git.samba.org - metze/wireshark/wip.git/log

Add valgrind support to randpkt-test.sh.

There's already valgrind support in fuzz-test.sh; This change simply clones the
relevant fragments of script into randpkt-test.sh, making very minor tweaks as
needed.  Valgrind support in randpkt-test.sh is enabled through the "-g"
command-line option, just like with fuzz-test.sh.

In my testing here, it seems MAX_LEAK could be reduced somewhat, but I don't
think that that belongs as part of this change; I've simply kept the MAX_LEAK
value from fuzz-test.sh.

While we're here, the last line of valgrind-wireshark.sh launches a subprocess,
and that shell then simply returns its exit code, so there is no need for the
shell to stick around.  So, let's use "exec" here to replace the shell with the
new process.

Testing Done: On Linux amd64, ran several iterations of randpkt-test.sh and
   fuzz-test.sh, both with and without the "-g" option.

Change-Id: I87cc63559dc2e66c42c905f46657ce40cabf0104
Reviewed-on: https://code.wireshark.org/review/27741
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleaks on opening a context menu

FrameInformation was never deallocated, leaking the whole pinfo scope.
Fix a dealloc-alloc-mismatch (packet_data_ was g_memdup'd). Attach the
DataPrinter menu actions to the action group instead of the singleton
DataPrinter instance, this enables freeing the actions when the submenu
is gone rather than clearing this at program exit.

Reported by ASAN.

Change-Id: If13af94a60b07b0e52973ccc5c437ef987bfb394
Fixes: v2.5.0rc0-1627-g8a6ea0e454 ("Qt: Further cleanup ByteView")
Reviewed-on: https://code.wireshark.org/review/27844
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleaks in protocol preferences menu

Reported by ASAN.

Change-Id: I0e7578d6583dc11312d95108331b6a743d7d5514
Reviewed-on: https://code.wireshark.org/review/27832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleak in PacketList::contextMenuEvent

Change-Id: I925d2e1529a70aaf403896a4d7df3f491265916d
Fixes: v1.99.7rc0-225-g26dacfc8c3 ("Qt: Add protocol preferences menus.")
Reviewed-on: https://code.wireshark.org/review/27831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleak from cf_get_display_name

Free the memory as documented.

Change-Id: I8a8842160be676bb08f5b93e795b9ed8edef2ede
Reviewed-on: https://code.wireshark.org/review/27829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add PROXY(v2) protocol

Bug: 14506
Change-Id: I399f3a94583985a5d036ac26438e0c5bc5a70c85
Reviewed-on: https://code.wireshark.org/review/10626
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

.mailmap: update of May (2018)

Change-Id: Id7ea1cde7d08f17a55f7426e1fced00445bd07e8
Reviewed-on: https://code.wireshark.org/review/27852
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Reviewed-by: Dirk Roemmen <dro@cslab.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

http: continue parsing in spite of illegal header name

While HTTP header names are restricted to a limited set, many
implementations basically read whole lines and then look for a colon.
Actual validation happens after that. Follow that approach to avoid
early termination of request/response headers and diagnose the issue.

This may break HTTP/0.9 response parsing, but nobody should be using
that now.

Bug: 10123
Change-Id: If435aa832effc83095f9b6b822a76cb46451e7de
Reviewed-on: https://code.wireshark.org/review/27605
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mstp: fix buffer overflow in COBS decoding

Fix a crash (denial of service) resulting from a large buffer overrun
(read) when the "MS/TP Length" is smaller than 3. If that is the case,
then an integer overflow will result in a large unsigned number.

Fix a buffer overflow (write) when the "code" (length) octet is 0. This
is illegal and would result in an integer overflow. With a specially
crafted encoded CRC-32K value, this could result in writing 255 bytes
past the end of buffer (xoring the octets with 0x55).

Make the meaning of the "length" parameter more obvious (include two
bytes such that it reflects the input and output buffer size).

Corrected based on the description in Section 9.10 of
http://www.bacnet.org/Addenda/Add-135-2012an-PPR2-draft-rc4_chair_approved.pdf
(note that its reference code also has this overflow issue).

Bug: 14771
Change-Id: Iac27e1151f02add4e54abb0fcae6afc94460ae23
Fixes: v2.9.0rc0-734-g0e517232a8 ("Added support for extended length BACnet MS/TP data frames.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8580
Reviewed-on: https://code.wireshark.org/review/27897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dirk Roemmen <dro@cslab.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wiretap: camins: add support for timestamps

A CAM inspector file maintains a global time counter in units of
1us. Set the correct resolution for the packet timestamps.

