metze/wireshark/wip.git
3 years agociscodump: fix line parsing and fix memleak.
Dario Lombardo [Tue, 6 Sep 2016 12:42:29 +0000 (14:42 +0200)]
ciscodump: fix line parsing and fix memleak.

Change-Id: I4aee51d7def06317a543fdc8fa05120af0e68453
Reviewed-on: https://code.wireshark.org/review/17531
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoAlways set *cint before returning.
Guy Harris [Tue, 6 Sep 2016 18:00:57 +0000 (11:00 -0700)]
Always set *cint before returning.

Change-Id: I333aef7d3fe4ad3bf7c2a4d7318766fcbd2e4cd2
Reviewed-on: https://code.wireshark.org/review/17539
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoSuppress another warning if told not to report failures.
Guy Harris [Tue, 6 Sep 2016 17:14:12 +0000 (10:14 -0700)]
Suppress another warning if told not to report failures.

That's another failure that can occur if you're trying to load a
libwireshark plugin in a program that doesn't use libwireshark if, for
example, references to an undefined symbol don't prevent the module from
being loaded in the first place.

Change-Id: I21629c0094fdca7dfbd88f39b7e6c10fb600b401
Reviewed-on: https://code.wireshark.org/review/17537
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agossl: fix TLS renegotiation, add test for this
Peter Wu [Sat, 3 Sep 2016 23:23:37 +0000 (01:23 +0200)]
ssl: fix TLS renegotiation, add test for this

A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.

Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.

The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!

Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agostrtoi(.c): fix extra ';' outside of a function [-Wextra-semi]
Alexis La Goutte [Tue, 6 Sep 2016 10:41:23 +0000 (12:41 +0200)]
strtoi(.c): fix extra ';' outside of a function [-Wextra-semi]

Change-Id: I2d92678b2117da732be309c2d430d0c97c7a7eed
Reviewed-on: https://code.wireshark.org/review/17528
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agocheckAPI: move atoi from deprecated to soft-deprecated list.
Dario Lombardo [Tue, 6 Sep 2016 11:41:46 +0000 (13:41 +0200)]
checkAPI: move atoi from deprecated to soft-deprecated list.

atoi must lie in soft-deprecated list until close to complete removal.

Change-Id: Ia26ada56114559637fdc598913ee93523ed9434d
Reviewed-on: https://code.wireshark.org/review/17529
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
3 years agossl: really fix session resumption expert info
Peter Wu [Sun, 4 Sep 2016 00:06:50 +0000 (02:06 +0200)]
ssl: really fix session resumption expert info

In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).

Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.

Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agozvt: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Alexis La Goutte [Tue, 6 Sep 2016 08:13:20 +0000 (10:13 +0200)]
zvt: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I68b4fa08a7f65b92e56a6e72a6bb113e72ee33da
Reviewed-on: https://code.wireshark.org/review/17524
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
3 years agoSMB2: Always display reserved field
Alexis La Goutte [Tue, 6 Sep 2016 06:06:19 +0000 (08:06 +0200)]
SMB2: Always display reserved field

Change-Id: Ic26603488cb020da3885f5bc97c65aae18fdf191
Reviewed-on: https://code.wireshark.org/review/17517
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agosmb2: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Alexis La Goutte [Tue, 6 Sep 2016 05:52:06 +0000 (07:52 +0200)]
smb2: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I714e2ea4808213901a8be64e65a0cb37c3002372
Reviewed-on: https://code.wireshark.org/review/17516
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agocaputils: add conditional unused (_U_).
Dario Lombardo [Fri, 2 Sep 2016 08:19:44 +0000 (10:19 +0200)]
caputils: add conditional unused (_U_).

Change-Id: I50ccedd876bf78961397b55e5a707c98900f7b9f
Reviewed-on: https://code.wireshark.org/review/17457
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
3 years agoextcap:Replace self-organized lists with glib ones
Roland Knall [Mon, 5 Sep 2016 11:29:23 +0000 (13:29 +0200)]
extcap:Replace self-organized lists with glib ones

Replace the error-prone next/prev handling with GList and GHashTable
Cleanup extcap_parser to only expose necessary functions
Remove token know-how from extcap

Change-Id: I7cc5ea06f58ad6c7a85ac292f5d2cb3d33e59833
Reviewed-on: https://code.wireshark.org/review/17496
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoWe now support C++/C99-style comments.
Guy Harris [Tue, 6 Sep 2016 02:43:48 +0000 (19:43 -0700)]
We now support C++/C99-style comments.

Change-Id: I175a6b0060235c2dfc7a5b3dc4ab62843d242e94
Reviewed-on: https://code.wireshark.org/review/17514
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoAllow a lot more C99 features
Peter Wu [Wed, 31 Aug 2016 13:58:20 +0000 (15:58 +0200)]
Allow a lot more C99 features

Flexible array members are supported by gcc, clang and even MSVC2013.
Note, so far it was only used in the Windows-specific airpcap.h.

Trailing commas in enum declaration are already in use since for
these dissectors (commit ID is the first occurrence):
epan/dissectors/packet-gluster.h v2.1.0rc0-1070-g3b706ba
epan/dissectors/packet-ipv6.c v2.1.2rc0-81-ge07b4aa
epan/dissectors/packet-netlink.h v2.3.0rc0-389-gc0ab12b
epan/dissectors/packet-netlink-netfilter.c v2.3.0rc0-239-g1767e08
epan/dissectors/packet-netlink-route.c v2.3.0rc0-233-g2a80b40
epan/dissectors/packet-quic.c v2.3.0rc0-457-gfa320f8

Inline functions using the "inline" keyword are supported via all glib
versions we support (if it is missing, glib will define a suitable
inline macro).

Other c99 functions listed in the README.developer document were found
to be compatible with GCC 4.4.7, Clang 3.4.2 and MSVC 2013.

Change-Id: If5bab03bfd8577b15a24bedf08c03bdfbf34317a
Reviewed-on: https://code.wireshark.org/review/17421
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoUse ws_strtoi32() in get_natural_int().
Guy Harris [Tue, 6 Sep 2016 02:23:36 +0000 (19:23 -0700)]
Use ws_strtoi32() in get_natural_int().

