git.samba.org - gd/wireshark/.git/log

kafka: don't use an empty tvb list.

Bug: 16242
Change-Id: I1a7cfa504d46cab681c7803227102cafcda519fa
Reviewed-on: https://code.wireshark.org/review/35277
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

Restrict allowed characters in "short name" of heuristic_protos

This is done to limit parsing errors.
Update documentation of function parameters to remove confusion with dissectors.

Bug: 16106
Change-Id: I6b2cd0badaaf6217fb80bdc411a86cad5e6b07ca
Reviewed-on: https://code.wireshark.org/review/35267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

[Automatic update for 2019-12-01]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I3baf4cf43786b1680c02514f10c526cf8dca8536
Reviewed-on: https://code.wireshark.org/review/35269
Reviewed-by: Gerald Combs <gerald@wireshark.org>

expert.h: Reorder includes

More quickly includes glib.h which is required

Bug: 16083
Change-Id: Ib25877d0f9d5d9fa39ad4ac5b8991b6666fbe234
Reviewed-on: https://code.wireshark.org/review/35268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

IEEE 1609.2 dissector issue when HeaderInfo.generationLocation field is present

Bug: 16139
Change-Id: Ie5ad0025730257807b590f7ff9ac275ba27cce9e
Reviewed-on: https://code.wireshark.org/review/35266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet-mms.c: Sync ASN.1 generated dissector

Change-Id: Ibee2c6d120978bc87bc26b6237259e285f0e2f08
Reviewed-on: https://code.wireshark.org/review/35265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Documentation: update (long) cmd line options

Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.

Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

ieee1722: use payload_length only when it's valid.

Bug: 16241
Change-Id: If9e08fef649830dfed48a53d2d1cad983b7ca090
Reviewed-on: https://code.wireshark.org/review/35263
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

couchbase: Update dissector for latest 6.5.0 DCP snapshot marker

Decode the v1/v2.0 formats which are relevant for the upcoming
6.5.0 release.

Change-Id: Ie726f1ebd2457f6a36b096a0cd0bed9c94f713df
Reviewed-on: https://code.wireshark.org/review/35251
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

GPRS RLC/MAC: Describe CHANNEL_CODING_COMMAND value

Old representation was confusing because for instance it printed:
10.. .... = CHANNEL_CODING_COMMAND: 2

But 2 actually is CS-3.

Change-Id: Ie875a94297c0d154d7222f12115068876520c47a
Reviewed-on: https://code.wireshark.org/review/35259
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

couchbase: update dissector with missing collection error codes

Change-Id: I17a693ebfb09384892febb4139942fea756a50f2
Reviewed-on: https://code.wireshark.org/review/35250
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add support for first frames with CAN-FD

In the case CAN-FD is used as a transport, the header of ISO15765
changes for first frames (ISO 15765-2:2015). This patch uses the
introduced `struct can_info` to access the relevant metadata of the
underlying CAN frame. Dissection is chosen accordingly.

Ressources:

* https://www.can-cia.org/fileadmin/resources/documents/proceedings/2015_hartkopp.pdf
* http://s3.eu-central-1.amazonaws.com/cancia-de/documents/proceedings/slides/hartkopp_slides_15icc.pdf
* https://github.com/linux-can/can-utils/commit/8150e21a1129c4b822d73186cd63e0e9fbf4c32d

Change-Id: I248acacab62b51659efaed400b828ac0bb9e3c55
Reviewed-on: https://code.wireshark.org/review/35247
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RTCP:MCPTT fix while loop and location info.

Change-Id: I3b08837246bb646204eb83cdca4828a2839d6ea6
Reviewed-on: https://code.wireshark.org/review/35254
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: make all examples use 64bit architecture.

The WSDG is a mix of references to 32 and 64 architectures. Use 64
in more places.

Change-Id: Ifb4b3189912268808cfe8fdb5119f2177c815163
Reviewed-on: https://code.wireshark.org/review/35248
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Remove a couple of private variables.

ByteViewText and ProtoTree only use mono_font_ in setMonospaceFont, so
there's not much use in declaring it private in each case.