Keep track of the time counter when the file is loaded and we walk
through the file from start to end. Process timestamp blocks in the
file. Each of those blocks updates a part of the overall time counter.

Change-Id: I138cd8fb287e591b078babc2403a599287df1397
Reviewed-on: https://code.wireshark.org/review/27904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Boost the maximum frame size.

Lemon gets this error on its Parse() function, at least on FreeBSD 11.1
with its version of Clang.

Change-Id: I4fc1674373af5c0016ee953b61066bf6b24b7ad6
Reviewed-on: https://code.wireshark.org/review/27905
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use rel_time_to_secs_str() to format a time delta.

Change-Id: Iba90a9f38c61ea361f990ed1d5cb8859b93a32ba
Reviewed-on: https://code.wireshark.org/review/27902
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RPC-over-RDMA: fix infinite loop

When there are two segments, but zero requests, "i=1" will be reset to
"i=0" and an infinite loop occurs.

Change-Id: I32cb387ce0724936bcb5d5832b1c90d2bc585998
Fixes: v2.5.2rc0-100-g8f0f691312 ("RPC-over-RDMA: add reassembly for reply, read and write chunks")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7138
Reviewed-on: https://code.wireshark.org/review/27891
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add the MATE documentation chapter to the User Guide

With MATE being an integral part of Wireshark for a long time now and its
documentation being part of the Wiki for a while it is time to move it
into the Wireshark Users Guide.

All credits go to Luis Ontanon for creating MATE and the Wiki pages,
the various contributors to those pages and especially Pavel Sindelka for
the creation of the graphics.

This change merely incorporates the contents of the Wiki pages into an
asciidoc file for processing into documentation output. It is in no way a
claim to knowledge of or deep insight in the workings of MATE on my part.

Change-Id: Id9c60fd3ba4a52aafb988370ea7d658907970ccd
Reviewed-on: https://code.wireshark.org/review/27894
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ua3g: added setup of rtp/rtcp converstations from record-rtp message

Change-Id: I167756da6cba0734cd0280528f9b5a303675d5b9
Reviewed-on: https://code.wireshark.org/review/27872
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gtp: added "response in/to" for GPRS Data record

According to TS 29.060, ch6.

Change-Id: I7945b483f73265a7eb5432094054c5d4683fd6f8
Reviewed-on: https://code.wireshark.org/review/27875
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GTP: fix dissection of GGSN addresses in PDP Context ie

Change-Id: I468d253016118887ef90e57f179e3413cca14e40
Reviewed-on: https://code.wireshark.org/review/27889
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GTPv2: improve visualization of PDN addresses

Change-Id: I45df36c70bfcd5826de9c15b006570e2c7a36154
Reviewed-on: https://code.wireshark.org/review/27888
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ESP: fix a memory leak in UAT management

When updating a SA, ensure to free the previous key before
allocating a new one.

Change-Id: I9e5486c8214d7ce2ea60dd52f9a10f9cfe2a1d20
Reviewed-on: https://code.wireshark.org/review/27870
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tools: rename rpm_setup.sh to reflect other similar scripts.

Change-Id: Ie686d7c5b808d9b89ff47cd65830ae441de8f8a2
Reviewed-on: https://code.wireshark.org/review/27862
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wsutil: fix compilation on freebsd.

Change-Id: Iadb3f3daa1095ac9cc971f79ba4d288e8d835a44
Reviewed-on: https://code.wireshark.org/review/27864
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Indicate *which* field would go past the MAX_TREE_ITEMS limit.

That could help find the problem if all we have is the error message, as
it'd at least indicate where the problem is occurring.

Change-Id: I01154ff62088a4b710c131cb153e8e4593ebc3b2
Reviewed-on: https://code.wireshark.org/review/27878
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix test for early exit from MMSE dissector.

We don't need to dissect the body if 1) we're *not* building a protocol
tree (tree == NULL) *and* 2) the PDU doesn't have content that can be
handed off to subdissectors.

(Fix which vs. that issue in a comment while we're at it.)

Change-Id: I90890975c05e72cc9ebc776a21683905828f57b5
Reviewed-on: https://code.wireshark.org/review/27876
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ua3g: updated decoding of set-skin-id message

Change-Id: Id7c06ac8d25b4a2523604178389a2369b4f85d4c
Reviewed-on: https://code.wireshark.org/review/27871
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ua3g: fixed decoding of start-tone message

Change-Id: I6ec9742b26daaa63d11c1fa47ec70fb5e6276848
Reviewed-on: https://code.wireshark.org/review/27868
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sctp-analysis: Use g_list_free_full() in a couple of places.