Change-Id: I9a95239de8db18cff0f6c62cb526f3ef0cb29f01
Reviewed-on: https://code.wireshark.org/review/17513
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoReturn the maximum or minimum value for ERANGE.
Guy Harris [Tue, 6 Sep 2016 02:05:11 +0000 (19:05 -0700)]
Return the maximum or minimum value for ERANGE.

That way, for signed values, the caller knows whether ERANGE means "too
large" or "too small"; this is analogous to what the C routines return.

Change-Id: Ifc1fc4723733be606487093f8aa77ae2d89d2c40
Reviewed-on: https://code.wireshark.org/review/17512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoCheck for signs in unsigned numbers and fail if we see one.
Guy Harris [Tue, 6 Sep 2016 01:08:08 +0000 (18:08 -0700)]
Check for signs in unsigned numbers and fail if we see one.

-1 is not an unsigned number.  For that matter, neither is +1;
"unsigned" means "without a sign", and they both have signs.

ANSI C's strto{whatever} routines - even the ones that supposedly are
for "unsigned" values - and the GLib routines modeled after them allow a
leading sign, so we have to check ourselves.

Change-Id: Ia0584bbf83394185cde88eec48efcdfa316f1c92
Reviewed-on: https://code.wireshark.org/review/17511
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoUse get_positive_int() to parse signed positive arguments.
Guy Harris [Tue, 6 Sep 2016 00:57:29 +0000 (17:57 -0700)]
Use get_positive_int() to parse signed positive arguments.

Change-Id: I323b2c203b49a6921251583772bdb3c3afacd31b
Reviewed-on: https://code.wireshark.org/review/17510
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoReturn after calling cmdarg_err().
Guy Harris [Tue, 6 Sep 2016 00:51:43 +0000 (17:51 -0700)]
Return after calling cmdarg_err().

cmdarg_err() prints a message, but it doesn't exit.

Change-Id: I887d96bce483f873a4375cb6b5254915d014f1b1
Reviewed-on: https://code.wireshark.org/review/17509
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoUse get_positive_int() to parse signed positive arguments.
Guy Harris [Tue, 6 Sep 2016 00:33:20 +0000 (17:33 -0700)]
Use get_positive_int() to parse signed positive arguments.

Clean up indentation while we're at it.

Change-Id: Ie7223f96c758bd71d2435203635db9c2b28e2249
Reviewed-on: https://code.wireshark.org/review/17508
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoUse get_positive_int() to parse signed positive arguments.
Guy Harris [Mon, 5 Sep 2016 23:39:25 +0000 (16:39 -0700)]
Use get_positive_int() to parse signed positive arguments.

Change-Id: Id17b56704f484abdf047a3d1b0775f7fa46eb380
Reviewed-on: https://code.wireshark.org/review/17507
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoHave scan_plugins() take an argument specify what to do on load failures.
Guy Harris [Mon, 5 Sep 2016 23:26:29 +0000 (16:26 -0700)]
Have scan_plugins() take an argument specify what to do on load failures.

That's a less gross hack to suppress load failures due to not having
libwiretap than providing a no-op failure-message routine, as it at
least allows other code using a failure-message routine, such as
cmdarg_err() and routines that call it, to be used.

We really should put libwiretap and libwireshark plugins into separate
subdirectories of the plugin directories, and avoid even looking at
libwireshark plugins in programs that don't use libwireshark.

Change-Id: I0a6ec01ecb4e718ed36233cfaf638a317f839a73
Reviewed-on: https://code.wireshark.org/review/17506
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoReport an error if the channel type isn't valid.
Guy Harris [Mon, 5 Sep 2016 20:45:35 +0000 (13:45 -0700)]
Report an error if the channel type isn't valid.

Change-Id: Ie9d47da4b1758cbf475989a04847853a714e1447
Reviewed-on: https://code.wireshark.org/review/17503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoISAKMP: Fix handling of cert requests without CA
Mirko Parthey [Mon, 5 Sep 2016 14:39:45 +0000 (16:39 +0200)]
ISAKMP: Fix handling of cert requests without CA

Check IKEv1 Certificate Request Payloads for an empty
Certificate Authority field, which is allowed by RFC 2408.
Suppress dissection of this field if it is indeed empty.

Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
Reviewed-on: https://code.wireshark.org/review/17501
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
3 years agocheckAPI: add deprecated atoi.
Dario Lombardo [Mon, 5 Sep 2016 15:53:42 +0000 (17:53 +0200)]
checkAPI: add deprecated atoi.

Instead use ws_strtoi/u functions. atoi() doesn't make any kind
of check so it should be avoided. ws_strtoi/u should be used
instead of strtol & co., but they're still acceptable for some
cases that deviate from the basic usage.

Change-Id: I145ff4d8f893852e024c4ea8fc6a836b15bd2b0d
Reviewed-on: https://code.wireshark.org/review/17502
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agowsutil: add string to integer conversion utilities.
Dario Lombardo [Tue, 30 Aug 2016 15:52:54 +0000 (17:52 +0200)]
wsutil: add string to integer conversion utilities.

In the current code many functions have been used for convertion
(strtol, atoi, g_ascii_strtoll, etc). Those utilities want to be
the only, shared, way to convert integers.

Change-Id: I22ba1bf54e144e73a4728612a4437de5a2d339e2
Reviewed-on: https://code.wireshark.org/review/17414
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
3 years agoS1AP: fix dissection of TransportLayerAddress IE when it contains both IPv4 and IPv6
Pascal Quantin [Sun, 4 Sep 2016 20:21:42 +0000 (22:21 +0200)]
S1AP: fix dissection of TransportLayerAddress IE when it contains both IPv4 and IPv6

Change-Id: I8c257d79b4e842da6853ea3c53ae479f33a8047a
Reviewed-on: https://code.wireshark.org/review/17491
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agozvt: dissect Initialisation message
Martin Kaiser [Sun, 4 Sep 2016 16:58:35 +0000 (18:58 +0200)]
zvt: dissect Initialisation message

It contains the same password field that appears in the Registration
message. Make this field generic and reuse it here.

