git.samba.org - metze/wireshark/wip.git/log

Follow Stream: ensure linear performance with many packets

Reverse the payload chunks list to achieve a running time of O(n) rather
than O(n²) for insertion of all chunks. Executing a RelWithDebInfo+ASAN
build with `tshark -r chargen-session.pcapng.gz -qz follow,tcp,hex,0`
previously took 11m5s to complete, but now finishes in 16 seconds.

Tested using a capture file with 152k TCP packets (from bug 11777).
Backport note: must update ui/gtk/follow_stream.c too.

Change-Id: Icf70d45f33d4399e53209fb6199d3809608c8d99
Reviewed-on: https://code.wireshark.org/review/28595
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Use the display name in "Save As..." output for statistics taps.

Change-Id: I78ecc2db6cf0020a51637b1595f2b001d66addf4
Reviewed-on: https://code.wireshark.org/review/28633
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use the file *base* name for statistics graphs etc..

For example, if the file is foo.pcap, make the default name for a saved
PDF of some graph be foo.pdf, as it was prior to 2.6, not foo.pcap.pdf.

Change-Id: Ide99c9c7fa1f3d16f829e731f968a209fbb52b8d
Reviewed-on: https://code.wireshark.org/review/28624
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Change the print preview if "include column headings" changes.

While we're at it, sort some method declarations and definitions, to
group the top-level summary/details/bytes yes/no options together, with
two groups of suboptions for summary and details below.

Bug: 14945
Change-Id: Id06dd64e44b18b13e2131482edef46aee3efbd63
Reviewed-on: https://code.wireshark.org/review/28620
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add a "Include column headings" checkbox in export dissections and print.

Bug: 14945
Change-Id: I1c5ed0bc7e738a5c8d65c09f25686549e1e6dd67
Reviewed-on: https://code.wireshark.org/review/28615
Reviewed-by: Guy Harris <guy@alum.mit.edu>

F1AP: upgrade dissector to v15.2.1

Change-Id: Iaff72ce933ae03a87f41d3d4081bb3f14b37f266
Reviewed-on: https://code.wireshark.org/review/28611
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

PFCP: Fix dissection of Network Instance.

Change-Id: I2e9a154ad70adcdc1de494567e95d5d5c7f9b028
Reviewed-on: https://code.wireshark.org/review/28606
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wisun: fix remove EAPOL-ready field; add Routing Cost to info

The EAPOL-ready field has not been part of the specification since
before this dissector has been created.

Change-Id: I7bd25a44ad3ee61e7a2a3b105f7bbffb1e28b31f
Reviewed-on: https://code.wireshark.org/review/28602
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Make source file not executable

Change-Id: Idc532c1b2d3848c1611c593b13f93f82c4c020e9
Signed-off-by: Jaap Keuter <jkeuter@aimvalley.nl>
Reviewed-on: https://code.wireshark.org/review/28603
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DOCSIS: Added decoding for OPT (OFDM Downstream Profile Test) messages

Change-Id: I6cbd789d48cc08411938ab2d4b3365e7628efb6d
Reviewed-on: https://code.wireshark.org/review/28591
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tap-rtp-common: fix comma at end of enumerator list [-Wpedantic]

Change-Id: I8b66da3dcb3ad0c8b99e196d0c8c882388f8c5db
Reviewed-on: https://code.wireshark.org/review/28593
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Distinguish between "reserved for implementation" and "reserved for future use".

Some flags in the connectionless PDU header are "reserved for
implementation", which presumably means an implementation can set them
to 0 or 1 and use it to send information to a compatible implementation;
others are "reserved for future use" and "must be set to 0".

Don't test the "reserved for implementation" flags in the heuristic, and
show them as "Reserved for implementation" and show the others as
"Reserved for future use (MBZ)".

Bug: 14942
Change-Id: Iff40f155e057301096fec1dbb68f71d041508ff1
Reviewed-on: https://code.wireshark.org/review/28598
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Some fixes.