Change-Id: Ifd9517c562660ddee59feac1a7c234b9cdbbdf98
Reviewed-on: https://code.wireshark.org/review/27867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: select a better default Decode As table

USB has three possible tables, usb.device, usb.product and usb.protocol
(shown in that order in the Decode As dialog). For single packets with
no prior device descriptors, the last two tables have no valid selector
(integer zero). In such cases it seems more reasonable to use tables for
which a valid selector exists (for example, "usb.device").

Bug: 14717
Change-Id: I2319817fa11318a97519d8cfc912343b16224c12
Reviewed-on: https://code.wireshark.org/review/27820
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SCTPAllAssocsDialog: fix memleak of "sctp_assocs"

"fillTable()" overwrites "sctp_assocs" with an external address.

Change-Id: I415d424f16a2306b1b79fde7b5f836458da14b16
Reviewed-on: https://code.wireshark.org/review/27833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CIP: Pull out segment parsing to separate functions

dissect_cip_segment_single was huge and too hard to read and update.
This change pulls out segment parsing into individual functions to make
it easier to read, and will help with upcoming changes.

There are no functional changes. I verified that the packet parsing is
identical before and after using feature_cip_all_segments.pcap from
Bug: 12049

Main changes:
1. Pulled out the following code into separate functions:
   dissect_segment_port
   dissect_segment_safety
   dissect_segment_data_simple
   dissect_segment_ansi_extended_symbol
   dissect_segment_logical_service_id
   dissect_segment_logical_special
   dissect_segment_network
2. In dissect_cip_segment_single, no need to explictly check for zero
   segment_len in many cases because the function will already return
   zero in those cases.

Change-Id: Id437bb34dc665ac37f428b8fdab0c89c454ad25e
Reviewed-on: https://code.wireshark.org/review/27845
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ICMPv6: fix wrong tree for some bitmask field

Ping-Bug: 14755
Fixes: v2.3.0rc0-1236-gdcb49539d ("ICMPv6: Convert flag fields to use proto_tree_add_bitmask")
Change-Id: I5ba03391739b34fcba60f636d87d46ec5a3f7660
Reviewed-on: https://code.wireshark.org/review/27847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ICMPv6: fix malformed packet when there is Use Prefix Part Label (Router Renumbering)

Bug: 14755
Change-Id: Ie7edc6d7eeb74b968f1358d980bdb86f41ae85ec
Reviewed-on: https://code.wireshark.org/review/27846
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make sure the offset doesn't overflow.

It'd only overflow if the value is *so* large that it won't fit in the
packet (given that we have a 2^32-1-byte limit on the packet size), so
use tvb_ensure_bytes_exist() to ensure we have the entire value before
processing the value.

(The real problem is that we don't handle the case where there's a value
multiplicity > 1 for some types; in those cases, we should loop,
processing all the values, which would cause us to eventually throw an
exception when we ran past the end of the packet. This is just a quick
fix.)

Bug: 14742
Change-Id: I447ece81d1c84d3b1d218faeb2c155f910208c29
Reviewed-on: https://code.wireshark.org/review/27853
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix incorrect formatting of NSAP area addresses/address prefixes.

If the area address/address prefix is 13 octets long, use the 13th
octet, not the 21st octet; the latter is *not* part of the area
address/address prefix, and might either not be in the packet or might
be some random other part of the packet.

Add/expand comments while we're at it.

Bug: 14744
Change-Id: I7b90318a72a49b67d8ec17952add528185fd064b
Reviewed-on: https://code.wireshark.org/review/27848
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Automatic update for 2018-05-27]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I6603cc4dd62ff1db23efa4374437ce9ebf7a81c8
Reviewed-on: https://code.wireshark.org/review/27840
Reviewed-by: Gerald Combs <gerald@wireshark.org>

More bitfield fixes.

Use proto_tree_add_boolean(), not proto_tree_add_uint(), for FT_BOOLEAN
fields.

Change-Id: I00c8da977dcb2d232d6837bd58137e7aebe0ca7f
Reviewed-on: https://code.wireshark.org/review/27837
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Have a dissector table for SSL/TLS/DTLS ALPN protocol IDs.

Have dissectors register with their protocol ID string in that table,
rather than having a table in epan/dissectors/packet-ssl-utils.c that
has to be updated for new protocols.

