the RSA
private key is always looked up even if it cannot be used (for example,
due to an (EC)DHE cipher or due to a resumed session).
Defer lookup of these private keys and make some more code conditional
on the availability of GnuTLS at compile time since future changes
switch to GnuTLS for RSA decryption.
Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a
Reviewed-on: https://code.wireshark.org/review/30831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Thu, 29 Nov 2018 09:48:46 +0000 (10:48 +0100)]
Add sip_call_id filter to RTP stream.
Change-Id: Ia525fa74457eef03a3a8bc85905036c19693cfbb
Reviewed-on: https://code.wireshark.org/review/30830
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 27 Nov 2018 17:18:57 +0000 (18:18 +0100)]
Win32: change DLL search path to accomodate extcap and Npcap
Extcap executables require libwsutil.dll from the program directory.
These were loaded by setting the PATH environment variable, but this
is not thread-safe (and caused sporadic tests failures as a result).
Use SetDllDirectory instead, this also prevents loading DLL files
from arbitrary directories in PATH.
To make this work, the search logic for Npcap has to be modified to
avoid relying on SetDllDirectory. This implies that Npcap cannot be
used on Windows 7 anymore until KB2533623 (July 2011) is applied.
Change-Id: I3fc42ff76e75ae162b6dd31103451fb8f71c09e6
Reviewed-on: https://code.wireshark.org/review/30804
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bruno Verstuyft [Wed, 28 Nov 2018 13:27:23 +0000 (14:27 +0100)]
DOCSIS: Added Downstream Resequencing TLV (25.17)
Change-Id: I496130e8abf6fe9996d886cd8ad7231005edf91a
Reviewed-on: https://code.wireshark.org/review/30822
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Fri, 23 Nov 2018 20:39:51 +0000 (20:39 +0000)]
CMake: Change some install() paths to match NSIS package
Currently our Windows code looks for data files in the same
folder as the binary executable (presumably to make the
application relocatable, although it should be possible
to improve this with relative paths?).
Ping-Bug: 15301
Change-Id: I0fef4e87dc9d1d8edef81dd11755761fddd0fd12
Reviewed-on: https://code.wireshark.org/review/30819
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Fri, 23 Nov 2018 20:39:42 +0000 (20:39 +0000)]
CMake: Enable install target on Windows (missing DLLs)
Ping-Bug: 15301
Change-Id: I3146f43bcbae1abe566d96c8e9196019931474e2
Reviewed-on: https://code.wireshark.org/review/30818
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Tue, 27 Nov 2018 19:37:33 +0000 (19:37 +0000)]
CMake: Fix some transitive link dependencies
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
Gerald Combs [Tue, 27 Nov 2018 21:38:10 +0000 (13:38 -0800)]
IxVeriWave: Fix a buffer boundary.
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Tue, 27 Nov 2018 18:04:31 +0000 (10:04 -0800)]
Fixup the "No Reassembly" profile.
Fix the pattern match in make-no-reassembly-profile.py. Have it only
write changed preferences.
Change-Id: I14f23a56f9ec598930591fae9eac2f14747c55bb
Reviewed-on: https://code.wireshark.org/review/30805
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Tue, 27 Nov 2018 20:23:31 +0000 (12:23 -0800)]
pvfs2: Add a pointer check.
Make sure a pointer isn't NULL before trying to dereference it.
Bug: 15280
Change-Id: If2686940a0347154d9a59f5e2141511e7e1f49a4
Reviewed-on: https://code.wireshark.org/review/30807
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Tue, 27 Nov 2018 20:06:47 +0000 (12:06 -0800)]
ZigBee ZCL: Fix a divide-by-zero.
Fix a divide-by-zero in decode_color_temperature.
