git.samba.org - metze/wireshark/wip.git/log

Docs: Updates for xsltproc and Asciidoctor.

Change-Id: I3cfe2121beaab0fe09228ec277997d68fe824693
Reviewed-on: https://code.wireshark.org/review/26281
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CMake: Fixup our Chocolatey bin path discovery.

Search for choco.exe directly instead of using PATHS + PATH_SUFFIXES.
Look in %ChocolateyInstall%\bin first. CHOCOLATEY_BIN_PATH is the binary
path. There's no need to append /bin to it.

Change-Id: I732db398bd989bf12222a5cee2c79c0bd4161638
Reviewed-on: https://code.wireshark.org/review/26276
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CMake: Remove SH from the packate list.

Change-Id: Idafd85df598e0c58fc8252574ce0478b3e1464a9
Reviewed-on: https://code.wireshark.org/review/26278
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Transition from GeoIP Legacy to MaxMindDB.

MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.

Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.

Migrate the preferences and documentation to MaxMindDB.

Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.

Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CMake: Remove FindSH.

We haven't used SH_EXECUTABLE since the Asciidoctor migration.

Change-Id: I93e8245ea02ed994ebb62942d5ea4ec890e35a97
Reviewed-on: https://code.wireshark.org/review/26277
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ipsec: zero memory in get_full_ipv6_addr (found by clang).

Change-Id: I5a1c8cccd40867b70e64c8763a56da6a77c164b2
Reviewed-on: https://code.wireshark.org/review/26116
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>

dcm: Fixed crash in dissector, and other bugs Some tag descriptions which are added to the parent item (32 tags). If one of those was empty a crash occurred. Mainly the RTPlan modality was affected.

Fixed length decoding for OD, OL, UC, UR Fixed hf_dcm_assoc_item_type to be interpreted as 1 byte
Fixed pdu_type to be interpreted as 1 byte
Fixed decoding of AT type, where value length was wrongly reported in capture as 2 (instead of n*4)
Removed tailing white spaces
Please merge to 2.4 once ok.

Bug: 14415
Change-Id: I7857ef107e7e599c7dd9f8d069daa5b3bfb4122f
Reviewed-on: https://code.wireshark.org/review/26268
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Use the generic function decode_zcl_time_in_100ms instead of the local zcl_fmt_time_tenths.

Change-Id: Id79b59c77083e6fb236d4137820182616f5b83c1
Reviewed-on: https://code.wireshark.org/review/26275
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Diameter] Added extended AVPs for Gx and Rx

Change-Id: Ic795a84dfb42868a34707142ce31ec77cd855e44
Reviewed-on: https://code.wireshark.org/review/26273
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Diameter] fixed valid Diameter xml

Change-Id: Iacbbbb359885468e056dee3f8fa401223a38ca3c
Reviewed-on: https://code.wireshark.org/review/26271
Reviewed-by: Anders Broman <a.broman58@gmail.com>

VLAN: define a recursion depth limit

Altough the dissection consumes 4 bytes each time it is called, it can
trigger a stack overflow for big packets. Let's limmit the number of
allowed VLAN tags for a given packet.

Bug: 14469
Change-Id: Ieb6834ab3350dc7e8c301e6479577855a253897e
Reviewed-on: https://code.wireshark.org/review/26270
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

extcap: add g_free to extcap_free_toolbar_value (found by clang).

Change-Id: I81ca1665913f54333fe638208c99c4eef4ed2cc7
Reviewed-on: https://code.wireshark.org/review/26139
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

wisun: fix, improve, and refactor Wi-SUN IEs

Change-Id: I6e67d01c06536da5b41f9cf5b09b5f44393e6956
Reviewed-on: https://code.wireshark.org/review/26266
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add missing ZigBee ZCL Scene cluster commands.