Have a table of protocol ID string prefixes, to handle the case of
protocols such as SPDY and HTTP2 drafts, where multiple protocol IDs are
used for different versions.

Change-Id: I363d04895a88e779fbbca7dc8e1f31aa1970a31a
Reviewed-on: https://code.wireshark.org/review/27836
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix 802.11ax fields.

Fix a bunch of copy-and-pasteos, incorrectly using
proto_tree_add_bits_item().

Fix bitmaps to reflect the bit counts.

Show the top-level fields with appropriate zero padding.

Use the appropriate field widths and fix the bit masks.

Change-Id: I8fa34246710dc835f2b30a1af94b997f4ffb10bf
Reviewed-on: https://code.wireshark.org/review/27827
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix STUN-over-SSL/TLS/DTLS.

Different dissectors are required for protocols running atop SSL/TLS and
protocols running atop DTLS - SSL/TLS provides a byte-stream service, so
there's no guarantee that there's a correspondence between SSL/TLS
application data record boundaries and packet boundaries, but DTLS
provides a datagram service, with packet boundaries corresponding to
application data record boundaries.

This is similar to the difference between dissectors for protocols
running atop TCP and protocols running atop protocols such as UDP.

So have two separate tables mapping Application-Layer Protocol
Negotiation (ALPN) Protocol IDs to dissector names - one for SSL/TLS and
one for DTLS.

There are both "over a byte-stream protocol" and "over a packet-oriented
protocol" dissectors for STUN and TURN ChannelData packets. Register
the "over a byte-stream protocol" ones by name, and use the appropriate
ones in the appropriate tables. (There is not one named "stun", so the
STUN dissector wouldn't have been called at all.)

Change-Id: I054e169f6ae3291abdc7eb58918ef65a17c90a63
Reviewed-on: https://code.wireshark.org/review/27822
Reviewed-by: Guy Harris <guy@alum.mit.edu>

SCTP: plug the remaining memleaks in the tap

Change-Id: I50da5f8c54c7be49ad8339d22639605daf2c5616
Reviewed-on: https://code.wireshark.org/review/27821
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

SCTP: fix crash when filtering an association

Do not free a tsn_t element if it has already been inserted in a GList.
The code structure is complex enough to add an explicit check before
calling g_free().
Fixes a regression introduced in gb19ca06fcc.

While we are at it, let's call the correct free function and plug some
memory leaks.

Bug: 14733
Change-Id: I071da96982da569083fd98b790e0d37ac0826ff1
Reviewed-on: https://code.wireshark.org/review/27808
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Added support for extended length BACnet MS/TP data frames.

Change-Id: Ic6b02312a95e91f14ebaae9c2f2c95e82512d8cd
Reviewed-on: https://code.wireshark.org/review/27801
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

6LoRH: fix in IP-in-IP header dissector

Change-Id: Iaba22d9b431a097eea4bb0dbea3c514a607ef001
Reviewed-on: https://code.wireshark.org/review/27805
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

quakeworld: fix issue found by PVS Studio (V529)

Odd semicolon ';' after 'for' operator.

Change-Id: If77e285b52291b924efe9e68d863d5f01b994fdd
Reviewed-on: https://code.wireshark.org/review/27785
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

maxmind_db.c: fix a memory leak

Change-Id: Iee898541ec723cec209a3561899530a8dbe6e680
Reviewed-on: https://code.wireshark.org/review/27809
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I11c7dce7979eab4b21eb36066adf8c934b751422
Reviewed-on: https://code.wireshark.org/review/27812
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gQUIC: update code source link and add new error code

Change-Id: I55ef3e23c14a79de12b5401ba2cd847b6afddeba
Reviewed-on: https://code.wireshark.org/review/27810
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gQUIC: it is possible to have multiple COPT Tag

And it is a STRING display

Change-Id: I0f6521e936219bc98cd8eae2862bf6c582123f57
Reviewed-on: https://code.wireshark.org/review/27797
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

udpdump: add error message from libwritecap.

Change-Id: Ida86772c88af6b35e2d3b3864e1b1b551cfd1d96
Reviewed-on: https://code.wireshark.org/review/27804
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssh: change return value from gint to guint (CID: 1417453).

Since we're returning the key_len, there is no point in returning
a signed int.

Change-Id: I8854868ecf5250dca1894fdb8910d9ed48c070db
Reviewed-on: https://code.wireshark.org/review/27781
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ciscodump: check return value of libpcap_write_packet (CID: 1435606).