Bug: 15281
Change-Id: I9460ffc85f6fe6b954c1810c3a80588c1aa4fec2
Reviewed-on: https://code.wireshark.org/review/30806
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bruno Verstuyft [Tue, 27 Nov 2018 15:09:13 +0000 (16:09 +0100)]
DOCSIS: Added Energy Management TLVs
Change-Id: I2b1f71a0adb2e16a2b03fdc2138024773b1d792e
Reviewed-on: https://code.wireshark.org/review/30802
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Tue, 27 Nov 2018 15:21:49 +0000 (16:21 +0100)]
TFTP: export object with correct tftp object data
Due to the lack of setting the size of the data objects,
the exported objects file contains junk data. Set the
actual size of the object data feed to the tap.
Patch originally from Darius Davis <darius@vmware.com>
Bug: 15304
Change-Id: I020a9f010e97f960e8a60b4c991acd0f678ec39c
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30803
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 26 Nov 2018 18:01:42 +0000 (10:01 -0800)]
Test: Look up our encoding name before checking it.
Resolve our output encoding name to something that's hopefully the same
on all platforms so that we don't print
Warning: Output encoding is utf-8 and not UTF-8.
on Windows.
Change-Id: I9c7703eac6e12f5a95f701e8a9bea7d17a513fef
Reviewed-on: https://code.wireshark.org/review/30795
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 26 Nov 2018 21:55:32 +0000 (13:55 -0800)]
Dumpcap: Adjust pcapng headers when we write them.
When we capture from multiple interfaces, we won't necessarily write our
IDBs in the same order we read them. This means that we need to call
pcapng_adjust_block when we write packets, not when we read them.
Otherwise we might map a given capture source's local interface number
to the wrong global IDB entry.
Bug: 15311
Change-Id: Ia787d7f167dcd18d432020a715e2321f4060b851
Reviewed-on: https://code.wireshark.org/review/30798
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Tue, 27 Nov 2018 00:27:38 +0000 (16:27 -0800)]
Add a "No Reassembly" profile.
Add a script that disables all of our desegmentation and reassembly
preferences and use it to create a "No Reassembly" profile.
Change-Id: Icd0b72e9e271a511e637acde9018f3aae018e589
Reviewed-on: https://code.wireshark.org/review/30799
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Kaiser [Sun, 25 Nov 2018 14:38:26 +0000 (15:38 +0100)]
nl80211: display interface name as a string
The attribute value of the ifname attribute is a 0-terminated string that
contains the interface name. Add an hf variable for this name and
display it as a string.
Change-Id: I0bd4caae49274f3e471a6eefb210db8d56f020f7
Reviewed-on: https://code.wireshark.org/review/30789
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Kaiser [Sun, 25 Nov 2018 18:00:33 +0000 (19:00 +0100)]
test: lua: add a test for invalid ethernet address
Wslua converts an invalid ethernet address to all 0's. Add a test for
this case.
Change-Id: I59bd1f9e0b94805c563fe891b22cadd32ae054d8
Reviewed-on: https://code.wireshark.org/review/30791
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Mon, 26 Nov 2018 12:34:57 +0000 (13:34 +0100)]
nl80211: update fields to Linux v4.20-rc4
Fix `tools/generate-nl80211-fields.py --update` to match the output from
v2.9.0rc0-1896-g43134ae252 ("netlink-*: fix various VALS/TFS misuse").
Update to match nl80211.h from Linux
v4.19-rc6-1865-g0d4e14a32dca.
Change-Id: I101146867a62f2f881752c42229a218c12d6dda7
Reviewed-on: https://code.wireshark.org/review/30794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Mon, 26 Nov 2018 20:27:55 +0000 (21:27 +0100)]
BGP: Fix dissection of MCAST-VPN NLRI
Due to a incorrect check the details of MCAST-VPN NLRI were
never dissected. Also the Originating Router's IP Addr of a
S-PMSI A-D Route was not dissected.