The following commands are added:
0x40 - Enhanced add scene
0x41 - Enhanced view scene
0x42 - Copy scene

Change-Id: If7f921f7ede7518ecbb88395d6200f600a47bd85
Reviewed-on: https://code.wireshark.org/review/26202
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

IEEE 802.15.4: always allocate protocol data if not present

When using 2 passes, L2TP dissector can set a session info for previous
packets, breaking the assumption that IEEE 802.15.4 dissector will
always be called on first pass.
Let's always allocate the protocol data if missing, even if this is not
the first pass.

Bug: 14468
Change-Id: I4cb7ea2e54c1b763a48b99c0d64f542552789d18
Reviewed-on: https://code.wireshark.org/review/26260
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

NBAP: avoid linking a DCH-ID to itself

Otherwise it can create an infinite loop, leading to a buffer overflow.
Also add explicit cheks on the buffer usage and set its maximum size to
128 instead of 32 per ASN.1 description.

Bug: 14471
Change-Id: I805f4ce09347bc35143b010b4a558a0d090c0159
Reviewed-on: https://code.wireshark.org/review/26259
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

wisun: dissect Wi-SUN Netricity IEs

Change-Id: Icae32b9934549891fab0683fa055fe16d01fdd90
Reviewed-on: https://code.wireshark.org/review/26258
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

6LoWPAN: fix cast-qual warning

Change-Id: I688c2052b2e242664d31d995583330715ace37cd
Reviewed-on: https://code.wireshark.org/review/26261
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

dof: use tvb_memdup instead of g_memdup.

Change-Id: I0d1e6a09fa6fcf09c40c6e77b79cc97e0723bff5
Reviewed-on: https://code.wireshark.org/review/26144
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

dot11decrypt: free memory on exit (found by clang).

Change-Id: I1af895accdd52fe64fc156905c549e719aaba304
Reviewed-on: https://code.wireshark.org/review/26182
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

RTSP: Fixed missing space in column info between multiple pipelined messages

When there is multiple RTSP messages in one packet, info column shows its headers right next to each other. It is ugly:

Reply: RTSP/1.0 200 OKReply: RTSP/1.0 200 OK

Patch adds ', ' between messages:

Reply: RTSP/1.0 200 OK, Reply: RTSP/1.0 200 OK

Ping-Bug: 14450
Change-Id: I151dbc72b669002ed02d91af43d683c5fc4fe4ba
Reviewed-on: https://code.wireshark.org/review/26222
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

coloring rules dialogue: remove unused signal

View / Coloring Rules...

shows this warning

12:02:26.401 Main Warn QObject::connect: No such signal ColoringRulesModel::dragDropComplete() in ../ui/qt/coloring_rules_dialog.cpp:61
12:02:26.401 Main Warn QObject::connect: (receiver name: 'ColoringRulesDialog')

Remove the unused signal.

Change-Id: Id42c249ac9252269eb31e4971e62e927a28c88ed
Reviewed-on: https://code.wireshark.org/review/26239
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Windows: Remove support for MSVC older than VS2015

Cleanup the support for older versions of Visual Studio

Change-Id: Ieb97d56e9bff6a5902433e8d99b27276bc7034f7
Reviewed-on: https://code.wireshark.org/review/26247
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dissectors: epon: Improve preamble detection

The full EPON preamble is 55 55 D5 55, sometimes some bits are getting
lost so this dissector supports multiple parts of this preamble. Add
also the full preamble to detect also such packets correctly.

Change-Id: I6d74694601bf2a430e24f8c9c004f3558aa056c5
Reviewed-on: https://code.wireshark.org/review/26240
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[Automatic update for 2018-03-04]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I95feebf818e68804d287e011f4c6ee2cd244b2f3
Reviewed-on: https://code.wireshark.org/review/26254
Reviewed-by: Gerald Combs <gerald@wireshark.org>

enip: use wmem for copied addresses

When we copy an address from pinfo into connInfo->O2T.ipaddress, a
shallow copy is not sufficient. connInfo->O2T.ipaddress is kept across
packets whereas pinfo is valid only for the current packet.

Use wmem with file scope for the copied address. This fixes a
use-after-free error when we access the address in a subsequent packet.