Change-Id: I3ad986052f6e013988ce851420f7f6e7b47b7ea8
Reviewed-on: https://code.wireshark.org/review/35255
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Change struct can_identifier to can_info

The can specific data structure `struct can_identifier` is used as
supplementary data for higher level dissectors. This patch adds more
data to this struct and renames it accordingly to `struct can_info`.

More supplementary data is needed in order to dissect iso15765
correctly, since the header format depends on details on the underlying
CAN protocol (CAN 2.0B vs CAN-FD).

Change-Id: Id068cf38453f98b67a5ec470a22e7013548c5a14
Reviewed-on: https://code.wireshark.org/review/35246
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

doc: add reordercap to editcap references.

Ping-Bug: 16231
Change-Id: Id4fb9bab7230561e64fcdc49c02bcb2016ed23e7
Reviewed-on: https://code.wireshark.org/review/35249
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Remove unneeded method

This is no longer needed, as it is handled by setMonospaceFont

Change-Id: I9834bcd1a188cd6f1cb8ad1abe568a9a50d831bc
Reviewed-on: https://code.wireshark.org/review/35253
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: fix erratic expansion of tree item when switching packets

ProtoTree::setRootNode() is designed to update the model with the new
packet tree, and additionally expand tree items in its view. When the
current selected packet is changed, it must use this method to ensure
that collapsed trees are properly expanded. Fix this regression.

It was not entirely clear that framesSelected can no longer use previous
state, so document it explicitly. Remove the call to QTreeView::reset(),
it ends up calling QAbstractItemView::reset() which touches the
selection model that refers invalidated proto_node memory. The reset
function of the view is automatically called the model is reset, so the
call was not needed anyway.

Test: open test/captures/tls13-rfc8446.pcap, expand TLS, TLS Record, and
select "Content Type". Change from frame 1 to 2, and then 3. Observe
that the expanded state remains constant with no flickering. In frame 3,
observe that the tree remains expanded even if no item is selected.

Change-Id: I0c820711f1a62aa51ac100f8ac5c89265c51eb18
Fixes: v3.3.0rc0-6-gcfee0f8082 ("Qt: Remove frameSelect signal")
Reviewed-on: https://code.wireshark.org/review/35230
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

BGP: Add D-PATH Attribute

Add D-PATH Attribute as described in
draft-rabadan-sajassi-bess-evpn-ipvpn-interworking

Bug: 16238
Change-Id: If40699304fca1409a195b83075dd40c6769c2df4
Reviewed-on: https://code.wireshark.org/review/35223
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

TLS: support Facebook's TLS 1.3 draft 23 and 26 versions

Verified with fizz-tls13-draft-23-26-rfc8446-dsb.pcapng from the bug.
Decryption of early data, handshake and application data for almost all
versions (draft 23, draft 26, RFC 8446) is working. Only early data
decryption for draft 23 fails because the draft version is not yet set
during trial decryption before the Server Hello is received. That is
such a rare case however, do not bother fixing that.

Bug: 16175
Change-Id: Ie9046bf3f04c40b9c8fa2128f06844d2e7bd3e6d
Reviewed-on: https://code.wireshark.org/review/35245
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

WireGuard: fix MAC1 computation for non-zero reserved case

Peer identification failed because the MAC1 value did not check out.
Fix the computation in case the reserved bytes are overwritten after the
original protocol has run.

Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f
Reviewed-on: https://code.wireshark.org/review/35219
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Qt: focus the correct field when switching packets

Instead of just visually marking a field after switching packets, make
sure that it is also focused such that arrow up/down keys select the
expected fields instead of the root node (the Frame layer).

Change-Id: Ic16462198fb2189496f0cceeb5a5e885673636d2
Reviewed-on: https://code.wireshark.org/review/35236
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Annnnnd fix another typo.

Change-Id: Ida3a64adf6507f00f18cb78a1635dad34893a621
Reviewed-on: https://code.wireshark.org/review/35231
Reviewed-by: Guy Harris <guy@alum.mit.edu>

docbook: put a space after PS prompts.