Bug: 15307
Change-Id: Ic7481ed034e4cbf0dcab4aa150f05da2f5aac508
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30796
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Sun, 25 Nov 2018 10:35:41 +0000 (11:35 +0100)]
PCAP: Add expert info to too long frames
When frame data exceeds the snap length given in the PCAP file header,
add an expert item warning of this inconsistency.
Change-Id: I700fd987320d7505aee33158895ba32ec2b480f6
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30788
Tested-by: Petri Dish Buildbot
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Fri, 23 Nov 2018 13:57:14 +0000 (23:57 +1000)]
TFTP: Repair block numbers truncated at 16 bits.
The TFTP protocol uses 16-bit block numbers. After block 65535, the block
number simply wraps back to zero. This change implements recovery of the bits
lost from the upper end of the block number, allowing for correct tracking of
block numbers in large TFTP transfers. The resulting "Full Block Number" is
added to the TFTP tree, marked as GENERATED; The "Full Block Number" is now
used in all places which previously received the truncated 16-bit block number.
An expert note is added when the block number at the protocol level is about to
wrap around to zero.
I chose to use 32 bits for the block numbers... even with the absolute-minimum
blocksize (8 bytes), that allows for 32 GByte files to be correctly handled;
With a more reasonable blocksize, it theoretically allows for files on the
order of terabytes.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including the transfer of a large file
(115,836 blocks of 1,456 bytes each). Observed that the packet info shows
untruncated block numbers where previously the displayed block numbers would
wrap back to zero after block number 65,535. Constructed a few packet
captures with bizarre sequences of block numbers, and observed that they
were dissected as expected. Checked that a display filter for "tftp.block"
and "tftp.block.full" worked as expected.
Bug: 15305
Change-Id: Ic72ca49c975b1db76e8c5653e64e2a7c34eede5d
Reviewed-on: https://code.wireshark.org/review/30775
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Mon, 26 Nov 2018 02:08:59 +0000 (02:08 +0000)]
CMake: Fix runtime destination for our libraries
Ping-Bug: 15301
Change-Id: I7d461c696ce096b7687f71277a33295eb43ff8fc
Reviewed-on: https://code.wireshark.org/review/30792
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Martin Kaiser [Sun, 25 Nov 2018 15:21:22 +0000 (16:21 +0100)]
test: lua: (trivial) fix indentation
Replace a TAB with spaces.
Change-Id: I3d5c79af4116614ef78dd8a71eb42e93875c0637
Reviewed-on: https://code.wireshark.org/review/30790
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Gerald Combs [Sun, 25 Nov 2018 08:23:42 +0000 (08:23 +0000)]
[Automatic update for 2018-11-25]
Update manuf, services enterprise numbers, translations, and other items.
Change-Id: I4dbb483a58c10480b30da38ba234707344671222
Reviewed-on: https://code.wireshark.org/review/30785
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Joerg Mayer [Sat, 24 Nov 2018 18:34:07 +0000 (19:34 +0100)]
packet-icmp.c: Add some unused fields and fix a logic error
- Adding rfc4884 support failed to properly add the unused fields if
no length field was present.
- The was a logic error when both length and MTU size were present.
- reformat the lines in that section to no longer adhere to 80 columns
Change-Id: I3bcca25cc7d5e866a040c5c6a8011144ebc3370e
Reviewed-on: https://code.wireshark.org/review/30781
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allan Møller Madsen [Sat, 24 Nov 2018 16:05:11 +0000 (17:05 +0100)]
Set direction correctly for Bluetooth H1 packets
Fixes a bug where the packet direction was reversed
for WTAP_ENCAP_BLUETOOTH_HCI (aka raw HCI or H1).
Change-Id: I2f404ed543062818ac6a8c6ca58d5ecfd7644bc8
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/30778
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Nikolay Kovtun [Fri, 23 Nov 2018 14:13:42 +0000 (17:13 +0300)]
[zigbee] add Daily Schedule (0x070d) cluster dissectors
Change-Id: I99b9b517ed534e4b9b7a148d384c55406174d024
Reviewed-on: https://code.wireshark.org/review/30771
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Sat, 24 Nov 2018 14:20:22 +0000 (15:20 +0100)]
ws_pipe_spawn_*: fix deadlock in g_spawn on Linux with threads
The deadlock can be observed with a slow malloc implementation, e.g.
