git.samba.org - metze/wireshark/wip.git/log

cmake: fix GTK3 detection via pkg-config

Put QUIET before the module name, otherwise FindPkgConfig tries to
locate a module named QUIET. This fixes a build failure that complains
about missing pango/pango.h.

Tested with GTK 3.20, CMake 3.5.2 on Arch Linux.

Change-Id: I76e487d0f4b7f9fbac4105521c349b392b680923
Reviewed-on: https://code.wireshark.org/review/15314
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

format DIS header timestamp as mm:ss.nnnnnn

Older versions of this dissector displayed the header timestamp formatted to show
minutes, seconds, and milliseconds past the hour (the DIS spec actually defines the
timestamp in terms of microseconds). This commit fulfills a feature request to
return to that format.

Bug: 12402
Change-Id: Ide4adf8f80306f2458e48e8b2f78c911782669e5
Reviewed-on: https://code.wireshark.org/review/15276
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

LAPDm: reset the last N(S) variable only during first pass

Change-Id: If496ca47f6e8b093511ee9a9a6834a49ef3553fa
Reviewed-on: https://code.wireshark.org/review/15308
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

LPADm: fixes for reassembly

- do not packets in error in reassembly table
- filter retransmissions based on N(S) value

See https://www.wireshark.org/lists/wireshark-users/201605/msg00000.html

Change-Id: I0c2ab36acd5927529d40f8fa7fd2eed17a6fc486
Reviewed-on: https://code.wireshark.org/review/15281
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

TShark: Convert TTY output.

If we detect that we're writing to a TTY and that it doesn't support
UTF-8, convert our output to the current code page on UNIX/Linux or
to UTF-16LE on Windows. This helps to ensure that we don't fill users'
screens with mojibake, along with scrubbing invalid output.

Add a note about our output behavior to the TShark man page. Add a note
about the glyphs we should and shouldn't be using to utf8_entities.h.

Bug: 12393

Change-Id: I52b6dd240173b80ffb6d35b5950a46a565c97ce8
Reviewed-on: https://code.wireshark.org/review/15277
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SMI_DLL should not be part of directory path for copying MIBs

Change-Id: Ib21ff7175fdaf4833398151378cba93d309dd409
Reviewed-on: https://code.wireshark.org/review/15294
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Get rid of extra blank line.

Change-Id: Ibe35ee1dd8dcea5641e8cb8104c1fbf33966eca4
Reviewed-on: https://code.wireshark.org/review/15299
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove the MIBenum stuff from the WAP code.

MIBenum values are from an IANA registry, not a WAP specification; add
<epan/iana_charsets.h> to declare the MIBenum -> Wireshark encoding
mapper routine and the value_string_ext for MIBenum values, and
epan/iana_charsets.c to define them.

Change-Id: I6d9c82cd011bd5211c688322e6423de38e161f41
Reviewed-on: https://code.wireshark.org/review/15298
Reviewed-by: Guy Harris <guy@alum.mit.edu>

GSM A RR: fix dissection of GPRS Cell Options IE

As seen in the capture given in https://www.wireshark.org/lists/wireshark-users/201605/msg00007.html
The extension length is not always equal to ll the options defined for a given release

Change-Id: I68ba57dd384122eed1f1ff36cc8acc7ef029fcd0
Reviewed-on: https://code.wireshark.org/review/15290
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

LAPSat: fix reported length for tvb subset

It seems like LAPSat can have have padding bytes as seen in the capture found
here: https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9005

Change-Id: Ia2c7230c4c9fdae0bbe456585ab164f04eda0eb8
Reviewed-on: https://code.wireshark.org/review/15293
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Show MIBenum values for character sets as decimal.

http://www.iana.org/assignments/character-sets/character-sets.xhtml is
the official IANA registry for character sets, including MIBenum values,
and it shows MIBenum values in decimal, not hex, so show them in
decimal, not hex.

Change-Id: Id00a0d351a1f758401232aba621cc60aeccf360a
Reviewed-on: https://code.wireshark.org/review/15292
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Handle the encoding when displaying the string table.

Don't just treate the strings as piles of ASCII characters.

Add a proto_tree_add_item_ret_string_and_length() routine to help do
this. Clean up some of the documentation of the proto_tree_add_item_ret
routines while we're at it.

Change-Id: Ib4c52bd8a8331eac97312583326f5be9175889d9
Reviewed-on: https://code.wireshark.org/review/15291
Reviewed-by: Guy Harris <guy@alum.mit.edu>

The tabulation is specified by the stuff at the end.