Bug: 14470
Change-Id: I8b74037020189485485a506af6510cb45828e3c4
Reviewed-on: https://code.wireshark.org/review/26248
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mmse: remove a ton of if (tree) checks

Keep the "global" check where the entire processing was under if (tree).
Move this check in front of the while loop and exit if we have no tree.

Remove the subsequent (duplicate) checks for indivial
proto_tre_add_...() calls.

Change-Id: I6b978b438b9f1c84c8927ae4eb9c53a8eaadb4ef
Reviewed-on: https://code.wireshark.org/review/26246
Reviewed-by: Anders Broman <a.broman58@gmail.com>

clean up tvb_get_guintvar() a bit more

Wrap long lines.

Use a do-while loop. We know up-front that we'll go into the loop at
least once. Remove the cont variable, use the exit condition directly.

Set *octetCount = 0 if we return 0 because of an error. In that case, we
did not process any bytes and should inform the caller about this.

Change-Id: I222270939e42e0096b6f5a25b197bd4bae12235e
Reviewed-on: https://code.wireshark.org/review/26245
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wap: include stdio.h

Otherwise, fprintf() is not defined and the debug prints don't work.

Change-Id: I9bc791dfc829cf9e7b1b6e61b0090d2fb94bebb2
Reviewed-on: https://code.wireshark.org/review/26244
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tvb_get_guintvar: correct a debug print

We always start with counter=0, guint *octetCount is used only as a
return value.

Change-Id: I3c080c59ef7620c5007f6dc3139a78a72cff2a21
Reviewed-on: https://code.wireshark.org/review/26243
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tvb_get_guintvar: don't overflow our return value

tvb_get_guintvar() returns a guint. If we haven't seen the final byte
after sizeof(guint) bytes, something is wrong. Abort and return 0.

This is the minimum fix for

Bug: 14473

Change-Id: Ibe8a1239c1cbbeec0591c66710416bb56f9f60dc
Reviewed-on: https://code.wireshark.org/review/26242
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add support for new peekremote features.

Enhanced peekremote dissector to take into account the new extended
flags written by Cisco APs in sniffer mode after WLC version 8.5.

Support for 80mhz channel flag (bit 9), short preamble (bit 8), amount
of spatial streams (bit 14-16)
dot11_ht_vht_flags=0x00000551 <--short preamble encoded to 10th bit of
dot11_ht_vht_flags.
dot11_ht_vht_flags=0x00008bc8 <--80MHz info encoded to 9th bit of
dot11_ht_vht_flags.

The spatial streams information is already encoded to 16:15:14 bits of
dot11_ht_vht_flags. The following are the bit pattern representation,
000 - 1 spatial stream
001 - 2 spatial streams
010 - 3 spatial streams

Bug: 14452
Change-Id: If0539e356b32a791901d213a653f7a98521667ee
Reviewed-on: https://code.wireshark.org/review/26178
Reviewed-by: Guy Harris <guy@alum.mit.edu>

PDCP: show wrong calculated digest on MAC item, and add some comments about calculation

Change-Id: I97445f87abd59761fb14b05dad2df98d2b127f7a
Reviewed-on: https://code.wireshark.org/review/26250
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

PDCP: don't link back security setup to self

Change-Id: If74714846463394d99ec34bc36960c872f9726a9
Reviewed-on: https://code.wireshark.org/review/26241
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

WiX: install the other plugin types as well

The WiX toolset configuration files have to be extended to handle the
new plugin directory structure as well. Apart from the EPAN plugins
the wiretap and codec plugins have to be included as well.

Change-Id: I173e6b87a88e4ef8aa3283a308e2b5207f0d6ba2
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/26176
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Don't crash in manually_resolve_cleanup() if there's nothing to clean up.

We might not yet have allocated the manually-resolved address lists;
only free the if we have.

Change-Id: Iff9864e397a04cdcb613268603c073ecd1fa77fb
Reviewed-on: https://code.wireshark.org/review/26236
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Move what capture_info_close() does into its only caller.