ASAN_OPTIONS=fast_unwind_on_malloc=0 tshark --version
(This calls extcap_run_all which uses threads and ws_pipe_spawn_sync.)
Change-Id: Iff329c465c53ed177980368cd645f59222f88dd3
Reviewed-on: https://code.wireshark.org/review/30777
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 23 Nov 2018 17:15:09 +0000 (18:15 +0100)]
extcap: run --extcap-config in parallel to reduce startup time
While --extcap-interfaces is now run in parallel, --extcap-config (for
each discovered interface) would only run sequentially after that. Make
sure that the latter command also fully parallel and do not wait for all
extcap interfaces to be discovered first.
This saves another 80ms startup time on Linux (unoptimized ASAN+Debug).
Change-Id: I303fd8fda647b304d5bdaf048a3d1628ec9e02b4
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/30773
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Joakim Karlsson [Fri, 23 Nov 2018 17:00:03 +0000 (18:00 +0100)]
diameter: remove message length limiter
RFC 6733, ch3. specifies message length field as three octets and indicates the
length of the Diameter message including headers and padding.
Change-Id: I73694a085bbafb3ae280e02fa4c9e26868b31f76
Reviewed-on: https://code.wireshark.org/review/30772
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Fri, 23 Nov 2018 20:39:43 +0000 (20:39 +0000)]
CMake: Workaround for broken install target on Windows (help)
The installation step cannot depend on CMAKE_CFG_INTDIR.
This step is executed in a cmake script without the build
tool so variables like $(Configuration) of Visual Studio
don't get substituted, breaking the installation.
Ping-Bug: 15301
Change-Id: Idc0c48b6dc440ad1d9b2d6a2824cc89190997b60
Reviewed-on: https://code.wireshark.org/review/30784
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Sat, 24 Nov 2018 20:57:37 +0000 (20:57 +0000)]
Remove a stale FIXME
While at it prefer to use add_definitions() instead of config.h. This
puts all definitions in the same place and limits the scope to the
respective wsutil API.
Change-Id: Idc30914220b876865e0ae47709e6f17eb9b0fc2c
Reviewed-on: https://code.wireshark.org/review/30782
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Fri, 23 Nov 2018 20:39:48 +0000 (20:39 +0000)]
Install development headers on all platforms
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Fri, 23 Nov 2018 20:39:50 +0000 (20:39 +0000)]
plugins.example: Fix build on Windows
Change-Id: I30798a697bc14076cc3bd9e224714a6a3567046b
Reviewed-on: https://code.wireshark.org/review/30774
Reviewed-by: João Valverde <j@v6e.pt>
Jaap Keuter [Fri, 23 Nov 2018 13:21:42 +0000 (14:21 +0100)]
text2pcap: cleanup type usage
The glib gboolean and integer types are used interchangably,
while a proper use is easily achievable.
While at it, replace the duplicate definition of the IPv4 source
and destination addresses (endian sensitive).
Change-Id: I5378544f370dc41962eb6303ddeeecb184db14f4
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30770
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Wed, 21 Nov 2018 11:38:25 +0000 (21:38 +1000)]
TFTP: Improve dissection of ERROR packets.
Instead of annotating every TFTP ERROR packet as "TFTP blocksize out of range",
let's flag them as TFTP error packets using their own expert info type.
Let's also try to figure out whether an ERROR packet represents a "close"
operation after a transfer-size ("tsize") query. Such ERROR packets aren't
really errors, so we can use a separate expert info type to report those with
lower severity.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of
TFTP packet captures in the GUI, including tsize probes and real errors
(file not found, permission denied). From the menu, chose Analyze > Expert
Information, and saw the tsize probes listed together at "Chat" severity,
and actual errors reported at "Warning" severity, all appropriately labeled.