For filePath() and fileName(), just return a null string if we can't
convert from the native encoding to UTF-8 - those aren't used for
displaying, those are used for setting the main window's file name and
for generating names of files to save based on the capture file name.

Have fileDisplayName() just return the display name, without
"[closing]"/"[closed]" decoration or a special case for no file being
open (just return a null string if there's no file open), and have
fileTitle() return the decorated display name.

Change-Id: I244f318d5444dcf58527e5d38c4d073c28b73810
Reviewed-on: https://code.wireshark.org/review/28594
Reviewed-by: Guy Harris <guy@alum.mit.edu>

LPPa: upgrade dissector to v15.0.0

Change-Id: I59ecbd3aab030208f9665e4c7e683c5fa1e47df4
Reviewed-on: https://code.wireshark.org/review/28592
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

X2AP: fix dissection of SgNB to MeNB Container

Bug: 14940
Change-Id: I42706789cd073fab1a0a7283f009c2f30751579d
Reviewed-on: https://code.wireshark.org/review/28590
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

fileTitle -> fileDisplayName.

That more closely matches the name of the file.h routine that it uses.

Change-Id: Ia206fb8331f4f3ad8035da9f6137ad2428d53a49
Reviewed-on: https://code.wireshark.org/review/28589
Reviewed-by: Guy Harris <guy@alum.mit.edu>

We have cf_get_display_name(); use it to get the title bar string.

Change-Id: I318472670722d24c3d3896cbd1e88623f5adb297
Reviewed-on: https://code.wireshark.org/review/28588
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Set the file path for a main window if it's not a temporary file.

That's needed to support the "proxy icon", so it can be dragged.

Change-Id: I1ad209cd43a2a6df9c52d076f6513780b0ac51be
Reviewed-on: https://code.wireshark.org/review/28587
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Just use CaptureFile::fileTitle() in MainWindow::setTitlebarForCaptureFile().

It now does the heavy lifting, so MainWindow::setTitlebarForCaptureFile()
doesn't have to duplicate it.

Change-Id: I97ded85306e625b2c67c3fde62a636ec6818a6f5
Reviewed-on: https://code.wireshark.org/review/28586
Reviewed-by: Guy Harris <guy@alum.mit.edu>

CaptureFile.fileTitle() is for display, not for file name processing.

Don't use CaptureFile.fileTitle() if you're constructing a pathname; use
it only if you're constructing a window title.

Change-Id: I40f225ddb07be2f7dc3ae03108dae816846f20c7
Reviewed-on: https://code.wireshark.org/review/28582
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't show temporary file names in title bars.

For dialogs and auxiliary windows, if we have a live capture that hasn't
yet been saved to a permanent location, there's no good reason to show
the temporary file name in the title bar, as:

  it's a random string that doesn't indicate where the capture was done
  and that could confuse people (see, for example, the confusion in bug
  14929, in which somebody referred to the "Follow TCP Stream" window as
  the ".pcap dialog" because its title had ".pcap" at the end, due to
  the capture file being a temporary file and its name showing up in the
  title bar of that window);

  it differs from what the main window title bar shows.

While we're at it, don't assume that the file name in the capture_file
structure is a UTF-8 string - some UN*Xes might not use UTF-8 for file
names.

Change-Id: I0d3dfd5d7f896ea37533daf7089b688710dbabf0
Reviewed-on: https://code.wireshark.org/review/28581
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-stcsig.c: Improve detection of false positives

Change-Id: Ic4be950dba934f3d4eb407b6d623f95022ef1985
Reviewed-on: https://code.wireshark.org/review/28580
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

packet-hsrp.c: Fix the display length of some tlv-blocks

Change-Id: I4e4dc682153e226ad4989f5b6b39a11b13abf763
Reviewed-on: https://code.wireshark.org/review/28566
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

CMake: check Asciidoctor version availability before using it

On Ubuntu trusty, Asciidoctor 1.4 is installed. This does not satisfy
the minimum version requirement (1.5) and should not be used even if the
binary is available.