Change-Id: I7e55471b19a3dd526d1de1269062853a72e75dec
Reviewed-on: https://code.wireshark.org/review/35226
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

docbook: add warning about using an old version of Windows.

Change-Id: I537fbb26681555d0cd303d4b614bc016e935eb70
Reviewed-on: https://code.wireshark.org/review/35225
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

docbook: minor fixes.

Change-Id: I2de1f3df60847b011e7b93d12a0b73e581c4a9d7
Reviewed-on: https://code.wireshark.org/review/35222
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add short descriptions of the PHYs other than the legacy PHYs.

Put short descriptions after the amendment name, in parentheses.

Fix a typo in the 802.11d entry while we're at it.

Change-Id: I87d84678f30abe40c4b130cf0a9355bb5da99df4
Reviewed-on: https://code.wireshark.org/review/35229
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add entries for 802.11ad and 802.11ah PHY values.

Change-Id: Ib8c2f196af2bba32004a66a7b2414b493023edbb
Reviewed-on: https://code.wireshark.org/review/35228
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add more support for the 802.11ax PHY.

Set it as the PHY type if we see the HE field in a radiotap header, and
report that PHY type as "802.11ax" in the generic radio metadata
dissector.

Change-Id: I181d2717d82bdca73e04b6111b2483ca099d48bb
Ping-Bug: 13207
Reviewed-on: https://code.wireshark.org/review/35227
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

macOS: Switch ChmodBPF back from bash to sh.

The default shell in macOS 10.15 is zsh[1]. Bash appears to be included
for now, but it might be a good idea to start migrating away from it
just in case it's removed at some point in the future.

[1]https://support.apple.com/en-ca/HT208050

Change-Id: Ibe4338105d8fa1a590f84543489255ade71920d6
Reviewed-on: https://code.wireshark.org/review/35216
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

NGAP: dissect other variant of N2 SM Information (as found in 3GPP 29.502)

Change-Id: Ic928a8e06a685c8eea1c036fea1bbab46e9cdb11
Reviewed-on: https://code.wireshark.org/review/35218
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

HTTP: Add Too Early (425) HTTP Error code (RC8470)

Change-Id: Idbc67da75ad75803a01f17ae3ff6f8f677670db8
Reviewed-on: https://code.wireshark.org/review/35191
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

AVSP: Updating Arista vendor sepecific protocol dissection

Adding two more versions which are seen when UTC timestamping is used

Bug: 16226
Change-Id: I27f10f6df4595598d82257fe870de8ce95ecae64
Reviewed-on: https://code.wireshark.org/review/35185
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt+macOS: Add /Volumes to the file dialog sidebar.

/Volumes is hidden on macOS, which means that it doesn't show up in Qt's
non-native file dialog. Add a constructor to WiresharkFileDialog that
adds /Volumes to the file dialog sidebar. Make CaptureFileDialog and
ExportDissectionDialog subclasses of WiresharkFileDialog.

Bug: 13840
Change-Id: I4d7da3948b203eb11fb64fa056eb42a448edf914
Reviewed-on: https://code.wireshark.org/review/35201
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

WireGuard: support Decode As and non-zero reserved bytes

Recognize Cloudflare Warp traffic which may use non-zero bytes for load
balancing purposes. This is an extension of the WireGuard protocol, it
is not understood by official implementations which require the reserved
bytes field to be zero.

Change-Id: Iff789b538ab8477d8b5014302569264823d92358
Reviewed-on: https://code.wireshark.org/review/35215
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Correct 802.11ax Basic Trigger Preferred AC field decoding

The "Preferred AC" field in the "Trigger Dependent User Info"
subfield of the Basic Trigger frame uses the "ACI-to-AC encoding"
described in Table 9-136 of the 2016 IEEE 802.11 specification. The
802.11ax specification refers the reader to this table when describing
the "Preferred AC" field.

Change-Id: I81ca3280c2865bc87fc4a8ddb63b5e8f7255d414
Reviewed-on: https://code.wireshark.org/review/35190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

WSUG: Automatically update wireshark --help output

The update_tools_help CMake target is periodically run, but the output
of `wireshark -h` was previously not included.