Change-Id: I5605ce00559264ed94a47435c8f6d253f143fefb
Reviewed-on: https://code.wireshark.org/review/30760
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ismaelrti [Wed, 21 Nov 2018 14:35:33 +0000 (15:35 +0100)]
RTPS: Extra fields dissected in RTI DDS field PID_TYPE_CONSISTENCY.
In RTI Connext DDS 5.3.3 and later PID_TYPE_CONSISTENCY has six
new fields: Ignore Sequence Bounds, Ignore String Bounds,
Ignore Member Names, Prevent Type Widening, Force Type Validation,
Ignore Enum Literal Names.
Change-Id: I456097a3baf733351dcb86f2cba0a3f03d2fc100
Reviewed-on: https://code.wireshark.org/review/30753
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ismaelrti [Wed, 21 Nov 2018 18:05:56 +0000 (19:05 +0100)]
RTPS: Topic Information Feature used with APP_ACK and APP_ACK_CONF
packets.
Topic Information Feature used to link packets belonging to the same
topic now is used in APP_ACK and APP_ACK_CONF packets.
Change-Id: Ib4e1dd4dfed41962bc76e8600a1213247a3bf588
Reviewed-on: https://code.wireshark.org/review/30752
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 22 Nov 2018 20:03:18 +0000 (21:03 +0100)]
addr_resolv: fix crashes in parse_ether_address_fast
When no mask is allowed, reject addresses like "aa:bb:cc:...".
Fix the type of 'cp' to avoid reading from a negative array index.
Fix parsing, a nibble is four bits, not eight.
Bug: 15297
Change-Id: Ibb0d0c17005b1e6213c09092e4b3c888a9024304
Fixes: v2.9.0rc0-2629-g3bb32ede26 ("addr_resolv: add fast path for parsing addresses from manuf")
Reviewed-on: https://code.wireshark.org/review/30768
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter [Thu, 22 Nov 2018 19:52:09 +0000 (20:52 +0100)]
text2pcap: make ethernet dummy header direction aware
When giving the command line option '-D' and having 'I' and 'O' markers in
the hexdump to import the IP addresses are adjusted, transport layer ports
are adjusted, the TCP window information is adjusted, but still the frames
originate from the same interface and go to the other interface.
This changes makes it so that the Ethernet destination and source address
is also adjusted with the direction indicated, to match the other adjusted
addressing used.
Bug: 15287
Change-Id: I762f195ece206ed14e6bca1c1160055df7c4dac1
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30767
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Thu, 22 Nov 2018 18:22:39 +0000 (10:22 -0800)]
systemd Journal: More UTF-8 fixes.
Display string fields as Unicode. Add more missing fields.
Change-Id: I55f878ace7ccd6a66e3bac1e3fd2e388045ae3d8
Reviewed-on: https://code.wireshark.org/review/30765
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 22 Nov 2018 18:25:13 +0000 (19:25 +0100)]
extcap: discover interfaces in a parallel
Split interface discovery in three stages: discover available programs
(extcap_get_extcap_paths), obtain outputs for each (extcap_run_all) and
processing of the output (process_new_extcap). The second step is most
expensive, do it in parallel in multiple threads.
extcap_foreach used to call extcap_if_exists, but as "cb_info.ifname" is
always NULL for interface discovery, it would always pass. Remove this
check and all other unused functions.
This saves 100ms startup time on Linux with 7 extcap tools.
Change-Id: I511e491d3b23c0a7f2fe2447842e87a9bd75adbe
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/30766
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 22 Nov 2018 16:16:55 +0000 (17:16 +0100)]
extcap: simplify execution of single extcap programs
extcap_foreach has two purposes: discovery of all interfaces for each
tool and querying info for an extcap interface. Observe that the latter
requires extcap_if_exists(ifname) to be true. This makes extcap_foreach
match exactly one interface, so we can avoid some complexity.