Change-Id: If9539142100fb2079cbbe247d8975778b183ece8
Reviewed-on: https://code.wireshark.org/review/26235
Reviewed-by: Guy Harris <guy@alum.mit.edu>

More indentation cleanups.

Change-Id: If24cf44a1ba9772d8fe2e026d19e6838cf8e0949
Reviewed-on: https://code.wireshark.org/review/26234
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Clean up indentation.

Change-Id: Id3d84d33590b12a91f15e7c2d8af350fb630b7b2
Reviewed-on: https://code.wireshark.org/review/26233
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix a warning message.

Change-Id: Ice2ed63bb3785323949c466a67b287fd4f80fd12
Reviewed-on: https://code.wireshark.org/review/26232
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove declaration of routine that no longer exists.

The routine was removed in Id302e88bed4da8b9b457049fb78b0bc7d7ffabe3.

Change-Id: I1874be1cb666d42011cc9b4ab9360dc885d3622c
Reviewed-on: https://code.wireshark.org/review/26231
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove an ipmap remnant.

Change-Id: I391043aa0fdfce132a552e063d850d17bcf5a4de
Reviewed-on: https://code.wireshark.org/review/26230
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Remove the endpoint "Map" feature.

Remove the endpoint map and its button from the Qt and GTK+ UIs. It
depends on GeoIP Legacy for coordinate information and those databases
are being deprecated in favor of MaxMind DB. We *could* upgrade the code
to use mmdbresolve, but according to
https://dev.maxmind.com/geoip/geoip2/geolite2/ they're also going to
remove coordinate information from GeoLite2:

"In addition, in 2019, latitude and longitude coordinates in the
GeoLite2 databases will be removed.* Latitude and longitude coordinates
will continue to be provided in GeoIP2 databases. Please check back for
updates."

Change-Id: I43e1593d282a0f1aae897b1f4724117d1496b21e
Reviewed-on: https://code.wireshark.org/review/26229
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

extcap: Make settings dialog modal

Otherwise dialogs could be opened multiple times

Change-Id: I19f9c11395b5f5ba41c00ff78ab9794064562d29
Reviewed-on: https://code.wireshark.org/review/26221
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

[NAS-5GS] Dissect more IEs.

Change-Id: I67a86383688089f59573f6549e02d5e0027e1b4b
Reviewed-on: https://code.wireshark.org/review/26224
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

More spawned process handling updates.

Document ws_pipe.h. Define invalid PIDs in one place.

Extcap didn't use stdin before 1a0987904f. Make sure we close it.

Change-Id: I7a69cd9b5137ae82435e64628a22e4d812d58f89
Reviewed-on: https://code.wireshark.org/review/26226
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fuzz-test: Handle ABRT.

Trap ABRT and try to pass it on to our runners.

Change-Id: I6e5a9fd63822c9bc84e116b3574abc4ccca448f5
Reviewed-on: https://code.wireshark.org/review/26227
Reviewed-by: Gerald Combs <gerald@wireshark.org>

NAS-EPS: added heuristic udp dissector

Change-Id: I5df909ac55be5d00f73bd2403b2c7d4b3d1494ca
Reviewed-on: https://code.wireshark.org/review/26050
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

XRA: added upstream channel id, sid and iuc to burstinfo dissect

Change-Id: Ib46f5dd7199143847c83a77d19f9dd114ef9005c
Reviewed-on: https://code.wireshark.org/review/26220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Windows: Update target version info

Set the API target level to Win7, along with installer changes
to match.

Change-Id: Icd93964eadf93018c56218e3efdfed10b9f8959a
Reviewed-on: https://code.wireshark.org/review/26218
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>

[NAS-EPS] Use proto_tree_add_bitmask_list() for some bitfields.

Change-Id: I0b241a1e553beaf7527948ef067cc1f9356754c8
Reviewed-on: https://code.wireshark.org/review/26210
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

One strstr() call suffices.