Change-Id: Iaffd55a5bcb26510b4b59f209768a61c3116d32f
Fixes: v2.5.1rc0-76-g94a0f7c641 ("Switch from AsciiDoc to Asciidoctor.")
Reviewed-on: https://code.wireshark.org/review/28576
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssl-utils: Add missing entry for ECJPAKE in ssl_31_ciphersuite[] and ssl_get_keyex_alg().

Addressing code review comments from Peter Wu.

Bug: 14935
Change-Id: I5e2dbad1ab42c3f958b29092df31d3636d04812c
Reviewed-on: https://code.wireshark.org/review/28569
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nas5gs: Dissect 2 more IEs.

Change-Id: Ib2edf90cbf276ac2dc4fba30df5fffe1ddc81485
Reviewed-on: https://code.wireshark.org/review/28568
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: add more sanity checks to detect UI/file loading issues

As "cf_read" and "rescan_packets" can end up calling back to the GUI
code, that could destroy "cf->epan" which could result in use-after-free
crashes. While I can find most issues with ASAN, it would be even
better to detect the destructive action in "cf_close".

Change-Id: I72700a60c6786d153c2aaa8478bfdfb16a01dcda
Ping-Bug: 10870
Reviewed-on: https://code.wireshark.org/review/28542
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix crash on opening a capture file while loading/saving another

Closing a capture file while it is being loaded will result in a crash.
As a workaround, disallow closing the capture file. The requested action
(e.g. MainWindow::openCaptureFile) will be silently ignored.

While at it, protect process_specified_records (called when saving
files) similarly to cf_read and fix a crash that occurs when a capture
from the Capture Dialog is started while a file is being loaded:

file.c:360:cf_close: assertion failed: (cf->state != FILE_READ_IN_PROGRESS)

Bug: 10870 # moving rapidly between large files in a file set
Bug: 13594 # start capture while loading/saving file
Bug: 14351 # open another file while loading file
Change-Id: I6ce8f3163c3fa4869f0299e49909a32594326ce4
Reviewed-on: https://code.wireshark.org/review/28541
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: fix packet list update after dfilter change during live capture

During live captures, "cf->state==FILE_READ_IN_PROGRESS" holds and as
such setting "cf->redissection_queued" from "cf_filter_packets" will
prevent the packet list from being updated (no new packets are added and
display filter changes are not applied).

Fix this by not checking "cf->state" and instead perform an explicit
check to detect the "update_progress_dlg" issue (see original commit).
As "cf->read_lock" is implied by "cf->redissecting", remove that check
as well (see "rescan_packets").

Print a warning instead of aborting in "cf_read" since I am not sure if
that condition is currently prevented by its callers.

Bug: 14918
Change-Id: Ieb7d1ae3cbeef18f17c850ae3778822ee625dc68
Fixes: v2.9.0rc0-1110-g8e07b778f6 ("file: do not perform recursive redissections to avoid crashes")
Reviewed-on: https://code.wireshark.org/review/28538
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

BGP: Break off IPv6 LU NLRI into its own fields

Change-Id: I2c0b521369c30d651a39f49f72bd93986499c96e
Reviewed-on: https://code.wireshark.org/review/28559
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update a comment to reflect current reality.

Change-Id: I7abf0173e3febf0f34f5942ffe8ff26780d15752
Reviewed-on: https://code.wireshark.org/review/28575
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix various compile warnings.

Use h265_profile_idc_values as the value_string for
h265.general_profile_idc. Get rid of a duplicate value - 2 is used for
both "Main 10" and "Main 10 Still" profiles, a *separate* part of the
packet indicates whether it's the still picture version or not.

"#if 0" out h265_level_bitrate_values - it's not clear where it should
be used.