Change-Id: I1842f50aa19553608ee5f2bb7bd8d94bba9629f2
Reviewed-on: https://code.wireshark.org/review/30764
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Thu, 22 Nov 2018 15:45:41 +0000 (16:45 +0100)]
ws_pipe_spawn_sync: mark arguments as const where possible
This avoids an unnecessary explicit cast. For clarity, rename the
working directory argument to match g_spawn_sync.
Change-Id: Idf7072cd590e686294d953f77da2a52c861a89c0
Reviewed-on: https://code.wireshark.org/review/30763
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Thu, 22 Nov 2018 16:15:19 +0000 (17:15 +0100)]
ieee1609dot2: Call the j2735 dissector if it exists.
Change-Id: I80155d67e88f4f31ea688ed27d8eb5ab122a65e4
Reviewed-on: https://code.wireshark.org/review/30762
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Thu, 22 Nov 2018 16:10:07 +0000 (17:10 +0100)]
oer: Octet string, value tvb was not returned in all cases if requested.
Change-Id: I57b8e4cb2dc4f16bee653872c3a71cbd09953107
Reviewed-on: https://code.wireshark.org/review/30761
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Thu, 22 Nov 2018 10:29:03 +0000 (11:29 +0100)]
ws_pipe_spawn_sync: debug log elapsed time
Tested with `G_MESSAGES_DEBUG=all tshark --version`.
Change-Id: Iae525b9de197f012c21693a91155f931d4dcc1f7
Ping-Bug: 15295
Reviewed-on: https://code.wireshark.org/review/30759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Wed, 21 Nov 2018 20:08:02 +0000 (21:08 +0100)]
addr_resolv: add fast path for parsing addresses from manuf
The manuf file is large but has a consistent format (25.7k entries with
three octets, 9.8k entries with a mask). Add a fast path for this file
that is 20% faster (saves 20ms on an unoptimized Debug+ASAN build).
Change-Id: Ida509b0305caf4e26131dc5cf5fb04c49392ad4b
Reviewed-on: https://code.wireshark.org/review/30757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Wed, 21 Nov 2018 23:22:02 +0000 (09:22 +1000)]
TFTP: De-duplicate tftp_info structure creation.
Cleanup to unify the two distinct places where tftp_info was identically created
and initialized. While we're here, remove two unnecessary initializers of
'conversation'. Behavior should be unchanged.
Testing Done: On macOS 10.12.6, built Wireshark, and examined a handful of TFTP
packet captures in the GUI.
Change-Id: I9702a3dbeea357ec903166144918a71abc742846
Reviewed-on: https://code.wireshark.org/review/30758
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Peter Wu [Wed, 21 Nov 2018 16:08:18 +0000 (17:08 +0100)]
addr_resolv: avoid unnecessary memory allocation for hash tables
The key for the manuf table is 24 bits of the ether addr while the key
for services table needs is a 16 bit port. Store this value directly,
saving some memory and improving startup time by a tiny bit.
Likewise for ipxnet_hash_table and vlan_hash_table. These tables seem
unused though, perhaps it should be removed.
Change-Id: Ide9ffad8e2c9af24afa82adb2e009f32a5f43d38
Reviewed-on: https://code.wireshark.org/review/30756
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Peter Wu [Wed, 21 Nov 2018 15:29:30 +0000 (16:29 +0100)]
addr_resolv: speed up reading manuf, services, etc.
An unoptimized, Debug+ASAN `tshark --version` takes about 1 second. 17%
of the cycles are spent in addr_resolv_init and 7% within fgetline. Use
fgets instead, now fgetline only costs ~0.5% (11% for addr_resolv_init).
This limits the line length to 1K which should more than be sufficient
for all involved files (longest lines: manuf 154, services 222).