Change-Id: I7be9a99b5da1713937ffca5624be66150ff453d1
Reviewed-on: https://code.wireshark.org/review/17489
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
3 years agozvt: start dissecting Intermediate Status Information
Martin Kaiser [Sun, 4 Sep 2016 16:42:03 +0000 (18:42 +0200)]
zvt: start dissecting Intermediate Status Information

Change-Id: I351621f1def5ad6da577a9b0d1b2c5ab49018564
Reviewed-on: https://code.wireshark.org/review/17488
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
3 years agozvt: dissect the currency code bitmap
Martin Kaiser [Sun, 4 Sep 2016 16:20:41 +0000 (18:20 +0200)]
zvt: dissect the currency code bitmap

add the value for euro

Change-Id: Id8624e356ad4fcddcf77483a721428782c6bb0b2
Reviewed-on: https://code.wireshark.org/review/17487
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
3 years ago[Automatic update for 2016-09-04]
Gerald Combs [Sun, 4 Sep 2016 15:12:46 +0000 (08:12 -0700)]
[Automatic update for 2016-09-04]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: I11d066907492642f5baaa38a79b8bcd086a579c4
Reviewed-on: https://code.wireshark.org/review/17484
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoANSI_A: Rationalize test expession (CID-1372216 ... 1372267)
Jaap Keuter [Sat, 3 Sep 2016 22:32:33 +0000 (00:32 +0200)]
ANSI_A: Rationalize test expession (CID-1372216 ... 1372267)

Implement the same changes in the ELEM_TLV() and ELEM_TV() macros as in
packet-gsm_a_common.h, to remove superfluous code and squelch about 50
Coverity issues.

Change-Id: I262dc60fdfa3482876d8525b34f6b1dbbe371257
Reviewed-on: https://code.wireshark.org/review/17478
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agossl,http: rename http-over-ssl to http-over-tls
Peter Wu [Sun, 4 Sep 2016 11:40:20 +0000 (13:40 +0200)]
ssl,http: rename http-over-ssl to http-over-tls

This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.

Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.

Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoirda: restore a line removed by mistake in ge4c059f
Pascal Quantin [Sun, 4 Sep 2016 09:52:24 +0000 (11:52 +0200)]
irda: restore a line removed by mistake in ge4c059f

Bug: 12821
Change-Id: If6423c7f8443eccd6ddb4b699bbc327a965d0d74
Reviewed-on: https://code.wireshark.org/review/17477
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoSMB2: dissect the buffer of getinfo quota request
Uri Simchoni [Thu, 1 Sep 2016 20:52:41 +0000 (23:52 +0300)]
SMB2: dissect the buffer of getinfo quota request

Source: [MS-SMB2] 2.2.37.1

Change-Id: I526066700a88398366f31cd51552f9fa8bb761b8
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17447
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoM2AP: fix registration of extensions in proper dissector table
Pascal Quantin [Sat, 3 Sep 2016 21:17:34 +0000 (23:17 +0200)]
M2AP: fix registration of extensions in proper dissector table

Change-Id: If529448539f9e8d740fd20009221e9221db83b2b
Reviewed-on: https://code.wireshark.org/review/17475
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoS1AP: add more LTE-RRC transparent containers dissection
Pascal Quantin [Sat, 3 Sep 2016 17:59:26 +0000 (19:59 +0200)]
S1AP: add more LTE-RRC transparent containers dissection

Change-Id: I08246d3fa97ceafefd3a1ab5c36de50a5728fd19
Reviewed-on: https://code.wireshark.org/review/17474
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoAdd M2AP dissector (3GPP 36.443 v13.3.0)
Pascal Quantin [Sat, 3 Sep 2016 14:43:44 +0000 (16:43 +0200)]
Add M2AP dissector (3GPP 36.443 v13.3.0)

Change-Id: I1a5d4390e91c5a758e52feba6059407d873adf7a
Reviewed-on: https://code.wireshark.org/review/17472
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agocmake: fix libnl caching issue, make it more robust
Peter Wu [Thu, 1 Sep 2016 22:01:38 +0000 (00:01 +0200)]
cmake: fix libnl caching issue, make it more robust

Dario reported that the cmake build fails after installing libnl3-devel
(libnl-devel was already present). This results from a name collision
for NL_LIBRARY and NL_INCLUDE_DIR variables.

Initially these variables contained the values for libnl-1. When libnl3
is installed, these variables were not updated (because it was cached),
but HAVE_LIBNL3 would still be set, resulting in a header and feature
mismatch. Use separate variables for libnl1 and libnl3 to fix this.

Other fixes: also set HAVE_LIBNL for libnl1; fallback to libnl1 if
libnl3 is unusable (e.g. because libnl-route-3.0 is missing).

Change-Id: Icf0a03843ea870347ddf365f69bacf4883d07f6d
Reviewed-on: https://code.wireshark.org/review/17449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoSMB2: dissect getinfo request fixed parameters
Uri Simchoni [Thu, 1 Sep 2016 20:52:39 +0000 (23:52 +0300)]
SMB2: dissect getinfo request fixed parameters

Dissect SMB2 getinfo request fix-sized parameters according
to [MS-SMB2] section 2.2.37.

This does not include extended attributes at the moment.

Change-Id: I5281edf0c21517cdf43ef00e89b5680b8174c383
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17444
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSMB: dissect FILE_GET_QUOTA_INFORMATION
Uri Simchoni [Thu, 1 Sep 2016 20:52:40 +0000 (23:52 +0300)]
SMB: dissect FILE_GET_QUOTA_INFORMATION

Add a function that dissects FILE_GET_QUOTA_INFORMATION
structure ([MS-FSCC] 2.4.33.1)

This structure is used to define a set of SIDs whose quota
is to be fetched.

Change-Id: I81f6bca98fb239935ca593bd8725cebbb2037fbe
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17445
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoQt: Conversation time column updates.
Gerald Combs [Thu, 1 Sep 2016 20:51:13 +0000 (13:51 -0700)]
Qt: Conversation time column updates.

Add a checkbox which lets you toggle between absolute and relative start
times. Use the local time for now. Fixes bug 11618.

Adjust our time precision based on the capture file's time precision.
Fixes bug 12803.

Update the User's Guide accordingly.

Bug: 11618
Bug: 12803
Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
Reviewed-on: https://code.wireshark.org/review/17448
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoNote that not all UN*X file systems are case-sensitive.
Guy Harris [Fri, 2 Sep 2016 20:30:28 +0000 (13:30 -0700)]
Note that not all UN*X file systems are case-sensitive.