Change-Id: Ifb89952b48bf300168b5f775ac3c2777c0c93877
Reviewed-on: https://code.wireshark.org/review/27803
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

More comment updates.

Change-Id: I33bc8c9685f8a44deaabc91e7c79a89683a6604d
Reviewed-on: https://code.wireshark.org/review/27818
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix comments.

Fix a tpyo.

draft-ietf-behave-turn-ipv6 is now RFC 6156.

No need to give a particular URL for one of the RFCs in question.

Add RFC 6544, which discusses the use of RFC 4571-style framing for ICE.

Change-Id: Ie2c4f7747f0d08c92dc95d06a54175b2f8b9df76
Reviewed-on: https://code.wireshark.org/review/27817
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update protocol references.

Change-Id: I00b49e4857f94425d8e1dde6321515b64984a940
Reviewed-on: https://code.wireshark.org/review/27816
Reviewed-by: Guy Harris <guy@alum.mit.edu>

SSL: Send the record_length to the dissect_ssl3_alert and use it

Bug: 14712
Change-Id: I3550f0da76a9acd3619d243b5a6e1d04d6734b62
Reviewed-on: https://code.wireshark.org/review/27670
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

dpa400: Fix wiretap data packet len

Increment the packet size whenn adding the from_source field.

Change-Id: I380305d763df40b2cf1f2209643d05dfde12a716
Reviewed-on: https://code.wireshark.org/review/27811
Reviewed-by: Guy Harris <guy@alum.mit.edu>

wslua: fix NSTime:__tostring for negative values

"nstime_t{A, B}" is defined as "A + B * 10^9" rather than an integer
part A and fractional part B.

Bug: 14720
Change-Id: I5321db7d5ecea8f976291d2a22667b02162194e2
Reviewed-on: https://code.wireshark.org/review/27775
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix use-after-free on error while saving exported packets

When an error occurs while saving packets using the Export Specified
Packets dialog (e.g. try to overwrite the opened capture file), the
dialog is displayed again. As PacketRangeGroupBox freed the packet
selection range, a crash (use-after-free) occurs.

Removes some unnecessary code in MainWindow::exportDissections as well.

Change-Id: I63898427eff7e71799d89c8a22246db8f93a9ff6
Fixes: v2.5.0rc0-968-g38b40acb2d ("Qt: fix a memory leak when exporting packets")
Reviewed-on: https://code.wireshark.org/review/27695
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PAPI: Add new type for WebCC

Change-Id: I2355f9c2432e278cd97a868b399bbda8d369c714
Reviewed-on: https://code.wireshark.org/review/27799
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ua3g: move if in the fallthrough case.

From gcc version 7 this causes an error:

../epan/dissectors/packet-ua3g.c:1293:28: error: this statement may fall through [-Werror=implicit-fallthrough=]
                         if (parameter_id == 0x02)
                            ^
../epan/dissectors/packet-ua3g.c:1295:21: note: here
                     case 0x03: /* Type Of Service */
                     ^~~~
cc1: all warnings being treated as errors

Fixes: 31663c40
Change-Id: I7622614e5472cc70aac5690d4bfc327be7628ece
Reviewed-on: https://code.wireshark.org/review/27800
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Configure the selection color via the preferences

The active selection color and inactive selection color can be configured via Edit / Preferences / Font and Colors
There are 3 styles that can be used for the selection color:
Default: legacy behavior
Flat: Use background and foreground color with no gradient.
Gradient: Use background and foreground color with a gradient.

Bug: 14714
Change-Id: Ieca293bb9830d2c5702949d0459d1d6f679e41e4
Reviewed-on: https://code.wireshark.org/review/27701
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

ua3g: moved setup of rtp/rtcp conversations from packet-ua to packet-ua3g, where the start-rtp message is actually decoded.

Change-Id: Id0dc39107f43680f082d5e6a1d8a1d4940640a13
Reviewed-on: https://code.wireshark.org/review/27792
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

uaudp: removed old/unused code (#if 0...#endif)

Change-Id: I55900e9f6b43b373841ee6c0af80fc3650caf5ce
Reviewed-on: https://code.wireshark.org/review/27793
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

smb: fix wrong exported smb2 object due to hash collision

While SMB1 FIDs are 16-bit, those used in SMB2 are a GUID of 128-bit
which are compressed down to 32-bit using g_str_hash. To reduce
collision probability which could associate wrong file data with an
Exported Object entry, do not truncate this hash value to 16 bits.