Initialize two-dimensional arrays with { { 0 } }, i.e. an array of
arrays, with the first element of the first array explicitly initialized
to zero, and all the other elements of all the other arrays implicitly
initialized to zero.

Change-Id: Ia2ddc28528dcc49fa7a69685b7e5d08d2cd6b4e7
Reviewed-on: https://code.wireshark.org/review/28574
Reviewed-by: Guy Harris <guy@alum.mit.edu>

WSUTIL/PINT: transform macros into static functions

For better type safety

Change-Id: Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af
Reviewed-on: https://code.wireshark.org/review/28570
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add first time H.265 based on the H.264 dissector.

Change-Id: I5b101d6713157a53d1d330e1bd2c70f7b7a247e1
Reviewed-on: https://code.wireshark.org/review/28426
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

The "Ethernet offset" is 16 bits in the file; make it so in the pseudo-header.

This should squelch warnings from Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Change-Id: I6803001981c63ddf76a735341ab2cc8dccdb8ab0
Reviewed-on: https://code.wireshark.org/review/28573
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make arrays of 4 octets arrays of 4 guint8.

That makes it clearer that it's not a string, and avoids some type
complaints from change Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Update a comment while we're at it.

Change-Id: I6737bb2a7ff3b4d461700c641cb580194f7809e7
Reviewed-on: https://code.wireshark.org/review/28572
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make an array of 4 octets an array of 4 guint8.

That makes it clearer that it's not a string, and avoids some type
complaints from change Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Update a comment while we're at it.

Change-Id: Idba56f38d58d87f73aee41a11195371021a1328d
Reviewed-on: https://code.wireshark.org/review/28571
Reviewed-by: Guy Harris <guy@alum.mit.edu>

WSUTIL: create phtole32 and 64 functions

Change-Id: I15c3c40665ccab1e60057837ffce5bae50d1b52c
Reviewed-on: https://code.wireshark.org/review/28567
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

DNS: fix in expand_dns_name

The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).

Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Get rid of trailing space.

Change-Id: Id68b01264ada02274b63d26141df8d99419de0f5
Reviewed-on: https://code.wireshark.org/review/28565
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add new encoding names for seconds/{micro,nano}second time stamps.

Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.

Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() for a number of time values.

Change-Id: I862a7870d335f8b0b57d13e2981a8bb1a02b2726
Reviewed-on: https://code.wireshark.org/review/28563
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update a comment.

Change-Id: I867e344b75281e4faa0998f71d8d99b364d5a1f8
Reviewed-on: https://code.wireshark.org/review/28562
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds value.

Change-Id: I908292838b7acf2a1c3da0237c8158bfd4f615b1
Reviewed-on: https://code.wireshark.org/review/28561
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add support for 8+8 and 8+4 struct timespec, and use it with 9P.

Add support for 8-byte-seconds/8-byte-nanoseconds and 8-byte-seconds/
4-byte-nanoseconds time values. Use them in the 9P dissector, with
proto_tree_add_item().

Only do the length validity checking for time values in
get_time_value().

Change-Id: I0f1d791d7aa503093a491d2c33300bd55ca7866e
Reviewed-on: https://code.wireshark.org/review/28560
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds value.

Change-Id: Idf4e2f30b3709fc2df5d105064a68860e02a6003
Reviewed-on: https://code.wireshark.org/review/28558
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds/nanoseconds value.

Change-Id: Ie019d33153afa38e1b1fb4a142c981458758910b
Reviewed-on: https://code.wireshark.org/review/28557
Reviewed-by: Guy Harris <guy@alum.mit.edu>

smb2: Add request/response arrows

SMB2 can call subdissectors, but none of them use the request/response
arrows so there won't be any confusion in the display.

Change-Id: If79861a18a38afafa5b9a0f36e838d7e9ac35801
Reviewed-on: https://code.wireshark.org/review/28554
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

NGAP: upgrade dissector to v15.0.0

Change-Id: I859265260fde2e986a3b95ff117512cff90bed90
Reviewed-on: https://code.wireshark.org/review/28556
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Mkae the handling of non-full-frame time stamps match RFC 5456.