Expand a comment to suggest what we should probably do on macOS.

Change-Id: Ic18afe5d1b165dbb27b5f0f5ff3ff9a33835a0f4
Reviewed-on: https://code.wireshark.org/review/17470
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoQt: Preserve capture filter when preferences changed
Stig Bjørlykke [Fri, 2 Sep 2016 12:10:31 +0000 (14:10 +0200)]
Qt: Preserve capture filter when preferences changed

Avoid that the last entry from recent.capture_filter is added to the
capture filter combo when editing preferences or changing profile.

This bug was introduced in gb7897dde.

Change-Id: I38a32386765c9e7ffaa93d006ff0ef7b78ac8252
Reviewed-on: https://code.wireshark.org/review/17453
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoQt: Add a timeline indicator to conversations.
Gerald Combs [Tue, 30 Aug 2016 19:12:33 +0000 (12:12 -0700)]
Qt: Add a timeline indicator to conversations.

Add a timeline indicator to the Start and Duration columns in the
Conversations dialog. Add tooltips to the columns that explain what's
going on.

Round the timeline rect corners and do the same for Prototocol Hierarchy
Statistics. This should hopefully differentiate the graph bars from a
text selection and IMHO it looks better.

Update the PHS and Conversations images in the User's Guide.

Change-Id: I61d6c25843be522cc444e01ba77cb5b1e991fa36
Reviewed-on: https://code.wireshark.org/review/17396
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agobtavctp: rework the reassemble routine (CID 1355682).
Dario Lombardo [Thu, 25 Aug 2016 08:18:11 +0000 (10:18 +0200)]
btavctp: rework the reassemble routine (CID 1355682).

The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.

Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoReworked dissection of BGP Extended Community attributes
Peter Palúch [Tue, 30 Aug 2016 09:37:38 +0000 (11:37 +0200)]
Reworked dissection of BGP Extended Community attributes

This patch contains a partial rewrite of the BGP dissector for Extended
Communities.  The changes were primarily motivated by my dissatisfaction
with the generally unreadable way in which the types, names and values of
BGP Extended Communities were displayed in Wireshark GUI.  The rewrite
provides a hopefully more readable and eye-pleasing way of displaying the
extended communities.  I have also corrected numerous other flaws with the
Extended Community dissector I stumbled across.

In particular, the changes encompass the following:

1.) The Type octet of an Extended Community is now analyzed including its
Authority and Transitivity bits.  These were not dissected before.

2.) Dissection for EVPN Extended Community was improved.  The original
implementation blindly assumed that there is just a single subtype and
decoded the community ignoring the actual subtype.

3.) I have removed the hf_bgp_ext_com_value_unknown16 and ..._unknown32.
The current code uses a different approach to display values of unrecognized
communities, and for recognized communities, there are no "unknown"
subfields.

4.) Removed a couple of variables declared at the
dissect_bgp_update_ext_com() level.  These stored the result of a
tvb_get_...() call but the value was used only once.  I have replaced them
with the direct use of tvb_get_...()

5.) Moved duplicate code to add the Type value into the community_tree from
each branch in the switch(com_type_high_byte) out of it and placed it before
the switch().

6.) Reworked the style in which individual communities are displayed.  Each
community item (collapsed) is now displayed using the following label
format:

Community name: Values [Generic community type]

Examples:

Route Target: 1:1 [Transitive 2-Octet AS-Specific]
Unknown subtype 0x01: 0x8081 0x0000 0x2800 [Non-Transitive Opaque]
Unknown type 0x88 subtype 0x00: 0x0000 0x0000 0x0000 [Unknown community]

6.) To keep the filter names more consistent, changed names of selected filters:

bgp.ext_com.type_high -> bgp.ext_com.type
bgp.ext_com.type_low -> bgp.ext_com.stype_unknown

In particular, I do not want to call the subtype as bgp.ext_com.type_low
because that filter applied only to unrecognized subtypes even though its
name would suggest to users that they can filter any community based on it.

7.) Numerous corrections in text labels, names and labels that have been
incorrect or incomplete.

Bug: 12794
Change-Id: I9653dbbc8a8f85d0cd2753dd12fd537f0a604cf3
Reviewed-on: https://code.wireshark.org/review/17377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoaruba_erm: register dissector by name.
Dario Lombardo [Fri, 2 Sep 2016 14:34:02 +0000 (16:34 +0200)]
aruba_erm: register dissector by name.

Change-Id: Ifad70ed2ee2a554cdc31496ad47148728071abdb
Reviewed-on: https://code.wireshark.org/review/17458
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoQt: Clear open files list when clear recent menu
Stig Bjørlykke [Fri, 2 Sep 2016 13:45:53 +0000 (15:45 +0200)]
Qt: Clear open files list when clear recent menu

Remove all recent files from the main welcome page when clearing
recent files from the menu.

Change-Id: Ic410a729e63d82ee58b6bbb31f7e4a658b17d794
Reviewed-on: https://code.wireshark.org/review/17456
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
3 years agoQt: Add newly saved files to the recent files
Stig Bjørlykke [Fri, 2 Sep 2016 13:21:46 +0000 (15:21 +0200)]
Qt: Add newly saved files to the recent files

Update the recent files list when saving unsaved capture files.

Change-Id: I469fa1f2ce3216c66de328c0b3558c9f9db115e0
Reviewed-on: https://code.wireshark.org/review/17454
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
3 years ago[SIP] Call sub dissectors for Diagnostics in SIP reason texts.
AndersBroman [Fri, 2 Sep 2016 13:25:41 +0000 (15:25 +0200)]
[SIP] Call sub dissectors for Diagnostics in SIP reason texts.

Change-Id: I68cbcf257b63a86ee37e1357876a90ea683a1d5a
Reviewed-on: https://code.wireshark.org/review/17455
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoGTP: continuation of patch for Target Identification, correction of PLMN in the case...
Binh Trinh [Thu, 1 Sep 2016 01:16:49 +0000 (21:16 -0400)]
GTP: continuation of patch for Target Identification, correction of PLMN in the case of non-compliance

Change-Id: Id848574ea748786ccd6808d370cb480caa948cfb
Reviewed-on: https://code.wireshark.org/review/17433
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoERF: Fix dissector abort on short meta tags and typos
Anthony Coddington [Mon, 29 Aug 2016 23:04:23 +0000 (11:04 +1200)]
ERF: Fix dissector abort on short meta tags and typos

Fix dissector abort on short tags.
Fix value typo in hash mode enum.
Differentiate unexpectedly short value, zero length (deliberate invalid)
and off-end-of-record tags through expertinfo.
Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly
long tags for now.
Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not
currently implemented outside Wireshark anyway.