Bug: 16166
Change-Id: Ib7aac89ff31d7b7c7033496b512d97bfbd727aaa
Reviewed-on: https://code.wireshark.org/review/35205
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

packet-gsm_ipa: Add #defines and names for more osmocom IPA extensions

The source / reference of this information is
http://git.osmocom.org/libosmocore/tree/include/osmocom/gsm/protocol/ipaccess.h

Change-Id: I32973e166a17ff2c31aa0419135ed3a27d3bd02e
Reviewed-on: https://code.wireshark.org/review/35187
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>

Qt: fix packet selection when modifiers are pressed

When the Conversation Shortcut (Ctrl-1) was pressed, the current packet
suddenly became deselected. Similarly for Go to First Packet (Ctrl-Home)
and Go To Next Packet (Ctrl-.).

Changing the selection mode to ExtendedSelection has as side-effect that
setCurrentIndex is affected by modifiers such as Ctrl and Shift. Since
Ctrl acts as a toggle, the current selection becomes empty and no
packets are selected. Fix this by explicitly requesting the selection to
be replaced.

Tested as follows:

1. wireshark -r test/captures/dhcp.pcap
2. Select packet 3.
3. Press Ctrl-1, Ctrl-2. (Colors change, the packet remains selected.)
4. Press Ctrl-Home, Ctrl-Down, Ctrl-.
5. Observe that the packet details list is populated.

Change-Id: I17f00e7fbc6e63ad52b6a0543fd850b473e506a2
Fixes: v3.1.1rc0-762-gb3f240dbf8 ("Qt: Multiselection in PacketList")
Reviewed-on: https://code.wireshark.org/review/35203
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Show all column types in context menu

Show all column types in the column context menu to improve usability
even more when show/hide columns. This is a follow-up to the improvement
to show custom column field names.

Change-Id: I0838c7ae6eec59960a0a70b485c372855e242dc0
Reviewed-on: https://code.wireshark.org/review/35206
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: prevent inline completion from happening for filters

Commit v3.1.0rc0-1170-ga854811c4a replaced the deprecated
`setAutoCompletion(false)` call by `setCompleter(0)`. However, the
former has as side-effect that it prevents setLineEdit from creating a
custom completer. setCompleter on the other hand had no effect since
there was no existing completer.

To fix the issue, remove the completer after it is set by setLineEdit.
This has no effect on the completer from CaptureFilterEdit and
DisplayFilterEdit instances since they override the completer from
QLineEdit. To avoid any confusion, SyntaxLineEdit::setCompleter (and
completer) should probably be renamed, these are not used by QComboBox
since it is not marked as virtual method.

Bug: 16132
Change-Id: Iad619122eddb43eb4963347982bf65dacd29629b
Fixes: v3.1.0rc0-1170-ga854811c4a ("Qt: fix more more Qt 5.13 deprecation warnings")
Reviewed-on: https://code.wireshark.org/review/35198
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>

ISAKMP: fix dissection of SA TEK payload for non IP address

Bug: 16229
Change-Id: I09220be32251b72ca5ef0475ce35b291ce3635c9
Reviewed-on: https://code.wireshark.org/review/35207
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

Qt: fix crash on Next/Previous Packet in Conversation without selection

Protect against a NULL edt pointer. That can occur when the packet
details view is empty, e.g. when no packet is selected.

Bug: 16228
Change-Id: Ie9621db4b84b504e4d9cee2add5004df2e383970
Reviewed-on: https://code.wireshark.org/review/35204
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

macOS: Use the correct path when building our app bundle.

Use the correct path to the Wireshark executable when finding
dependencies and adding debugging symbols.

Change-Id: Iefafa9d453ce60e77853f2d125769826b4d702c0
Reviewed-on: https://code.wireshark.org/review/35202
Reviewed-by: Gerald Combs <gerald@wireshark.org>

conversation.h: Whitespace fixes

Change-Id: Id8b0b352ac5fcfc7451663367ccea8fe4be86da9
Reviewed-on: https://code.wireshark.org/review/35200
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Update LACP Dissector

Add a FIXME wrt validation of DMAC

Change-Id: I4dac16ab18c32c6eac444bfc5db05d6be17dcf22
Reviewed-on: https://code.wireshark.org/review/35199
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Qt: fix display filter completion with few recent entries

If 1) the recent filters menu has less than 10 entries and 2) the cursor
position is not at the end of the filter, then completion would fail.
Additionally, pressing Enter on filters with syntax errors would also
end up being saved, unintentionally.