I'm not sure what "4-space tabulation means", but:

if it's "a tab character means 4 spaces", that's just *wrong* in
a UN*X environment (Apple's mistaken use of "tab is 4 spaces" as
the default in Xcode nonwithstanding - Xcode is just *wrong*
there);

if it's "use 4-space *indentation*", then the code should be
reformatted and the editor hints updated.

Change-Id: Ie8249b483fe9d6fcd8db29b72167eb854eec863e
Reviewed-on: https://code.wireshark.org/review/15288
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Show the string table a bit better.

Show, for each item, the offset and the string value; the offset is
what's used in tokens.

While we're at it, print a 32-bit unsigned length field as unsigned
rather than signed.

Change-Id: I167e1683bab6a8ed1dba4c53c1c9050d5c25c754
Reviewed-on: https://code.wireshark.org/review/15286
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Automatic update for 2016-05-08]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: I5136aee86c90ac089273c88ae5fe974759bed67a
Reviewed-on: https://code.wireshark.org/review/15283
Reviewed-by: Gerald Combs <gerald@wireshark.org>

iso14443: show nad and cid info in the ats

re-use the boolean hf variables from the atqb

in the ats, the info if nad and cid are supported is in different
positions than in the atqb

therefore, we can't use a bitmask for the hf variables
fetch the correct bit manually instead

Change-Id: I8ba36ff9662052edcc7899f24d1110fdc4834c2e
Reviewed-on: https://code.wireshark.org/review/15282
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Update README.wmem

It was getting stale in a few places, and I added a bunch of detail after
discussions on https://code.wireshark.org/review/15270.

Change-Id: Icd5ad954c4fbf592df0be63e6fb9440565a8efc1
Reviewed-on: https://code.wireshark.org/review/15280
Reviewed-by: Evan Huus <eapache@gmail.com>

manuf: Add well-known MAC entries for DOCSIS and regenerate file

DOCSIS has a few well-known MAC entries defined in ANSI SCTE 22-1
with the prefix 01-E0-2F. Currently, this gets munged by
manuf_name_lookup() to 00-E0-2F and the vendor "McnsHold", which
is incorrect.

Change-Id: Ib5888d2545fcfbcadf4dd918dd2639de8f7b81b4
Reviewed-on: https://code.wireshark.org/review/15278
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Give the full name of the current version of the IEEE standard in question.

Change-Id: Ia9b41ec4dd29ca7316828f4a3f0b3fd112d83202
Reviewed-on: https://code.wireshark.org/review/15279
Reviewed-by: Guy Harris <guy@alum.mit.edu>

EPL: Add support for DS302-E

* Add AN local and global flags to the SoA frame
* Add NMT command for dynamic node assignment (DNA)

Change-Id: I7cc8c9ee26b0676727d28f32b056fbe1a153c8af
Reviewed-on: https://code.wireshark.org/review/15263
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Christoph Schlosser <christoph@schlosser.xyz>
Reviewed-by: Roland Knall <rknall@gmail.com>

USB Audio: add dissect of ChannelConfig bitmap

Bug: 11858
Change-Id: I4a4a557f4f217c3dec5285fbc9d152c9df52ccb0
Reviewed-on: https://code.wireshark.org/review/15267
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

s7comm: Add errorcode descriptions, extended list values, style cleanup

Added new errorcodes, changed to extended value-string. Removed the
defines as they are and will not be used in the code.
Add errorcode to info column, if there is an error.
Removed the functioncall-tree comment, as it was not up to date.

Change-Id: I0abe8eb046b9b2f28e32cf71e214704daa0aa843
Reviewed-on: https://code.wireshark.org/review/15260
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Convert ftype-tvbuff.c to ftype-protocol.c

As noted in https://www.wireshark.org/lists/wireshark-dev/201604/msg00103.html
a protocol field isn't really a tv_buff, so allow for the possibility
of a NULL tv_buff in a "protocol type". If the tvb is NULL, use the
string of the protocol field for comparison

Bug: 12335
Change-Id: Ie12a5f7b31c7293c61006b0f70135d100a97c4e0
Reviewed-on: https://code.wireshark.org/review/15261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

iso14443: add sfgi

Change-Id: Id8328cb7ca8674564a7230c7395dbeb24ffcea27
Reviewed-on: https://code.wireshark.org/review/15273
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Git: Add .vscode to .gitignore.