Ping-Bug: 12303
Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816
Reviewed-on: https://code.wireshark.org/review/17382
Reviewed-by: Anthony Coddington <anthony.coddington@endace.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSMB2: dissect class and infolevel in get quota info request
Uri Simchoni [Thu, 1 Sep 2016 20:52:38 +0000 (23:52 +0300)]
SMB2: dissect class and infolevel in get quota info request

(actually, in [MS-SMB2] those are called "InfoType" and
"FileInfoClass", respectively)

Change-Id: Id583be4574cea5ce092c374a5624a4bd17d5d4c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17443
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSMB2: dissect quota info
Uri Simchoni [Thu, 1 Sep 2016 20:52:37 +0000 (23:52 +0300)]
SMB2: dissect quota info

This info appears in the request buffer of setinfo quota,
or in the response buffer of getinfo quota.

Change-Id: I5c8d96a05eddfa123547a7dd2577a01ac8cbd32d
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17442
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSMB: make dissect_nt_user_quota public
Uri Simchoni [Thu, 1 Sep 2016 20:52:36 +0000 (23:52 +0300)]
SMB: make dissect_nt_user_quota public

To be usable by SMB2 dissector

Change-Id: I7f5b9a021951c2529f8058cd2fc160eff2e865c6
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17441
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agosmb: parse user quota change time
Uri Simchoni [Thu, 1 Sep 2016 20:52:33 +0000 (23:52 +0300)]
smb: parse user quota change time

In SMB user quota records, parse unknown 8-byte field
as quota record's last change time

(source - [MS-FSCC] 2.4.33)

Change-Id: I1f2839934fc0ab8e3d38105e02ef91a547256a70
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-on: https://code.wireshark.org/review/17440
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoGSM MAP: Add OSM URI for locationEstimate
Uli Heilmeier [Mon, 29 Aug 2016 19:07:28 +0000 (21:07 +0200)]
GSM MAP: Add OSM URI for locationEstimate

As requested by bug 10969 add a link to OSM for locationEstimate.

Bug: 10969
Change-Id: I715b3b5eae9728999d5c8f8c155bbcef3911ee93
Reviewed-on: https://code.wireshark.org/review/17375
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
3 years agoCMake: Move version declarations to the top of CMakeLists.txt.
Gerald Combs [Thu, 1 Sep 2016 22:09:12 +0000 (15:09 -0700)]
CMake: Move version declarations to the top of CMakeLists.txt.

This lets me be more lazy during releases.

Change-Id: Ie59e200f1f46282e9271f459c0bbf31dc74a59a7
Reviewed-on: https://code.wireshark.org/review/17450
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agouat: fix memleak after parsing and on errors
Peter Wu [Thu, 1 Sep 2016 00:04:31 +0000 (02:04 +0200)]
uat: fix memleak after parsing and on errors

Memleaks could occur in these scenarios:
 - Two consecutive fields fail in their chk callback, overwriting the
   first heap-allocated error message.
 - After parsing one record, the internal record was never freed.
 - Syntax errors abort the parsing process and leaks the record and
   current field value.

These leaks will only happen at startup, when the UAT files are read or
when UAT strings are loaded (e.g. from the ssl.keys_list preference).

Change-Id: I4cf7cbc8131f71493ba70916a8f60168e5d65148
Reviewed-on: https://code.wireshark.org/review/17432
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoE.212: update Chinese PLMN list
Pascal Quantin [Thu, 1 Sep 2016 19:34:20 +0000 (21:34 +0200)]
E.212: update Chinese PLMN list

Bug: 12798
Change-Id: Id9569cb0f79094d5152ea5949d398eb7384ee76f
Reviewed-on: https://code.wireshark.org/review/17439
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agouat: clarify documentation
Peter Wu [Wed, 31 Aug 2016 22:30:23 +0000 (00:30 +0200)]
uat: clarify documentation

No functional change, fixes typos, adds some meaningful function
parameters and tries to clarify the memory management concerns.

Also fix a -Wdocumentation issue in epan/proto.h

Change-Id: I59d1fcd2ce96178e0a64a0709409a9a7a447c7c6
Reviewed-on: https://code.wireshark.org/review/17431
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoGTP: Added dissection of UTRAN Container for Forward Rel Req/Resp Messages
Binh Trinh [Thu, 1 Sep 2016 02:33:18 +0000 (22:33 -0400)]
GTP: Added dissection of UTRAN Container for Forward Rel Req/Resp Messages

Change-Id: I8330e7e57d3ad09e526da0d7a0970f96fedd03a6
Reviewed-on: https://code.wireshark.org/review/17434
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agogtk: fix compilation with GTK+ before 2.18
Peter Wu [Mon, 29 Aug 2016 16:38:45 +0000 (18:38 +0200)]
gtk: fix compilation with GTK+ before 2.18

Removed in v1.99.2rc0-399-g43f09e6, but some includes are still needed.

Basically I looked for the functions defined in the
ui/gtk/old-gtk-compat.h header file that were in files below ui/gtk/.
Then I matched it against the removed part in the above commit and added
the header back at its old place. In two other cases, the header was
only needed for Windows.

If the above commit did not reference the file, I checked which function
was in use and added the header on top, removing redundant conditionals.

Reported and tested by a user of GTK+ 2.12.12 on top of v2.0.5.

Change-Id: I649eec1e5531070f88c99d893c4920306f56d849
Reviewed-on: https://code.wireshark.org/review/17371
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoipv6: fix build with old 32-bit glib headers (master only)
Peter Wu [Wed, 31 Aug 2016 09:31:54 +0000 (11:31 +0200)]
ipv6: fix build with old 32-bit glib headers (master only)

Introduced with v2.3.0rc0-112-gdcb7b71, nxt is only a guint8* which
fails on 32-bit glib before 2.31.2.