If we've found "interleaved=" in the buffer *and*, if so, know where
we've found it, we don't need to find it again; we can just use the
result of the first strstr() call.

That should also keep Visual Studio Code Analyzer from bogusly saying
"hey, we might not have found it, maybe we're handing a bad pointer to
sscanf()".

Change-Id: I9d8f5c0b38038a3f05b8e5343f965f1676105875
Reviewed-on: https://code.wireshark.org/review/26219
Reviewed-by: Guy Harris <guy@alum.mit.edu>

quic: Make sure that we still build when certain libraries not found.

This adds some _U_ to prevent build failures when the build platform
does not have certain libraries or more recent versions of those libraries.

Change-Id: I82a1c14dd250181af189bd8564afc47180385e60
Reviewed-on: https://code.wireshark.org/review/26211
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

RLC: Fix duplication check after sqn reset

When rlc sequence number wrapped around, duplicate frames wouldn't be
marked because they were compared to the sqn from the first round.
Change-Id: Ia57aac9b86b4cc84dd8ec411fe0a94972acb9526
Reviewed-on: https://code.wireshark.org/review/26208
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Bluetooth: Initialize ett features for Media Player Dissection

The ett_btavrcp_features and ett_btavrcp_featuers_not_used fields were
not initialzed causing an abort when dissecting.

Change-Id: I3ee2f557ace1643dfba5a978add66c3c7ba7d895
Reviewed-on: https://code.wireshark.org/review/26217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PDCP: speed up dissection of status PDU.

N.B. In normal traffic status PDUs do not appear very often, but if
the config of RLC/PDCP are wrong, every PDU can appear to be a status
PDU and it can take a long time to print out the list of missing
sequence numbers.

Change-Id: I9514b505639fa58d86bf5ebb3fb2bcf1f8e65aa8
Reviewed-on: https://code.wireshark.org/review/26197
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Generalize our process spawning code.

Move the contents of extcap_spawn to ws_pipe. Rename various extcap_*
prefixes to ws_pipe_*. Open stdin when we spawn processes.

Change-Id: I9286295443ee955bb6328b0ed6f945ee0bb2a798
Reviewed-on: https://code.wireshark.org/review/26216
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Windows: Remove cruft for unsupported versons

Remove all the existing LoadDLL\GetProcAddress combinations
that allowed conditional Win32 API usage if supported on the
running OS version.

All the required functions are present in the versions we support.

Change-Id: Ibc43e51cefcd1c7562d4e251784362509f224ed6
Reviewed-on: https://code.wireshark.org/review/26215
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>

Fix compilation without pcap.

Change-Id: Id9f6b9189c7663062ecc569a33ca2c30c4c86760
Reviewed-on: https://code.wireshark.org/review/26213
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[NAS-5GS] Dissect more IEs.

Change-Id: Ief8d55bbee921e701c3374ce4073ae4587177989
Reviewed-on: https://code.wireshark.org/review/26209
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Fix some issues with VHT/HE NDP Announcements.

George Baltatanu noticed some issues, including subtrees in the wrong
place, some spelling errors, bit display order, etc.

Change-Id: I7e30e0e27e302bdd2b870a2bb01e7926336b413e
Reviewed-on: https://code.wireshark.org/review/26188
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

gitlab-ci: add clang 7 builds.

Compile nopcap with clang 7 instead of 6.

Change-Id: Icc3ffc895e2b97feadca719b45ef72a5d79098cd
Reviewed-on: https://code.wireshark.org/review/26207
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

NAS-5GS: fix PD values for 5GS SM and 5GS MM

-based on agreed cr https://portal.3gpp.org/ngppapp/CreateTdoc.aspx?mode=view&contributionUid=C1-180442

Change-Id: I1c382cee9bb2120d1df1db0f6436e5f139803a43
Reviewed-on: https://code.wireshark.org/review/26206
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ZigBee TP2 buffer test request malformed packet

Test profile 2 buffer test request is trying to parse "octet sequence"
which is not part of the command frame for the buffer test request.