Fix these by disabling automatic addition of entries by Qt.

Change-Id: I612c6cb8f317beb5459919b5c65b837db6150d07
Reviewed-on: https://code.wireshark.org/review/35150
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

[Automatic update for 2019-11-24]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Ice92b8e00fdab9b0a3eccf817734cf08ea14fbe1
Reviewed-on: https://code.wireshark.org/review/35192
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Add c-ares to the required library list.

Although c-ares support was techically optional, it was either on by
default or required in all of our packaging. Go ahead and require it
globally. C-ares is widely available and synchronous name resolution can
easily result in a horrific user experience.

Change-Id: Id67c797316ed6b8a0ab5052e55a43a1b9e2a2464
Reviewed-on: https://code.wireshark.org/review/35188
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

tools: remove obsolete VS2015 deployment file

The xml deployment file for VS2015 is obsolete as we haven't
used that version for some time and the newer choco packages
for VS2017 & 2019 are simpler and supported.

Change-Id: I5bd29144d7a2f01a6f56147a51fbc51ce891e83c
Reviewed-on: https://code.wireshark.org/review/35189
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>

Qt: Refactor ExportObjectsDialog

Add the following features:

- search now operates live (enter text changes the list live)
- filter by content-types
- Preview certain content types directly from the dialog

Change-Id: If47b64d475dd3e77485a28e8443a3e139e9bd1a4
Reviewed-on: https://code.wireshark.org/review/35182
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: atag is an array of bytes, not pointers

The allocated buffer is unnecessarily large due to the array storing
pointers instead of bytes. This wastes memory but has no other bad
side-effects. It was not caught by the compiler because the users accept
void pointers. I only noticed it in the debugger.

Change-Id: I9690b5481289d17fed34512b6a32915c3a30d36b
Reviewed-on: https://code.wireshark.org/review/35184
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docs: fix up MS toolchain references

Updated the toolchain references to VS 2019,
removing mentions of 2015 & 2017.

Bug: 16211
Change-Id: Ic1607ac2c2713a5d324d40319c4e1be5365eb6f7
Reviewed-on: https://code.wireshark.org/review/35180
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

rtp_analysis_dialog.cpp: save any supported codec as .au

Change improves Wireshark ability to save rtp streams. It allows a user
to save any supported codec with 8 kHz rate. In real, it means G.711 and
G.729 for now.
There is no hardcoded codec limitation during save anymore. If code detects
unsupported codec or rate during save, it replaces samples with silence and
reports it. Therefore any added codec in future will be supported.

Note to RTP saving:
RTP streams (there can be up to two of them for save) can contain multiple
codecs in each direction - some of it can be supported and some
unsupported. What should be exported then?
Till my patch save do not run and a user received nothing even part of stream
was OK/encoded with supported codec.
Therefore I managed the code to start with export and do its best.
Unknown codec/part is replaced with silence and user is warned after
export. Therefore a user will get:
a) audio - when all codecs are supported (no warning)
b) mix audio/silence - when some codecs are supported (warning)
c) only silence - when no codec is supported (warning)

BTW same output user sees/gets in RTP player for years.

Change-Id: Id938d419f5841af46d2d2d3ddfaf1ec9a0235bcc
Reviewed-on: https://code.wireshark.org/review/35105
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Further cleanup goToPacket

Change-Id: Idf98deb3f7c34adff8e58ea243c63aa094234f46
Reviewed-on: https://code.wireshark.org/review/35181
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Fix nullpointer access

Due to changes with the frameSelect, this null pointer check
now fails or more on the point is more obvious. It was masked
previous