Change-Id: Ide1816a971fa213f5669a7fa71bc111d5b1cc921
Reviewed-on: https://code.wireshark.org/review/17418
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoipsec: fix build with old 32-bit glib headers
Peter Wu [Wed, 31 Aug 2016 09:32:54 +0000 (11:32 +0200)]
ipsec: fix build with old 32-bit glib headers

In commit v2.3.0rc0-121-gb6d13ef, GUINT_TO_POINTER(ah_nxt) was added,
but on 32-bit glib before 2.31.2 this results in a type error. Change
the type of ah_nxt since all its users take a guint anyway.

Change-Id: I2fb030f79011b8a7159a0b0df26d3545b0ce3c06
Reviewed-on: https://code.wireshark.org/review/17419
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agogtk: fix 32-bit build
Peter Wu [Wed, 31 Aug 2016 09:11:56 +0000 (11:11 +0200)]
gtk: fix 32-bit build

32-bit glib before 2.31.2 expand GUINT_TO_POINTER(x) as (gpointer)x.
add explicit cast since curr_layer_num is 8 bits. Fixes
v1.99.10rc0-179-g1d7bcb2.

Storing a 64-bit integer into a 32-bit pointer makes the compiler
complain. Add explicit cast. Fixes v1.99.1rc0-76-ged0b19b.

Change-Id: I75fdf17882a0f5ddce7d3b3e74b1bf80ff6cd4ae
Reviewed-on: https://code.wireshark.org/review/17417
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoE.212: update list to Operational Bulletin No. 1106 (15.VIII.2016)
Pascal Quantin [Wed, 31 Aug 2016 20:16:10 +0000 (22:16 +0200)]
E.212: update list to Operational Bulletin No. 1106 (15.VIII.2016)

Also manually add PLMN 460 02 (Chian Mobile) as it is not listed by ITU yet

Bug: 12622
Bug: 12798
Change-Id: I7c6fab9dcb9da90178186e94f624301ef1861421
Reviewed-on: https://code.wireshark.org/review/17428
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoOSSP: Retrieve OUI at proper offset in packet
Jaap Keuter [Wed, 31 Aug 2016 19:06:34 +0000 (21:06 +0200)]
OSSP: Retrieve OUI at proper offset in packet

Bug: 12801
Change-Id: Ic70f0d93bbffc99ceacf6b2963b04d7477e4914b
Reviewed-on: https://code.wireshark.org/review/17425
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoNFS: fix indent (remove some trailing spaces)
Alexis La Goutte [Wed, 31 Aug 2016 15:24:54 +0000 (17:24 +0200)]
NFS: fix indent (remove some trailing spaces)

Change-Id: Ic72d264686c3b37ac15118eec07057c7bb8a2a50
Reviewed-on: https://code.wireshark.org/review/17422
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agodiam_dict.l: remove use of strdup
Peter Wu [Wed, 31 Aug 2016 15:55:15 +0000 (17:55 +0200)]
diam_dict.l: remove use of strdup

This should fix crashes on Windows, _strdup should not be mixed with
g_free. This was only uncovered in v2.3.0rc0-474-ga04b6fc, before that
ddict_free was never called.

Change-Id: I34111385c82715de70fb42fe44b99b89e132a374
Reviewed-on: https://code.wireshark.org/review/17423
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoWin: switch back to Lua library compiled with MinGW
Pascal Quantin [Wed, 31 Aug 2016 09:48:33 +0000 (11:48 +0200)]
Win: switch back to Lua library compiled with MinGW

It does not suffer anymore from bug 9957

Change-Id: I871f01db67101b09a21545ecec5473941997a5cb
Reviewed-on: https://code.wireshark.org/review/17416
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agorftap: add new dissector
Jonathan Brucker [Wed, 31 Aug 2016 09:05:09 +0000 (09:05 +0000)]
rftap: add new dissector

The RFtap protocol is a simple metadata header designed to provide
Radio Frequency (RF) metadata about frames.

For official specifications see: https://rftap.github.io/

Signed-off-by: Jonathan Brucker <jonathan.brucke@gmail.com>
Change-Id: I0d008b2baadcc5cc9577113e9795eef2691b961a
Reviewed-on: https://code.wireshark.org/review/17355
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoRevert "Revert "diameter: fix 400kb leaked memory on exit""
Guy Harris [Wed, 31 Aug 2016 08:16:24 +0000 (08:16 +0000)]
Revert "Revert "diameter: fix 400kb leaked memory on exit""

This reverts commit 5fea2b5f4198f1a36f313ef38532ddffd02ac5b1.

I.e., it puts back the change; the reverted version passed the tests on which the versions with this change crashed.

Change-Id: Idcc0eb11588cf14e2fe666de1905ee63917b0fcf
Reviewed-on: https://code.wireshark.org/review/17413
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoRevert "diameter: fix 400kb leaked memory on exit"
Guy Harris [Wed, 31 Aug 2016 07:42:31 +0000 (07:42 +0000)]
Revert "diameter: fix 400kb leaked memory on exit"

This reverts commit a04b6fcb3db901734ed948134c973996786be8b7.

Temporary revert to see if this prevents the "tshark -G" crashes being seen on the 64-bit Windows buildbot.

Change-Id: I561439039ca2667b72d7e2319a6f3f5f97e18d15
Reviewed-on: https://code.wireshark.org/review/17412
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoOK, it probably crashed in proto_initialize_all_prefixes().
Guy Harris [Wed, 31 Aug 2016 07:37:27 +0000 (00:37 -0700)]
OK, it probably crashed in proto_initialize_all_prefixes().

Remove the debugging printouts.

The changes that were committed between the last build that didn't crash
and the first build that did were:

commit 961f743d69b323aa217a6b39184485d6a0bfb2d5
Author: Peter Wu <peter@lekensteyn.nl>
Date:   Mon Aug 29 01:34:22 2016 +0200

    xml: fix some memleaks

    No more memleaks reported for the attachment in bug 12790 :-)

    Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
    Ping-Bug: 12790
    Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
    Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit a04b6fcb3db901734ed948134c973996786be8b7
Author: Peter Wu <peter@lekensteyn.nl>
Date:   Sun Aug 28 22:19:29 2016 +0200

    diameter: fix 400kb leaked memory on exit

    Before:

        SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).