Bug: 14662
Change-Id: I2a353eca96b0f5ed2157f3678280642151e2e4e7
Reviewed-on: https://code.wireshark.org/review/27794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot

ieee80211: Support raw 802.11 data frame dissectors

Add a heuristics dissector list for 802.11 data frames. With this
a heuristics dissector can be registered with "wlan_data" to
retrieve the raw data portion of 802.11 data frames.

Subdissectors can then either perform heuristics directly on
the frame data content or (via parent wlan fields) on frame
header to determine whether it's the protocol of interest.

Change-Id: I8466236835a2d524ccab5c6ebfafefad08ea2d0e
Reviewed-on: https://code.wireshark.org/review/27641
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

.mailmap: update of May (2018)

Change-Id: I91de09062e3bfa9bb295d1a00ece5ed533ebdb5d
Reviewed-on: https://code.wireshark.org/review/27704
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove some unused .gitignore entries.

Remove unused documentation extensions (.dbk or .fo) and what appear to
be files generated or used by QMake.

Change-Id: I8635436e6e7e7117ef9d0aadf97f925751d8df18
Reviewed-on: https://code.wireshark.org/review/27795
Reviewed-by: Anders Broman <a.broman58@gmail.com>

media_type: Default decode application/octet-stream as data

Remove registering media_type application/octet-stream from both
thread and uasip because the settings will interfere each other.

Enable decoding as for media_type instead.

Bug: 14729
Change-Id: I58c527977fe4713418219fc3126ce7a93c4bb641
Reviewed-on: https://code.wireshark.org/review/27789
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Asciidoctor: Remove underscores from macro names.

AsciiDoc allows dashes in macro names but not underscores. Current
versions of AsciiDoctor allow the inverse. Remove underscores to allow
for easier copying and pasting.

Remove asciidoc.conf while we're here. It's no longer used.

Change-Id: I32d8a4ec695b9e17a80ac720ee9faf62dbb362d3
Reviewed-on: https://code.wireshark.org/review/27787
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ieee80211: Make DMG Capabilities dissection handle earlier formats

The recent changes to support the current 22-byte DMC Capabilities IE
defined in IEEE802.11-2012 prevents Wireshark from handling frames
in the earlier format.

This change allows Wireshark to dissect both the earlier and current
formats but gives an error if the IE does not have a length of 22.

The error could perhaps be demoted to a warning.

Also made a minor correction to the header fields to conform with
other uses.

Bug: 14727
Change-Id: I3dc333b273f915fa5f5f4cc5c13c1b84863b6713
Reviewed-on: https://code.wireshark.org/review/27782
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

PDCP NR: add a framing option to indicate MAC-I presence in user plane PDU (CID 1435480)

Change-Id: I155e4fad0c42c4b2b10cf3a2cb71c0927190b8db
Reviewed-on: https://code.wireshark.org/review/27780
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Allow extra plugins to be missing e.g. because they are in another branch
and still succeed with CMake.

Update the example paths to add epan while at it.

Change-Id: I92d21cc5699e784d7e151d18103d7e44078a40ab
Reviewed-on: https://code.wireshark.org/review/25812
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

opa-mad: Add Support for Reassembly of PA & SA RMPP packets

Change-Id: I349dbd74768df57d6831fa73c3bdbd472be4aaa6
Signed-off-by: Adam Goldman <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/27386
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

6lowpan: fix reassembly for forwarded packets

With 6LoWPAN mesh routing over 802.15.4 networks, the same packet will
be forwarded over different links. Such duplicate datagram tags will
result in collisions (wrong "Reasssembled in" and reassembly failure).

Incorporate the link-layer address to differentiate fragments in
forwarded packets, in addition to the datagram tag.

Bug: 14700
Change-Id: I8e4adae54b3e903cfcd74844c6bbe0ecf17eefda
Reviewed-on: https://code.wireshark.org/review/27761
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Eduardo Montoya Marín <emontoya@kirale.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Robert Sauter <sauter@locoslab.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

extcap: set EXTCAP_DIR in the root cmake file and propagate it.

The EXTCAP_DIR must be known in the root file to be set in config.h
and it's still needed in extcap/ to install the binaries, hence we
need caching it as well.

Bug: 14724

Change-Id: I58bac7de7a00e06c23fe8c8f1a7e3d299de6a560
Reviewed-on: https://code.wireshark.org/review/27776
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ws_pipe: don't check for negative number using DWORD.

DWORD on windows is unsigned, then there is no point in checking
for negative values.