Change-Id: I9f35aacbb3c70b5daed07a0ea29b1bec1cf7741a
Reviewed-on: https://code.wireshark.org/review/26196
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>

[PFCP] improved various value printout

Change-Id: Ica2ce06d69c6fb2812c1ddb17a2dcce6e58e1a96
Reviewed-on: https://code.wireshark.org/review/26193
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Make we shut down cleanly when exiting early.

Add an exit_application() routine that calls wsApp->quit() + exit() in
the Qt UI and exit() in the GTK+ UI. Make sure we call it instead of
exit() when needed.

Bug: 14395
Change-Id: I171b5fd19ce4664db4a2ebb4b8c33e278dcec427
Reviewed-on: https://code.wireshark.org/review/26121
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: Add heuristic for avoid conflict with GQUIC

and UDP port 443 is not (yet) official port for QUIC...

Bug: 13881
Change-Id: I637241bd327adc6c5cccbcd68524d2ef3811e8e8
Reviewed-on: https://code.wireshark.org/review/26166
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: Add dissection of RETRY

Bug: 13881
Change-Id: I49075dc227c0b132ef4bc37d1ff28b14bbfd3e4f
Reviewed-on: https://code.wireshark.org/review/26083
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

QUIC: use switch/case for long_packet_type and move to function

Ping-Bug: 13881
Change-Id: If601344d042909ae190226f8039f0b9d016fb8d7
Reviewed-on: https://code.wireshark.org/review/26082
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

NAS-5GS: More dissection.

Change-Id: Iedf85db2b1da07f1a6b87db20250034b795cfd34
Reviewed-on: https://code.wireshark.org/review/26179
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Simplify the mode passed to CreateNamedPipe().

There's one mode you use if byte_mode is true, and another mode you use
if it's false. My head hurts when I try to pretend to be a top-down
parser for C and feed myself the existing expression, and Visual Studio
Code Analyzer says "are you sure that's what you had in mind?", so I'm
guessing the modes are:

byte mode: PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT
not byte mode: PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT

and am just using one test of byte_mode to choose between them.

Put the entire function under an #ifdef, so we can mark the byte_mode
argument as unused on UN*X but not on Windows.

Change-Id: Ib2d0b80f870b1789c1375ccb017bd90e93dca5ce
Reviewed-on: https://code.wireshark.org/review/26201
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't handle various "command to send" values in the default case.

The default case ignores the high-order bit, which is set in all the
values for "command to send", so they will never be matched. The values
moved out of the default case, if their upper bit is clear, either don't
correspond to any command in T.30 or correspond to an initial
identification command, which never has the upper bit set, so there's no
risk of misidentification by processing all of the "command to send"
values outside the default case.

Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
catching this one.

Change-Id: I6192b0c5a6dcfd31b9fd757be736a311a9d089e6
Reviewed-on: https://code.wireshark.org/review/26198
Reviewed-by: Guy Harris <guy@alum.mit.edu>

mp4: limit the recursion depth for boxes

Although the dissection of each box header consumes a couple of bytes,
it turned out that it's still possible to crash wireshark with a sample
file that contains a large number of nested boxes. The stack will fill
up before we reach the end of the data bytes.

Keep track of the recursion depth as we walk through the hierarchy of
boxes. Abort if we reach the (locally defined) upper limit.

Bug: 13777
Change-Id: I0f67245a5c74131f10d0f9d99b39ad31711b9775
Reviewed-on: https://code.wireshark.org/review/26167
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[PFCP] added two more IEs

8.2.86 Subsequent Volume Quota
8.2.87 Subsequent Time Quota

Change-Id: I00b99c5fcc9fc7c157a048c1cbd901b56e12a8d7
Reviewed-on: https://code.wireshark.org/review/26189
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Print the right value for signed statistics tap table items.

Thanks and a tip of the Hatlo hat to Visual Studio Code Analysis for
finding this one.