    After addressing to-do by calling ddict_free:

        SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).

    After fixing all remaining leaks cases in the flex file for diameter:

        SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).

    Not bad huh :-)

    Ping-Bug: 12790
    Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
    Reviewed-on: https://code.wireshark.org/review/17364
    Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
commit 14312835c63a3e2ec9d311ed1ffee5285141f4f9
Author: Peter Wu <peter@lekensteyn.nl>
Date:   Sun Aug 28 19:20:59 2016 +0200

    pcapng: do not leak blocks

    pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
    they return, they do not have to set wblock.block to NULL.

    pcapng_read_block always sets wblock->block to NULL and may initialize
    it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
    ISB. It is better to have more wtap_block_free calls on a NULL value
    than missing them as this would be a memleak (on the other hand, do not
    release memory that is stored elsewhere such as SHB and NRB).

    Ping-Bug: 12790
    Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
    Reviewed-on: https://code.wireshark.org/review/17362
    Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
*If* one of those is the cause, my guess is that it's the Diameter one,
as the crash happens before any file is read (so it's probably not the
pcapng one) and thus before any dissection is done (so it's probably not
the XML dissector one).

Change-Id: I816c1bbd6078eab251efd02ebb7c3195f6dd1483
Reviewed-on: https://code.wireshark.org/review/17411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoGTP: patch for Target identification for non-compliance workaround
Binh Trinh [Wed, 31 Aug 2016 04:18:17 +0000 (00:18 -0400)]
GTP: patch for Target identification for non-compliance workaround

bug 3974

Change-Id: I2faa473c725a803056d6ffd0cb34b46d75121061
Reviewed-on: https://code.wireshark.org/review/17410
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoieee80211: Fix the BAR Ack policy values
Chaitanya T K [Tue, 30 Aug 2016 15:29:34 +0000 (20:59 +0530)]
ieee80211: Fix the BAR Ack policy values

As per 802.11-2012 table 8-15 the string should be reverse.
0 - Send Immediate Ack (False)
1 - Dont't Send Immediate Ack (True)

Change-Id: Iea3b179e11781f891d2294b0bcdf92de2bdba7ba
Reviewed-on: https://code.wireshark.org/review/17394
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agonfs4: Handle CB_GETATTR
Tom Haynes [Tue, 30 Aug 2016 19:15:13 +0000 (12:15 -0700)]
nfs4: Handle CB_GETATTR

Change-Id: Ifb68af443c6f13dfab99e32488d86c148621a316
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17399
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoCrashing in proto_initialize_all_prefixes()? Debugging output.
Guy Harris [Wed, 31 Aug 2016 03:03:42 +0000 (20:03 -0700)]
Crashing in proto_initialize_all_prefixes()?  Debugging output.

Change-Id: I6db711b1730b95460983ee190762753198c1959e
Reviewed-on: https://code.wireshark.org/review/17409
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoMAUSB: Add Cancellation Status values defined in v1.0a Spec
Sean O. Stalley [Fri, 26 Aug 2016 21:36:57 +0000 (14:36 -0700)]
MAUSB: Add Cancellation Status values defined in v1.0a Spec

Change-Id: I72812fa0650da0cde37ea6cbef81a3c7a9ba333d
Reviewed-on: https://code.wireshark.org/review/17373
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoDebugging printouts, to see why tshark -G crashes on the Win64 buildbot.
Guy Harris [Wed, 31 Aug 2016 02:23:09 +0000 (19:23 -0700)]
Debugging printouts, to see why tshark -G crashes on the Win64 buildbot.

Change-Id: I16f6b7a69eed5ec66842df9d0640216fd273d3b0
Reviewed-on: https://code.wireshark.org/review/17408
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoRTPS: Fixed data holder dissection to match the standard
Juanjo Martin [Fri, 26 Aug 2016 14:27:16 +0000 (16:27 +0200)]
RTPS: Fixed data holder dissection to match the standard

The OMG standard has changed in this new version. I have fixed
the implementation.

Change-Id: Ie9054ed52c66580c76096af86e0fb8e34a44e9d1
Reviewed-on: https://code.wireshark.org/review/17348
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agonfs: Fix style in switch
Tom Haynes [Tue, 30 Aug 2016 17:47:13 +0000 (10:47 -0700)]
nfs: Fix style in switch

Change-Id: Ica9fc960946542badb64af12769e7dfa3793db82
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17397
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoUse "ecatf" as the protocol name, to parallel everything else.
Guy Harris [Wed, 31 Aug 2016 00:59:59 +0000 (17:59 -0700)]
Use "ecatf" as the protocol name, to parallel everything else.

The fields have names beginning with "ecatf.", the dissector is called
"ecatf", and it's only the frame layer of EtherCAT anyway, so just call
it "ecatf".

Change-Id: I2f127363fd115c307f0525f612fe184a30d46c55
Reviewed-on: https://code.wireshark.org/review/17406
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoDon't do any Decode As stuff for dissector tables not used with Decode As.
Guy Harris [Tue, 30 Aug 2016 22:51:54 +0000 (15:51 -0700)]
Don't do any Decode As stuff for dissector tables not used with Decode As.

Have all dissector tables have a "supports Decode As" flag, which
defaults to FALSE, and which is set to TRUE if a register_decode_as()
refers to it.

When adding a dissector to a dissector table with a given key, only add
it for Decode As if the dissector table supports it.

For non-FT_STRING dissector tables, always check for multiple entries
for the same protocol with different dissectors, and report an error if
we found them.

This means there's no need for the creator of a dissector table to
specify whether duplicates of that sort should be allowed - we always do
the check when registering something for "Decode As" (in a non-FT_STRING
dissector table), and just don't bother registering anything for "Decode
As" if the dissector table doesn't support "Decode As", so there's no
check done for those dissector tables.