At least as I read RFC 5456:

1) non-full-frame time stamps should have high-order bits from
the time stamp of the last full frame ORed into it;

2) "mini voice packets" have a 16-bit time stamp and "mini video
packets" have a 15-bit time stamp;

so adjust the non-full-frame time stamps in that fashion rather than by
adding 32768 until the value looks OK - and don't adjust full-frame time
stamps at all.

Change-Id: I20873a633a99415ac73a7e6baf087e5ec62a4905
Reviewed-on: https://code.wireshark.org/review/28555
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Bluetooth: ATT: Implement 0x2A0B-0x2A1B remaining characteristics

- 0x2A0B  Exact Time 100
- 0x2A10  Secondary Time Zone
- 0x2A15  Time Broadcast
- 0x2A1A  Battery Power State
- 0x2A1B  Battery Level State

Change-Id: I857a8ff6e38b0093d2d746c789d8f33ec59eb553
Reviewed-on: https://code.wireshark.org/review/28553
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

XnAP: capitalize 2 hand made fields

Change-Id: I05caf9212121d87e2c2dd5fd803c9e748f68b871
Reviewed-on: https://code.wireshark.org/review/28552
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

S1AP: search GCSNA dissector only at startup

Change-Id: I1805010dc4d8f5cc920786a00a2fb175cc7eebdd
Reviewed-on: https://code.wireshark.org/review/28551
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

[Automatic update for 2018-07-01]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I41a23250a0b818b08475ede50792fd9acc37b2ae
Reviewed-on: https://code.wireshark.org/review/28547
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix creation of conversation.

The last argument to conversation_new_by_id() is the options for the
conversation, *not* the frame number.

Change-Id: I44e1819123432aa043e82f6b74ebdfad26ce76c0
Reviewed-on: https://code.wireshark.org/review/28545
Reviewed-by: Guy Harris <guy@alum.mit.edu>

randpktdump: add --delay option

For testing live capture mode in the Qt UI, it is useful to have a
continous capture source with some dummy packets.

Change-Id: Id76ecbf24828dd3212b208c96679524e4c25b00f
Reviewed-on: https://code.wireshark.org/review/28537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix handling of DEB_BUILD_OPTIONS=nocheck

When DEB_BUILD_OPTIONS is set to nocheck when running dpkg-buildpackage, tests
would not be built but still run. Changed to nether build or run tests when set
to nocheck.

Change-Id: I2a27025273aab536f0fc0a98cb8efd2d825c5013
Reviewed-on: https://code.wireshark.org/review/28529
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix debugging code.

Don't show address or ports that aren't provided; this is especially
important for address 1, where its absence is indicated by the pointer
being null, so we can't blithely dereference it.

Show ports as unsigned, because that's what they are.

Change-Id: I162b6f08a3973c0cded0742c267a016dbb5ee31a
Reviewed-on: https://code.wireshark.org/review/28543
Reviewed-by: Guy Harris <guy@alum.mit.edu>

mdp: fix no previous prototype for ‘proto_reg_handoff_mdp’ [-Wmissing-prototypes]

Change-Id: I0ebc71f240ace38cb6c111c0cc56f20fee10749d
Reviewed-on: https://code.wireshark.org/review/28539
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Minimal support for ECJPAKE.

"Elliptic Curve Cryptography (ECC) variant of Password Authenticated
Key Exchange by Juggling (ECJPAKE)" as defined in
https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt
and used in
https://www.threadgroup.org/ThreadSpec.