Change-Id: If2312ba98d1c3060e525dd8b2afe3e0ff07fb5bd
Reviewed-on: https://code.wireshark.org/review/26194
Reviewed-by: Guy Harris <guy@alum.mit.edu>

flex: add also (-W)unreachable-code to ignore warning (for flex generate file)

Change-Id: I09ab6d91b45113432255cb20ae30440ea0438b23
Reviewed-on: https://code.wireshark.org/review/25984
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix StringCchPrintf() calls.

One was missing an argument; supply the necessary string.

The other was assuming that an LPARAM was 32 bits when that's not the
case on 64-bit Windows - the underlying value is 32-bit, so we just cast
to int.

Change-Id: Ie2a38e27f2ea211628d2c751a7807bb9ed396c64
Reviewed-on: https://code.wireshark.org/review/26190
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix a check.

Presumably the intent is to check for unsigned integer and signed
integer types, not to check twice for unsigned integer types.

Thanks and a tip of the Hatlo hat to Visual Studio Code Analyzer for
finding this.

Change-Id: Ie8e4d231af929ee8e626c5c9258c3356d5209f4f
Reviewed-on: https://code.wireshark.org/review/26187
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Redo the way we choose N/S/E/W.

This should squelch a warning from Visual Studio Code Analyzer.

Change-Id: Ie66e45276458a6f880c9b020ff541b7d2a71433a
Reviewed-on: https://code.wireshark.org/review/26184
Reviewed-by: Guy Harris <guy@alum.mit.edu>

QUIC: Display GREASE version..

Change-Id: I1005bbaf528e91dd8244fb94a0530d9152db38a0
Reviewed-on: https://code.wireshark.org/review/25691
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Include <config.h> so UNICODE is defined.

All other files should do so; this file should, so that we're using the
Unicode versions of Windows APIs (especially given that other files that
include wsutil/unicode-utils.h will be doing so and expecting UTF-16
strings from utf_8to16_snprintf()).

Change-Id: I7eccf580ab0dc504aa78b345e36e2fcda818a7c5
Reviewed-on: https://code.wireshark.org/review/26170
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

t38: allocate memory in pinfo pool scope.

Change-Id: I627f21f2f67589374749f4f16f5d71cf45d98d68
Reviewed-on: https://code.wireshark.org/review/26137
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

dof: don't initialize nonce it is useless.

Change-Id: I300145c04293fa06ea6af0a5797d27023c3b2fbc
Reviewed-on: https://code.wireshark.org/review/26177
Reviewed-by: Anders Broman <a.broman58@gmail.com>

6LoWPAN: Less scary display if UDP checksum is elided

Set the 'recomputed' checksum to 0xffff instead of 0 so that the UDP
dissector does not show an 'Illegal Checksum value (0)' PI_ERROR.

Bug 14458

Change-Id: I0fba0979be5a5b2957a7cec98c0df7996491d3b5
Reviewed-on: https://code.wireshark.org/review/26052
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

csn1: set pointer before using it (found by clang).

Change-Id: I4ff2fb3861725a492736facd2d084baeef8fd09f
Reviewed-on: https://code.wireshark.org/review/25993
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

L16_mono: Add L16 monaural codec plugin as functional example

This codec plugin serves a dual purpose.
First it is to add L16 codec suppport to Wireshark.
Second it is an illustration of a basic codec plugin module.

Change-Id: I64394dab3257ae49dece0257b16cd969503918e2
Reviewed-on: https://code.wireshark.org/review/26131
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rrc: remove unused function.

Change-Id: Id3d0c8ffb7a2f4c1a51678aa112beb56adc84609
Reviewed-on: https://code.wireshark.org/review/26174
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rrc: move allocation within if statement.