Change-Id: I8fe4dff317beaa2926c4106909b10898bcd35f21
Reviewed-on: https://code.wireshark.org/review/30755
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Jaap Keuter [Wed, 21 Nov 2018 18:36:18 +0000 (19:36 +0100)]
Update text2pcap documentation
Various parts of the text2pcap documentation need some fixing up.
This change brings them back in line and up to date with current
features.
Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30754
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Uli Heilmeier [Wed, 21 Nov 2018 10:26:00 +0000 (11:26 +0100)]
PGSQL: Enhance protocol version handling
Displaying version used by client.
Adding NegotiateProtocolVersion message.
Ref: https://www.postgresql.org/docs/current/protocol-message-formats.html
Change-Id: Ia27af60e7f06b097d7f35002c905f2f2c807f3e0
Reviewed-on: https://code.wireshark.org/review/30751
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexander Koeppe [Mon, 19 Nov 2018 21:01:53 +0000 (22:01 +0100)]
HTTP2: fix field length for the SETTINGS frame
Change-Id: Ie900a70477a21b82650e6504d3b2f175f20c7caa
Reviewed-on: https://code.wireshark.org/review/30725
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Jason Cohen [Tue, 20 Nov 2018 22:23:09 +0000 (16:23 -0600)]
Fix reassembly of larger TACACS+ accounting messages
Since TACACS+ is TCP only, switched to tcp_dissect_pdus
Bug: 15293
Change-Id: I8cee8a1f474ae866c59f94ec8ecbd412e5189e89
Reviewed-on: https://code.wireshark.org/review/30748
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 20 Nov 2018 15:27:56 +0000 (16:27 +0100)]
test: extend sharkd tests to cover all requests
All request types have a corresponding test_sharkd_req_* test names
which tests the current (documented) behavior. The frame and download
tests are not very comprehensive though, but it's better than nothing.
(The original test_sharkd_hello_dhcp_pcap test is replaced by
test_sharkd_req_status and test_sharkd_req_frames, although the latter
does not literally check for the "DHCP" column anymore.)
Change-Id: Ic39b954fc50065345ac46e96a7057b7aba2a09e3
Reviewed-on: https://code.wireshark.org/review/30743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 20 Nov 2018 15:22:46 +0000 (16:22 +0100)]
sharkd: update documentation for some requests to match reality
Align comments and add two fixup notes while at it.
Change-Id: I977c1a6e55712414f7af042cb215bac49926a019
Reviewed-on: https://code.wireshark.org/review/30742
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Uli Heilmeier [Mon, 19 Nov 2018 20:17:19 +0000 (21:17 +0100)]
PGSQL: Dissect SASL auth
Dissecting SASL and GSSAPI/SSPI authentication data
Ref: https://www.postgresql.org/docs/10/protocol-message-formats.html
Bug: 15286
Change-Id: I19fc18da105490bf053ce9ab39164fb345577266
Reviewed-on: https://code.wireshark.org/review/30723
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Joerg Mayer [Mon, 19 Nov 2018 10:08:12 +0000 (11:08 +0100)]
packet-f5ethtrailer.c: "Decode" Platform identifiers
Add a new line that explains the Platform ID, e.g. "Z101: vCMP Guest"
Also: Include the terminating zero bytes of STRINGZ values in the highlighting.
Change-Id: I6b79af708816c5c2b45d1c50d9a3587f46906018
Reviewed-on: https://code.wireshark.org/review/30724
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Sun, 18 Nov 2018 23:55:01 +0000 (15:55 -0800)]
systemd Journal: Strings are UTF-8.
systemd Journal Export text fields are UTF-8. Use tvb_get_string_enc
instead of tvb_format_text. Use col_add_str to add packet-scoped strings.