Change-Id: I0b03fb19ebdff86e610cd4571fc30c49b7bd1284
Reviewed-on: https://code.wireshark.org/review/27766
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DoIP: ISO 13400-2 Diagnostic communication over Internet Protocol

DoIP is a vehicle bus protocol. It is carried by TCP or UDP and may include an UDS payload.

Change-Id: I1459c51fd710da8e2aaff0056bbf3f6e42c1b25e
Reviewed-on: https://code.wireshark.org/review/27448
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RNSAP: Parse transportLayerAddress and bindingID

Parse IPv4/v6 and UDP ports

Change-Id: I3cbab496b4c73c1d0a0dbc55be29add8eab60dea
Reviewed-on: https://code.wireshark.org/review/27773
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NBAP: Fix style issues in .cnf

Removed empty lines and fixed indentations

Change-Id: I583110e87f4fcf76af66d3ed4c3907bf2caba327
Reviewed-on: https://code.wireshark.org/review/27774
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Add dissector for Aerohive vendor specific IE

Dissector supports only type 33: Host Name.

Change-Id: I90fe19494ce8e1ea209af56162b31711f3f7619c
Reviewed-on: https://code.wireshark.org/review/27757
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

coap: Revert "Store ctype values in transaction tracking"

This change was based on a incomplete/incorrect implementation of
LwM2M and is not correct because the payload encoding is mandatory
in the response.

This reverts commit 46fcf452ac0204152b6a4fd574547fb478f9e63b.
This reverts commit b1e0cb01b33d1e6798e5f3b2f649b2359874c622.

Change-Id: I89ae1f84e2735ad049a0f7c9045175940bed25cb
Reviewed-on: https://code.wireshark.org/review/27770
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

androiddump: Fix tcpdump encap type when libwiretap is used

androiddump determines encap type by parsing pcap global header from
tcpdump binary output. Only when libpcap is used with androiddump
this (pcap linktype) value can be used right away. Libwiretap
uses its own encap values but is feed with pcap linktype values
making the whole packet encapsulation invalid.

Fix by converting pcap linktype values into wiretap encap values

(For pcap linktype definitions see http://www.tcpdump.org/linktypes.html)
(For wtap encap defininitions see wiretap/wtap.h)

Fixes: bfef57ebb7 ("androiddump: Fix and simplify tcpdump capture")
Change-Id: I5ea86204b8e5774fd84d4007db8c2910680dbd53
Reviewed-on: https://code.wireshark.org/review/27747
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Florian Bezold <florian.bezold@esrlabs.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

pfcp: updated names Sx -> PFCP

According to TS 29.244, the name Sx is not used any more. Now it
fully utilize PFCP.

Side note: PFCP is used (today) over interfaces Sxa/Sxb/Sxc/N4.

Change-Id: I2773e64d44f5ca4e010494246ba1f30c21de371b
Reviewed-on: https://code.wireshark.org/review/27756
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

uaudp: simplified code (moved tests of length before the switch/cases)

Change-Id: I78fa8b94e074e23cec2d3a550e62f43fff59c689
Reviewed-on: https://code.wireshark.org/review/27755
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CMake: remove GIT_BIN_PARAM

Added in adb731c1cd69855b1655a0f23001655392a07340 but never worked,
and later corrected in e21da738262af2ba6cf72f46fdc045f0337ca27e.
Correction however gave cygwin user problems with the perl optional parameter
which droped qoutes around the path. But since the orginal commit never worked
as intended in the beginning, it's assume safe to remove.

Change-Id: I825a4e53b257d47601c330b210ac5ffb6870e0d9
Reviewed-on: https://code.wireshark.org/review/27758
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Support search without a selected packet

Support doing Find Packet, search for next/previous marked packet and
search for next/previous time reference without having a packet selected
in the packet list.

Change-Id: I648b26365385d98155e905cda270e9e785b9f1da
Reviewed-on: https://code.wireshark.org/review/27752
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

maxmind: Move request processing to a thread.

It's possible to block while we're writing to our mmdbresolve pipe,
particularly on Windows. Move the write to a separate thread.

Add an #ifdef to mmdbresolve.c which helps test blocking.

Bug: 14701
Change-Id: I6cb8a46a190a268da64f1e6f54d1052d03743c95
Reviewed-on: https://code.wireshark.org/review/27750
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Make QoS DSCP Exception and Range descriptions searchable.

People still want to search on the non-broken out fields.