Change-Id: I2282a834560ef81a4f974e80fd6a0286e83a5461
Reviewed-on: https://code.wireshark.org/review/26143
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tshark(.pod): fix spelling-error-in-manpage found by lintian

inital => initial

Change-Id: Id92a853bd6b24e06b2f6074903f8e89249c6c2cc
Reviewed-on: https://code.wireshark.org/review/26168
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GQUIC: Try to fix ACK frame with Q039

Change-Id: Id717c5354826c6aac0b72426213a128e0f501377
Reviewed-on: https://code.wireshark.org/review/26154
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GQUIC: Change all integers (and floating) encoding

Change-Id: I197bf7f47685b9d66e5df5cc091904834eea20cd
Reviewed-on: https://code.wireshark.org/review/26153
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GQUIC: for item with length = 1, use ENC_NA for encoding

Change-Id: I3b65e7a2c27763448717415a12a59d773fdb5d65
Reviewed-on: https://code.wireshark.org/review/26152
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GQUIC: Packet Number is now big endian

With Q039 is now big endian for integers and floating number

Bug: 14462
Change-Id: Ifc2bd4454830e2f4328c4c1d8d1ea37d3542e8da
Reviewed-on: https://code.wireshark.org/review/26151
Reviewed-by: Anders Broman <a.broman58@gmail.com>

BGP: Heuristic for IPv6 NLRI path identifier

NLRIs can contain path identifiers as defined in RFC7911.

This commit adopts the IPv4 heuristic to IPv6 to detect usage
of additional path identifier.

Bug: 14241
Change-Id: I6b99c079b12d1f9a3e05b152a5540a621076e965
Reviewed-on: https://code.wireshark.org/review/26157
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

[PFCP] added Aggregated URRs IE

Added
Table 7.5.2.4-2 Aggregated URRs
8.2.84 Multiplier
8.2.85 Aggregated URR ID IE

Change-Id: Ic7b25d155c4c113503319e1360910dd09407a55f
Reviewed-on: https://code.wireshark.org/review/26161
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[PFCP] Name update of IEs

8.2.31 SxSMReq-Flags -> PFCPSMReq-Flags
8.2.32 SxSRRsp-Flags -> PFCPSRRsp-Flags

In accordance with 3GPP TS 29.244 V15.0

Change-Id: I5650366bd061ffd51f8577aeb420681abced5889
Reviewed-on: https://code.wireshark.org/review/26150
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make sure GetModuleHandle(_T("kernel32.dll") succeeds.

If it doesn't, we're living in the Twilight Zone - that's like not
finding libc/libSystem/whatever-your-UN*X-calls-it on a UN*X - but this
should at least remove one complaint from Visual Studio Code Analyzer.

Change-Id: Iccb568ea022ac28be962ab3fec5bccdfdf69ac13
Reviewed-on: https://code.wireshark.org/review/26165
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ieee80211: Fix handling of compressed block acks.

Thomas Derham pointed out that there was a problem with my changes
and supplied a fix. The pronblem was that I was fetching important info
after offset had moved on. This change is slightly different but works for
Thomas.

Change-Id: I45862b87f3d9626285111dab83a0067d3d529ab2
Reviewed-on: https://code.wireshark.org/review/26162
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Squelch some Visual Studio Code Analyzer warnings in Flex-generated scanners.

Hopefully this filters out stuff about which we can't do very much
(other than send off a Flex fix and wait for it to be accepted and end
up in a WinFlexBison package), making it easier to find the stuff about
which we *can* directly do something (i.e., problems in code *we* wrote).

Change-Id: I9dec0389c3e126697acb307d30a823b9b285ef45
Reviewed-on: https://code.wireshark.org/review/26164
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make sure CAPACITY() doesn't shift the 1 out of range.

Make the 1 we shift left the size of a size_t, so it'll only go out of
range if the result couldn't possibly fit in a size_t. (That should
also make the object of the shift unsigned, which may squelch some other
complaints.)

Not that the map is *likely* to be bigger than 4GB, but it should
squelch some complaints from Visual Studio Code Analysis.

Change-Id: I489bfe6b1d9d4329c267936d9106dbba4388c492
Reviewed-on: https://code.wireshark.org/review/26163
Reviewed-by: Guy Harris <guy@alum.mit.edu>