Change-Id: I8c73a2528182427ff4f4734e3fe1618adc464192
Reviewed-on: https://code.wireshark.org/review/28531
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ubdp: fix no previous prototype for ‘proto_reg_handoff_ubdp’ [-Wmissing-prototypes]

Change-Id: I38b8269930a96fa2cac1fdda3806eef41f296d20
Reviewed-on: https://code.wireshark.org/review/28540
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Exablaze: Fix signed/unsigned comparison

Change-Id: Ibfdb86a6590921039634f0e4a8e48099d13a2d20
Reviewed-on: https://code.wireshark.org/review/28530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

packet-cisco-fp-mim.c: Add support for FP packets that contain an extra QinQ header

Also: Minor style cleanups (some still missing) and add two FP specific WKAs.

Change-Id: I908ec92ba4682caf8e9c9cc4fb44c2f9c336b4e3
Reviewed-on: https://code.wireshark.org/review/28535
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

XnAP: add an option to force target NG-RAN container decoding format

Change-Id: Ia166e9e16fe5d7b12f9b3ff6ca4577761941ccc3
Reviewed-on: https://code.wireshark.org/review/28532
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

XnAP: add dissector based on v15.0.0

Change-Id: If5cbcd4d6c2d0442945e8a46fe836b1dbd17991d
Reviewed-on: https://code.wireshark.org/review/28528
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

AT: Allow padding in heuristic check

Bug: 14882
Change-Id: I0aa26d2ae898d47e0e33794f95e9c464cf5ec6f1
Reviewed-on: https://code.wireshark.org/review/28296
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Do not add Change-Id on packaging branches

Change-Id: I2a40d4d005dfab6b887833150cb6556e08622a1d
Reviewed-on: https://code.wireshark.org/review/28517
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Windows: run update_tools_help target when building installer

It ensures to have up to date help output for our command line tools

Change-Id: I5b900be692c05d6231678cf3ca82e86ef843d01c
Reviewed-on: https://code.wireshark.org/review/28476
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

packet-ieee80211.c: Mikrotik IE should be Routerboard, added dissection update

The MIKROTIK OUI is actually allocated to Routerboard and should be considered
as such. The IE is utilized by Routerboard, Ubiquiti, Mikrotik, and other
Routerboard derivative device types. Added subtype1 dissection which contains
data element carrying descriptive info no the network, device, or model info.

Bug: 14925
Change-Id: Ic7c091877d5c5eb12a51b17dbd8761efdf242f9c
Reviewed-on: https://code.wireshark.org/review/28510
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sflow: print sysuptime in human readable form.

Change-Id: Ib4b59b1451fc32f89136f79865ccf1672146401c
Reviewed-on: https://code.wireshark.org/review/28516
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: do not perform recursive redissections to avoid crashes

When packets are being read (in "cf_read") or rescanned/redissected (in
"rescan_packets"), it could call "update_progress_dlg". That could end
up accepting GUI actions such as changing profiles (which triggers a
redissection via "cf_redissect_packets") or changing the display filter
(which triggers another "rescan_packets" via "cf_filter_packets").

Such recursive calls waste CPU and in case of "cf_redissect_packets" it
also causes memory corruption (since "cf->epan" is destroyed while
"cf_read" tries to read and process packets).

Fix this by delaying the rescan/redissection when an existing rescan is
pending. Abort an existing rescan/redissection if a new redissection
(due to profile changes) or rescan (due to display filter changes) is
requested and restart this to ensure that the intended user action is
applied (such as a new display filter).

Bug: 14918
Change-Id: I646730f639b20aa9ec35306e3f11bf22f5923786
Reviewed-on: https://code.wireshark.org/review/28500
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix indentation.

Change-Id: I0ef6d0a9a957e645aa7f7e507609b9195fe9c19f
Reviewed-on: https://code.wireshark.org/review/28520
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-lldp.c: Some updates to Cisco vendor subtypes (UPOE and ACI)

- Use UPOE instead of four-wire - it's the term everyone knows.
Also provide a link to the "spec".
- Add some more ACI fields I found in some traces.
Guess the function of unknown-CA to be Node Role.