Change-Id: I01d8d9127e6baf2f9c27d1e4a66071ec6173f181
Reviewed-on: https://code.wireshark.org/review/30708
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dylan Ulis [Mon, 19 Nov 2018 23:11:06 +0000 (18:11 -0500)]
CIP Safety: Multiple services off by 1
The following CIP Safety Supervisor services skipped processing the first byte:
Safety Reset
Configuration Lock
Mode Change
Change-Id: I90e411ced410f9924565d50c8d6bf44e92859e2c
Reviewed-on: https://code.wireshark.org/review/30728
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 16 Nov 2018 12:21:04 +0000 (13:21 +0100)]
tools/validate-commit.py: enforce short summary followed by blank line
To keep git logs readable, enforce a short summary line. Strive for 80
characters, reject everything past 120. Descriptions should also stay
under 80 characters, but as error messages and links to protocol
specifications can be quite long, do not check the description.
Change-Id: Ife46b9ef6330aab015fc4ee5cc774a8ef6b9ad4e
Reviewed-on: https://code.wireshark.org/review/30667
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Fri, 12 Oct 2018 05:59:00 +0000 (05:59 +0000)]
.mailmap: update of October (2018)
Change-Id: If5b62b6fed937b0e607eb8c9dcd982c12d0eba87
Reviewed-on: https://code.wireshark.org/review/30139
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Kenneth Soerensen [Tue, 20 Nov 2018 13:27:03 +0000 (14:27 +0100)]
ZigBee: Change time format to be consistent within ZigBee Smart Energy
Change-Id: I9e906afa46f4aebf115fd1eb15631032b5562389
Reviewed-on: https://code.wireshark.org/review/30741
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Martin Boye Petersen <martinboyepetersen@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Tue, 20 Nov 2018 18:26:39 +0000 (10:26 -0800)]
Fix expert info message for wrong option length.
Bug: 15290
Change-Id: Id5b4f6a899fea542f5d50e8be991d7cca623fd46
Reviewed-on: https://code.wireshark.org/review/30744
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Jaap Keuter [Thu, 1 Nov 2018 16:20:47 +0000 (17:20 +0100)]
Allow trace of sync spawns
When Wireshark uses a synchronous spawn (e.g., to launch an extcap)
it would be nice to be able to see what command line is constructed
to launch the process, and to see what comes back. The output will
go to the g_log.
Change-Id: Iec6baeebc026cd80398084c9644fc916ab068e2f
Reviewed-on: https://code.wireshark.org/review/30475
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Bruno Verstuyft [Tue, 20 Nov 2018 10:19:36 +0000 (11:19 +0100)]
XRA: Bugfix in ncp_profile_select
Change-Id: Id27900767c25a0b1e5b8cd3056062610e1a5ce72
Reviewed-on: https://code.wireshark.org/review/30738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Anders Broman [Mon, 19 Nov 2018 14:35:06 +0000 (15:35 +0100)]
nettrace: Put address parsing in a separate routine.
Change-Id: Ia223585986c6c8ad51fba36aa16c5780fc372f70
Reviewed-on: https://code.wireshark.org/review/30714
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 19 Nov 2018 16:40:08 +0000 (08:40 -0800)]
Test: Fix some dumpcap section checks and skip one.
In check_dumpcap_pcapng_sections, append a copy of our check_val dict so
that we properly check our first file.
Skip IDB checks when we have multiple interfaces. Dumpcap creates a
separate thread for each interface when the interface count is > 1,
which means that we can't guarantee that we will always read and write
everything in the same order.
Change-Id: Ie458f31e0e901db2b538e9826a136dbe89167bcf
Reviewed-on: https://code.wireshark.org/review/30718
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stig Bjørlykke [Tue, 20 Nov 2018 09:25:39 +0000 (10:25 +0100)]
file-pcapng: Fix name for Secrets Length
Change-Id: Ie5ab30f0c667a9068d6aa1c18c519524b7ade140
Reviewed-on: https://code.wireshark.org/review/30737
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
git.samba.org / metze / wireshark / wip.git / log