Change-Id: I11c3f3440e39742bce963d1ef8bdd27076baa700
Reviewed-on: https://code.wireshark.org/review/35177
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

coap: use correct OSCORE option type

The current implementation assumes a wrong OSCORE option type
"21". RFC 8613 was release in July 2019 and defines an OSCORE option
type of "9". See: https://tools.ietf.org/html/rfc8613#section-2

Change-Id: I5fea8dffc2d1586f891b2b3b9fa42183b138e0ab
Reviewed-on: https://code.wireshark.org/review/35163
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Remove frameSelect signal

As all frameSelect signals now transport a QList<int> of selected
frames, use this instead

Change-Id: I1888e45a4df997920aebde9706ca0ae803bdba03
Reviewed-on: https://code.wireshark.org/review/35176
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

NAS 5GS: fix for control plane service request identification

Change-Id: I1f2b6acd1bcaed003d021b110aafb2256bb7e62d
Reviewed-on: https://code.wireshark.org/review/35171
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

print: remove assert in get_field_data().

The check in the caller suggests this function can fail. The
assert should not be necessary, then.

Bug: 16218
Change-Id: Ic2186f3c51751db61436719bbf5bce609d364d40
Reviewed-on: https://code.wireshark.org/review/35162
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

WSUG: Avoid using multiple layers of replacements

Change-Id: I3fc56fc6b586e40bc1f81ba41e32e8a554c239d1
Reviewed-on: https://code.wireshark.org/review/35146
Reviewed-by: Anders Broman <a.broman58@gmail.com>

cppcheck: Exclude the doc directory.

Change-Id: I8d739c7cae7b1b5676cb04e7140d2dd81ebae1d3
Reviewed-on: https://code.wireshark.org/review/35168
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Remove a duplicate variable.

WiresharkDialog defines cap_file_, so there's no need to define it in
TrafficTableDialog.

Change-Id: I71e50da152de619fea71382400820990a05febc1
Reviewed-on: https://code.wireshark.org/review/35169
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

3.1.0 → 3.3.0.

Change-Id: Ia6217b00741f824b1f6805eb406408802dd5b5a8
Reviewed-on: https://code.wireshark.org/review/35167
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Release notes: Update the new protocol list.

Update the new protocol list and clarify our Qt versions.

Change-Id: If4d5e591b4419cc3171616825201375fdc5401aa
Reviewed-on: https://code.wireshark.org/review/35165
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Qt: Display selected rows in overlay bar

Indicate all selected rows in the overlay bar for the PacketList

Change-Id: Icddf8607b59bde12701a7e7983df6acbf26e0d23
Reviewed-on: https://code.wireshark.org/review/35161
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Speed up selection handling

Improve the speed for selection checks in PacketList and MainWindow

Change-Id: Ic3a413624463a798b5d13102965f75c7b1347b5f
Reviewed-on: https://code.wireshark.org/review/35160
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Include Column Headings with Edit -> Copy -> Plain Text / CSV

Bug: 16215
Change-Id: Ie59aa354be055831055a294724f8d7b800d35d90
Reviewed-on: https://code.wireshark.org/review/35153
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

PROFINET: Fix related to redundancy and PNIOStatus

According to specification, redundancy bit values in
packet-pn-rt.c are swapped. Moreover, endpoint type
was changed by Change 30821 and became ENDPOINT_NONE.
It has caused an error since related conversation can
not be found with its endpoint (ENDPOINT_UDP). Finally,
it is detected that when PNIOStatus is error, dissection
still continues but there is no data to dissect. This
defect is also fixed by this commit. (This change also
includes one fix for dead store.)

Change-Id: I09a07fd0027c4485ba84651e969b3de9d0012b5c
Reviewed-on: https://code.wireshark.org/review/35158
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Update to DICOM Edition 2019e

Change-Id: I680446e40acecc0ed6aefe29930f343375832796
Reviewed-on: https://code.wireshark.org/review/35152
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>

GSMTAP: fix empty INFO column for PTCCH/D messages

Change-Id: I3abc627ee0e88cc276511af66b33bda990fe5624
Reviewed-on: https://code.wireshark.org/review/35157
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

GSMTAP: also consider PTCCH/D as a broadcast channel

Change-Id: Ie4cf6e5a00aa2a699e979f0ebd52f7dce084c8f4
Reviewed-on: https://code.wireshark.org/review/35156
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