Change-Id: Ibb68d9d335abc5b409ed99044ac2e895d672a174
Reviewed-on: https://code.wireshark.org/review/27760
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: extend DMG capabilities element

extend DMG capabilities element as per IEEE 802.11-2016 spec.

Change-Id: I087c6811399d64e19a2ff0d52b62499a5641940c
Reviewed-on: https://code.wireshark.org/review/27716
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

IEEE 1722: rename IEC subdissector from 61883 to iec61883

Otherwise it can collide with the value 61883 typed in a display filter.
See https://ask.wireshark.org/question/3177 for details.

Change-Id: Ida4872bc4e4b56cb096079a0f0c42e11856e228c
Reviewed-on: https://code.wireshark.org/review/27754
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

NBAP: Simplify private data API

Explicit getters/setters seems excessive and become
unmaintainable when the private data struct gets big, like in NBAP

Change-Id: I54d6eea327f1b393d9f80aafcbdd75080e10d50d
Reviewed-on: https://code.wireshark.org/review/27749
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add asciidoctor and asciidoctor-pdf to macos-setup.sh

Change-Id: I531c3cbb4685e722e9b5f7762f184063eca61976
Reviewed-on: https://code.wireshark.org/review/26129
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

plugins: Don't free static variable

Our convention is to pass a pointer to a static structure as argument
to *_register_plugin(). Don't try to free it.

Change-Id: I16d81b72faf298ebfb3dccf4c9d4772291fd8cf0
Reviewed-on: https://code.wireshark.org/review/27748
Reviewed-by: João Valverde <j@v6e.pt>

ws_pipe: fix return code on windows.

Change-Id: I30d24a5cad1991c2ce6a0f2a63fbe715b92943ec
Reviewed-on: https://code.wireshark.org/review/27745
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>

Expand doc/pugins.example README a bit.

Change-Id: Ife25fe9aaa333ffcdce3f2a48faed565dc83aebf
Reviewed-on: https://code.wireshark.org/review/27746
Reviewed-by: João Valverde <j@v6e.pt>

Fixups to doc/plugins.example build

Set symbol visibility properly.

Add -Wall -Wextra GCC flags that were there previosuly.

Remove duplicate -I compiler flags. Remove useless "hello_EXPORTS" definition while at it.

Change-Id: Iac173f02e41b3b4f2999e5d71b95b910a9c2da11
Reviewed-on: https://code.wireshark.org/review/27744
Reviewed-by: João Valverde <j@v6e.pt>

Don't look for Asciidoctor PDF unless we find Asciidoctor.

Fix a doc string while we're here.

Change-Id: Ic67e40dc7e8d624a00b97fe40fe162e6f8633cfc
Reviewed-on: https://code.wireshark.org/review/27728
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: Update menus when mark/ignore/timeref packet

Update menus when changing mark, ignore or time reference on a packet
to enable/disable entries accordingly.

Change-Id: Icb95b3371fe8183cdeea1b6b2c71d1d33f998dc0
Reviewed-on: https://code.wireshark.org/review/27737
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

vnc: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: Ieee4c370dabb4dde9dacd4f4ee709937969bbd66
Reviewed-on: https://code.wireshark.org/review/27707
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

VNC: move parentheses (and reindent code).

Change-Id: I71afc81bbf4b4c9d4de5341f269ebd69bfe3686b
Reviewed-on: https://code.wireshark.org/review/27706
Reviewed-by: Anders Broman <a.broman58@gmail.com>

make our version of nla_for_each_nested() public

caputils/ws80211_utils.c contains a re-definition of the linux kernel's
nla_for_each_nested() macro that applies the correct casts to allow
compilation with a C++ compiler.

Make this definition public by moving it into a new wsutil/netlink.h
file. Include the kernel's original definition before we overwrite it. This
way, it's not necessary for a .c file to include wsutil/netlink.h after
the system includes.

Use our nla_for_each_nested() version in extcap/dpauxmon.c to squelch the
following compiler warning:

[1664/2251] Building C object
extcap/CMakeFiles/dpauxmon.dir/dpauxmon.c.o
../extcap/dpauxmon.c: In function ‘family_handler’:
../extcap/dpauxmon.c:168:13: warning: request for implicit conversion
from ‘void *’ to ‘struct nlattr *’ not permitted in C++ [-Wc++-compat]
nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], rem_mcgrp) {

Change-Id: I6ba40ef6343c5d168c1b0c4554f13202911ded76
Reviewed-on: https://code.wireshark.org/review/27688
Reviewed-by: Anders Broman <a.broman58@gmail.com>