Change-Id: I7bdb4c1f720868da4f502ba43ba9e2b1c072d4e0
Reviewed-on: https://code.wireshark.org/review/28422
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

NGAP: dissect PLMNIdentity IE

Change-Id: I47b16ec0ceb71662b8030c00cff7c58e09f75606
Reviewed-on: https://code.wireshark.org/review/28515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Darien Spencer <cusneud@mail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NGAP: display TAC and EPS TAC as DEC_HEX

Change-Id: I10d1f5b89551be177f6883c2f66334d2fb36ef06
Reviewed-on: https://code.wireshark.org/review/28514
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

X2AP: display 5GS TAC as DEC_HEX

Change-Id: Ic8d0baf39851a8f0ae260f55ffab1bec218ed79a
Reviewed-on: https://code.wireshark.org/review/28513
Reviewed-by: Anders Broman <a.broman58@gmail.com>

S1AP: display 5GS TAC as DEC_HEX

Change-Id: Ib5950cbd587809424c1e3fc3ae8cd2dc7e504348
Reviewed-on: https://code.wireshark.org/review/28512
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nas5gs: Dissection updates

- Change the defines a bit.
- Update the way the header is handled.

Change-Id: I47fafcbec526ed4147b9202168e349f9b68bed6d
Reviewed-on: https://code.wireshark.org/review/28511
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

IEEE 802.11: Disable FCS validation by default.

Disable FCS/checksum validation by default to match Ethernet, IPv4,
IPv6, TCP, UDP, SCTP, etc.

Change-Id: I289b6a05e73da2b020ee65b3298cb054a29c6d42
Reviewed-on: https://code.wireshark.org/review/28485
Reviewed-by: Gerald Combs <gerald@wireshark.org>

DICOM: use pinfo pool memory for strings used in columns

Packet scope lifetime is too short for it.

Bug: 14923
Change-Id: I4bd5ef8c7382d5d3d98598b797732ba3d88e44fd
Reviewed-on: https://code.wireshark.org/review/28505
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

opa: Add support for TID RDMA protocol

Change-Id: I04a4333e64a8fc9efc96bd351c55b293986629e2
Signed-off-by: Goldman, Adam <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28504
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make white space consistent.

Change-Id: I19053ecc53b7f0d2b4dfb0462f381f7d28bb578a
Reviewed-on: https://code.wireshark.org/review/28502
Reviewed-by: Guy Harris <guy@alum.mit.edu>

rtps: Fixed multichannel locator fields order

Change-Id: Ib84b659022f9dfb64f5869410c85c64193a3c3f8
Reviewed-on: https://code.wireshark.org/review/28425
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tcp: add support for reassembling out-of-order segments

Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.

The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.

The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)

As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.

Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.

This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.

Bug: 3389   # capture 2907 (HTTP) ok
Bug: 4727   # capture 4590 (HTTP) ok
Bug: 9461   # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006  # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517  # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754  # capture 15593 (MySQL) ok2
Bug: 14649  # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: add info about using symbolic links for git hooks.

Change-Id: I4b448c1a12946479638d04819570f5a0dd1227dd
Reviewed-on: https://code.wireshark.org/review/28497
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add macros to initialize nstime_t values and use them.

This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.

Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-mdp.c: New dissector for Cisco Meraki Discovery Protocol

Bug: 14912
Change-Id: I2f99931abde331d087a994a22c74cf8d4dd8d53a
Reviewed-on: https://code.wireshark.org/review/28478
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

packet-updp.c: New dissector for Ubiquiti Discovery Protocol

Bug: 14911
Change-Id: Ie567a85e869707269ea66d4cd73577f926b16232
Reviewed-on: https://code.wireshark.org/review/28467
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

NAS EPS: add subtrees for extended emergency numbers and ciphered data sets

Change-Id: I8c1fcf960ad058f25b24b796fecf1ff08eb78f7a
Reviewed-on: https://code.wireshark.org/review/28499
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

RTP: If multiple codecs are used in RTP stream flow, all are shown in codecs column

Change-Id: Ica8b3bc2b6b59790805764ec88c6f4e3f8689a85
Reviewed-on: https://code.wireshark.org/review/28435
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

macosx-setup: fix indentation.