GSMTAP: use col_set_str() instead of col_append_str()

Change-Id: I1489239ba6f0f687d933e94e811e916300fe7089
Reviewed-on: https://code.wireshark.org/review/35155
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

GSMTAP: drop _U_ attribute from arguments of handle_tetra()

Change-Id: I00abb41f513c7afcf95c8ed9a1fcdb64f3f14aa4
Reviewed-on: https://code.wireshark.org/review/35154
Reviewed-by: Pascal Quantin <pascal@wireshark.org>

ReleaseNotes: Add info about "Expressions"

They no longer reside to the right of the display filter toolbar, but
have been moved to Analyze->Display Filter Expressions... as well as
the context menu of the display filter edit

Change-Id: I5afb87a483838204be33f5b8b965643c2c95e306
Reviewed-on: https://code.wireshark.org/review/35151
Reviewed-by: Roland Knall <rknall@gmail.com>

docbook: Add USB 2.0 Link Layer to release notes

Change-Id: Ifb87e70b89f63fc633660924b730b73156872580
Reviewed-on: https://code.wireshark.org/review/35139
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

NSIS: Don't run Wireshark from the installer.

Remove the option to run Wireshark from the NSIS installer. As noted in
bug 16195, this runs Wireshark as Administrator which is something we
recommend against.

Bug: 16195
Change-Id: I0692262a611d72d9e9f9c2131ce71cc62b4737b1
Reviewed-on: https://code.wireshark.org/review/35143
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove "..." from end of Edit > Copy > As XXX menu items.

"..." at the end of a menu item means "this pops up a dialog, asking you
for more information so it can do XXX"; those items just copy without
asking the user anything.

Change-Id: I8bc42a468d4c5605a27ae3414ecabd30ea97d87e
Reviewed-on: https://code.wireshark.org/review/35148
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

QUIC: updates for Key Phase changes (draft -24)

Fix decryption after Key Updates due to a HKDF label change, add a new
error code, and rename KEY_PHASE to be consistent with draft 24.

Change-Id: I73858112a6b4afd2b6de8f7183f4c4edaf03f705
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/35145
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: fix 0-RTT decryption for ciphers using SHA-256

Do not limit the digest function for 0-RTT ciphers to SHA-384, add
support for digest algorithms with smaller output sizes such as SHA-256.

Fixes 0-RTT decryption of quic_0-rtt_cannot_decrypt-dsb.pcapng
(draft -23).

Change-Id: I3b49d17497fbfa52773a989dc530d04b37b20c3a
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/35144
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Make sure Copy > As Text and Copy > As CSV add a final newline.

Bug: 16214
Change-Id: Idb691c1fbb33b2fabca5726c159b1f754668c1ae
Reviewed-on: https://code.wireshark.org/review/35147
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Note that Qt imposes a maximum frame number of 2^31-1.

Nothing in libwireshark limits frame numbers to 2^31-1 - they're stored
as unsigned ints and thus can go up to 2^32-1. That doesn't fit with
the way QTreeView works, as the model is ultimately from a subclass of
QAbstractItemModel, and that uses ints, not unsigned ints, for row
numbers.

Change-Id: I174c3ccdb5e86ea5897643560936c301fcc78c54
Reviewed-on: https://code.wireshark.org/review/35141
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Raise a question in a comment.

In PacketList::selectedRow, will we ever have a current index but not a
selection model?

Change-Id: Ie4a4a78b836876d6a890b2a0a5e5cba2de02a870
Reviewed-on: https://code.wireshark.org/review/35140
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Fix compile order for PacketListRecord

Change-Id: I58f125d7d883652ac3de019bbf3b64986fd1c642
Reviewed-on: https://code.wireshark.org/review/35137
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

NAS-5GS: Add 9.11.3.65 Control plane service type

Change-Id: Id27f56808f28879d2f998c4eb0e4fa30f19593b8
Reviewed-on: https://code.wireshark.org/review/35136
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Speedup Packetlist

Make dataChanged more specific and remove unnecessary iteration
in case of recoloring

Change-Id: I1ee270623b1cb8ac3907a5d45d6a8c4c5027c322
Reviewed-on: https://code.wireshark.org/review/35135
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Remove unnecessary parent check

parent.column() will allways be -1, due to ::parent returning
QModelIndex() and therefore parent being invalid all the time.