Change-Id: I4a1fdea3bddc2af27a65cfbca23edc99b26c0eed
Reviewed-on: https://code.wireshark.org/review/17402
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoRTPS: Allowing duplicates in the rtps.type_name table
Juanjo Martin [Mon, 29 Aug 2016 23:57:32 +0000 (01:57 +0200)]
RTPS: Allowing duplicates in the rtps.type_name table

Change-Id: Ie7a35b0bb3275a0895fad646bf9a81406eadf37c
Reviewed-on: https://code.wireshark.org/review/17393
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agonfs: Standardize on FileHandle vs filehandle
Tom Haynes [Tue, 30 Aug 2016 18:00:21 +0000 (11:00 -0700)]
nfs: Standardize on FileHandle vs filehandle

Change-Id: Ib945ddee4a35bf984a9411e56ed3801cde70c6c4
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/17398
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSupport Decode As for {SSL,TLS}-over-TCP.
Guy Harris [Tue, 30 Aug 2016 20:38:03 +0000 (13:38 -0700)]
Support Decode As for {SSL,TLS}-over-TCP.

We register dissectors for "Decode As" for {SSL,TLS}-over-TCP, so we
should actually set up the "Decode As" stuff for it.

Change-Id: I2a738667efdec1007069df74885a4fe8fc3fcbab
Reviewed-on: https://code.wireshark.org/review/17400
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years ago[Diameter] Improve dissection of malformed packets by continnuing
AndersBroman [Tue, 30 Aug 2016 12:55:54 +0000 (14:55 +0200)]
[Diameter] Improve dissection of malformed packets by continnuing
dissection and display the problem more prominetly.

Change-Id: Ia1a32667a18e1e5b60b5c167da9b6dd945ba3dfc
Reviewed-on: https://code.wireshark.org/review/17385
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agotime_util: fix -Wshadow issue
Peter Wu [Tue, 30 Aug 2016 09:12:44 +0000 (11:12 +0200)]
time_util: fix -Wshadow issue

time_util.c was already fixed, but the header was missing the change,
breaking the build on a very old compiler.

Change-Id: I95685c9a3e25dcb7567f2551b92f20c8792a6e47
Reviewed-on: https://code.wireshark.org/review/17384
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agossl: fix wrong detection of non-resumed renegotiated session
Peter Wu [Mon, 29 Aug 2016 22:10:50 +0000 (00:10 +0200)]
ssl: fix wrong detection of non-resumed renegotiated session

If the heuristics fail to detect a resumed session, then it must mark
the session as a normal session. This will also prevent from
applying secrets that do not apply to this renegotiated session.

Bug: 12793
Change-Id: I90f794a7bbaf7f1839e39656ac318183ecf48887
Reviewed-on: https://code.wireshark.org/review/17376
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoGTP: add new RAT Type values
Binh Trinh [Tue, 30 Aug 2016 03:22:58 +0000 (23:22 -0400)]
GTP: add new RAT Type values

Change-Id: Ia3d8956197faff9366de2635a9bd29f2bfc40f0d
Reviewed-on: https://code.wireshark.org/review/17381
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoDon't use a no-longer-extant variable.
Guy Harris [Tue, 30 Aug 2016 02:49:58 +0000 (19:49 -0700)]
Don't use a no-longer-extant variable.

Change-Id: I41c1a37248335d983da58b0b657a28ec521be290
Reviewed-on: https://code.wireshark.org/review/17378
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoxml: fix some memleaks
Peter Wu [Sun, 28 Aug 2016 23:34:22 +0000 (01:34 +0200)]
xml: fix some memleaks

No more memleaks reported for the attachment in bug 12790 :-)

Change-Id: I8472e442143b332edfacdf9ef3b8b893f1ec4386
Ping-Bug: 12790
Reviewed-on: https://code.wireshark.org/review/17365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agodiameter: fix 400kb leaked memory on exit
Peter Wu [Sun, 28 Aug 2016 20:19:29 +0000 (22:19 +0200)]
diameter: fix 400kb leaked memory on exit

Before:

    SUMMARY: AddressSanitizer: 399684 byte(s) leaked in 17208 allocation(s).

After addressing to-do by calling ddict_free:

    SUMMARY: AddressSanitizer: 3024 byte(s) leaked in 256 allocation(s).

After fixing all remaining leaks cases in the flex file for diameter:

    SUMMARY: AddressSanitizer: 735 byte(s) leaked in 58 allocation(s).

Not bad huh :-)

Ping-Bug: 12790
Change-Id: I0c730ad77ae15c69390bc6cf0a3a985395a64771
Reviewed-on: https://code.wireshark.org/review/17364
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agopcapng: do not leak blocks
Peter Wu [Sun, 28 Aug 2016 17:20:59 +0000 (19:20 +0200)]
pcapng: do not leak blocks

pcapng_open and pcapng_read have 'wblock' allocated on the stack, so if
they return, they do not have to set wblock.block to NULL.

pcapng_read_block always sets wblock->block to NULL and may initialize
it for SHB, IDB, NRB and ISB. Be sure to release the memory for IDB and
ISB. It is better to have more wtap_block_free calls on a NULL value
than missing them as this would be a memleak (on the other hand, do not
release memory that is stored elsewhere such as SHB and NRB).

Ping-Bug: 12790
Change-Id: I081f841addb36f16e3671095a919d357f4bc16c5
Reviewed-on: https://code.wireshark.org/review/17362
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoMAUSB: Add Status value defined in v1.0a Spec
Sean O. Stalley [Fri, 26 Aug 2016 21:40:58 +0000 (14:40 -0700)]
MAUSB: Add Status value defined in v1.0a Spec

Change-Id: Ie8e77fffd54eb9b1918d90999a4419a80de8bc5e
Reviewed-on: https://code.wireshark.org/review/17374
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agotap-iostat.c: ensure that interval is set to its maximum value when using 0
Pascal Quantin [Mon, 29 Aug 2016 09:31:11 +0000 (11:31 +0200)]
tap-iostat.c: ensure that interval is set to its maximum value when using 0

Otherwise the statistics will be wrong if the capture duration is greater
than G_MAXINT32 and it the user specifies an interval of 0

Bug: 12778
Change-Id: I83a0f627ec0bb7c535446c17afa486835091ab8b
Reviewed-on: https://code.wireshark.org/review/17367
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agotelnet: remove meaningless line (CID 1372125).
Dario Lombardo [Mon, 29 Aug 2016 08:40:29 +0000 (10:40 +0200)]
telnet: remove meaningless line (CID 1372125).

Change-Id: I3b9bc01a4f72e2e0de3f83426a9b8e7060d0c89a
Reviewed-on: https://code.wireshark.org/review/17366
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>