Change-Id: Ifece9846cb6e94d2cdb1f29fc28db2700f269495
Reviewed-on: https://code.wireshark.org/review/28498
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CIP: Improve Class 2/3 connection handling

1. Add new dissector table that allows for registration of CIP Class 2/3 Data
   against CIP Class that was used in the Forward Open. This is similar to the
   Class 0/1 I/O dissector table. The new logic is this:
     a. If there is connection info and a table entry: Call the registered dissector
        handle (cip_connection_message_router.pcap).
     b. If there is connection info and no table entry, use the CIP implicit
        dissector (cip_connection_implicit.pcap)
     c. If there is no connection info: Assume Message Router (Class 0x2)
        format (cip_no_connection_message_router.pcap)
2. Remove old dissector table for "enip.sud.iface". The specification states that
   the Interface Handle "shall be zero" for SendUnitData, so there isn't a need
   to have custom handling for different Interface Handle values. SendRRData
   does not have the same restriction, so that dissector table (enip.srrd.iface)
   will stay.
3. Pull out Class 2/3 data processing into separate function: dissect_cip_class23_data()
4. Remove extra unnecessary tree layer in implicit data dissector.

Bug: 14916
Change-Id: Id53a2031a6064551b3915d8954527a7b3261d222
Reviewed-on: https://code.wireshark.org/review/28496
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Sort our column descriptions.

Convert our column descriptions to a value_string and sort it by
description. This ensures that they are properly sorted in the UI.

Change-Id: I7d699a1c45906b9c42e443fcdcdcb4d8d49deb77
Reviewed-on: https://code.wireshark.org/review/28492
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet export: Add default file extension

Adds a default file extension when exporting packet dissection
in various formats:

text       -> txt
postscript -> ps
csv        -> csv
pdml       -> pdml
psml       -> psml
c arrays   -> c
json       -> json

Change-Id: Ie5d942a3c694abd8edf9df184f6e219d4b870a1b
Reviewed-on: https://code.wireshark.org/review/28490
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Remove IPX from our default filters.

Remove IPX items from the default capture, color, and display filter
files. Suggested by Laura Chappell at SharkFest 2018.

Change-Id: I5e14caaa69efc638a5da7c795bf8a9e5e890b3fd
Reviewed-on: https://code.wireshark.org/review/28489
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS5GS: Dissect 5GS network feature support IE-

Change-Id: Iee5f2f71229c6ea9a66707cd4f13f79a244ffdb2
Reviewed-on: https://code.wireshark.org/review/28486
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Revert "docbook: remove equivalent case."

We still need the "length == 2" behavior.

This reverts commit 622b17a475a81aa3af5cc743b831d01233b99c31.

Change-Id: Id3b7ed9231f3fefeeac5fb910b792139c4844ec8
Reviewed-on: https://code.wireshark.org/review/28484
Reviewed-by: Gerald Combs <gerald@wireshark.org>

docbook: reduce ruby code duplication by introducing utils module.

Change-Id: I7e436db3cb86f5ebd0f5827c6da630303bc3f538
Reviewed-on: https://code.wireshark.org/review/28400
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: remove equivalent case.

The output for this case is achieved by the following one.

Change-Id: I585aba39ebb67d65a8f5159217ea8a85ad13e49c
Reviewed-on: https://code.wireshark.org/review/28421
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: rewrite some ruby code according to RuboCop suggestions.

Change-Id: I2d1ea982c1622dbc29f927ee168b552b46e39faa
Reviewed-on: https://code.wireshark.org/review/28399
Reviewed-by: Anders Broman <a.broman58@gmail.com>