Change-Id: Ibb0482b4204523dba71a2be4f078da4f11fcaf71
Reviewed-on: https://code.wireshark.org/review/35134
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Remove unused progress update

The progress update is no longer being used, due to the
fact that dissection is handled differently. Removing it,
as well as corresponding signals

The code was removed in https://code.wireshark.org/review/c/34679/

Change-Id: I043c4535ce3dbec66c5822ddbad8e648307d0738
Reviewed-on: https://code.wireshark.org/review/35133
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Handle emptying selections

Clicking in an empty area of the Packet List to "unselect" the packet
selection, left one packet indicated as selected (by having a single
field active, but not highlighted). This is fixed, by selecting this
entry.

If the last line is being deselected, not index is set as active, as
it has been in previous versions of the Qt interface

Bug: 16216
Change-Id: Ib5353a7e59b09a4f816655e1dd65a20d6c6d1a13
Reviewed-on: https://code.wireshark.org/review/35132
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

NAS-5GS: Fix dissection of 8.2.19 Configuration update command.

Change-Id: Ieb3e8ba63496c6524b591a03b886316e07d96416
Reviewed-on: https://code.wireshark.org/review/35131
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SMB2: Fix an error with the timestamp for TimeWarp ECPs during CREATE.

My previous commit had an error in the formatting of the timestamp.

Change-Id: I66f1489b75667d84c3beeca6aae73e692c4360b6
Reviewed-on: https://code.wireshark.org/review/35130
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

nvme: fix some heap buffer overflow errors

Bug: 16213
Change-Id: Ia59eb2aebadd16792ce81b0a25bde50870540bed
Reviewed-on: https://code.wireshark.org/review/35127
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Update ColorUtils::themeLinkBrush.

Qt 5.12.6 fixed the dark mode link color on macOS. Update themeLinkBrush
accordingly.

Ping-Bug: 15511
Change-Id: I9d89bf3ef9c8a9b8c14dc5f435b9cdbb30fca2aa
Reviewed-on: https://code.wireshark.org/review/35126
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Qt: Remove an unneeded connection.

Fixes

Change-Id: I259e5bea0d0475d1bbb0c584b125a4ea819dda64
12:31:07.342     Main Warn QObject::connect: No such slot AboutDialog::copyToClipboardTriggered() in ../ui/qt/about_dialog.cpp:300
12:31:07.342     Main Warn QObject::connect:  (sender name:   'copyToClipboard')
12:31:07.342     Main Warn QObject::connect:  (receiver name: 'AboutDialog')
Reviewed-on: https://code.wireshark.org/review/35129
Reviewed-by: Roland Knall <rknall@gmail.com>

3.1.1 → 3.1.2.

Change-Id: Id89e46103f61392653cfdc60ef16d11123fe0928
Reviewed-on: https://code.wireshark.org/review/35128
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Build 3.1.1.

Change-Id: I007d9e6c6b0562e727673787e6c27efd6a2f6269
Reviewed-on: https://code.wireshark.org/review/35125
Reviewed-by: Gerald Combs <gerald@wireshark.org>

SIP: Handle "Authorization:" Header without data.

Change-Id: I42f5ea5f2b0b12fc5cfe6df37b6cec5c85e1eb60
Reviewed-on: https://code.wireshark.org/review/35123
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

macos-setup.sh: Sparkle setup fixes

- mkdir on macos 10.14.6 doesn't have a -f parameter
- set file ownership on tar extraction

Change-Id: I5d6341aba02b56abe0c1aa48e68c4c1b6af15379
Reviewed-on: https://code.wireshark.org/review/35115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

print: fix ek output with -j option.

Bug: 16207
Change-Id: I95047f76430f5e83083b950a8ed7400e6cdd40ec
Reviewed-on: https://code.wireshark.org/review/35117
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>