Change-Id: Ib4bb2d03eb493f83e18c507b1675feefd1f27384
Reviewed-on: https://code.wireshark.org/review/15271
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Qt: Make sure we redraw the far overlay.

Make sure we redraw the far overlay image when we unmark all packets.

Change-Id: Ib94af9029ee5c0a8e29a27c3b8aa8c84608fb9f6
Reviewed-on: https://code.wireshark.org/review/15266
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

wiretap: fix writing of 1 bytes long options in pcapng files

the option length should be 1 byte, not 4 bytes.

Change-Id: I1b356c7ce101f9bbdc9793fc280b6564e12f303f
Reviewed-on: https://code.wireshark.org/review/15265
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

snmp: return -1 (not 0) if we need more data from TCP

Change-Id: I72bb68bb09a5b3d4501676594b76deff63faa0bf
Reviewed-on: https://code.wireshark.org/review/15211
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Qt: Fix the packet map background color.

Qt's item view widgets use QPalette::Base as a background color. Fill
the packet map accordingly.

Change-Id: I5e00c9c7dab554efa674b91296e75863d335dea4
Reviewed-on: https://code.wireshark.org/review/15264
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

[Exported PDU] Add filters for ip.addr ip.dest etc for IPv4 and Ipv6 tags.

Change-Id: Id9a7872ed982e3b615563ca8c6b264f2de8be837
Reviewed-on: https://code.wireshark.org/review/15262
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[H.248] Implement export PDU functionality.

Change-Id: Ibc7da9306077fd67db348f26a327253242e3d1a2
Reviewed-on: https://code.wireshark.org/review/15258
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Export packets before dissecting them

This way even malformed packets are properly exported

Change-Id: I923825459eea725d0a103810f3883906b95b3b21
Reviewed-on: https://code.wireshark.org/review/15259
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

[MEGACO] Implement Export PDU for MEGACO packets.

Change-Id: I2cb28aad20aff93a99bad830b12805d524c57191
Reviewed-on: https://code.wireshark.org/review/15254
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Added Bachmann bluecom protocol

Bug: 12379
Change-Id: I2a6e779e28cd63c2bba6b2c075850f47162e9c7f
Reviewed-on: https://code.wireshark.org/review/15119
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>

autotools: Fix make news target

a2x outputs the file 'release-notes.text'.

Change-Id: Ia3c78fd27dd0b2d27e0837f0984f1f6b125122c1
Reviewed-on: https://code.wireshark.org/review/15228
Reviewed-by: João Valverde <j@v6e.pt>

ssh-base(.h) : fix no newline at end of file [-Wnewline-eof]

Change-Id: I0e5898a0b0a48dd777c3ac249a23c872ff45df80
Reviewed-on: https://code.wireshark.org/review/15253
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>

Implement Export PDU for tshark

This patch introduces the "-U tap_name[,filter]" tshark option and
is similar to the "Export PDUs as file" option in Wireshark.

Wireshark implements this feature by reopening a capture file, applying
a tap and finally opening the temporary file. Since tshark knows
in advance that a PDU export is needed, it can optimize by not creating
the temporary file and perform the export at the first opportunity.

This patch splits the opening/tapping functionality from error reporting
since tshark does not need a temp file and has no dialogs.

The capture file comment is now specified explicitly as there is no
"current file" anymore if the tap is running without active file.

TODO:

- Review whether it is acceptable to overwrite save_file in tshark.
- Add documentation (tshark manpage).

Bug: 3444
Change-Id: Ie159495d42c32c2ba7400f2991b7b8185b3fda09
Reviewed-on: https://code.wireshark.org/review/5890
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Decode OUI as Ethernet Vendor ID.

Change-Id: I17bca31d383dbbf5c29d7a28f16f4aa0dad9f945
Reviewed-on: https://code.wireshark.org/review/15252
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Move common code outside switch statement.

Change-Id: Id94a686c0cffd47e4d51f14e620c59fd153b3d69
Reviewed-on: https://code.wireshark.org/review/15251
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

ssh-base : fix no newline at end of file [-Wnewline-eof]

Change-Id: Id9a132f9cec7df451c8fbed851ed560ba45747bb
Reviewed-on: https://code.wireshark.org/review/15250
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>

qt: fix initializer (CID 1358957).

Change-Id: Ic950368ede5dca36eb671165f3409770492c5b52
Reviewed-on: https://code.wireshark.org/review/15243
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

Revert "PIDL: Remove _U_ and remove unused-parameter via pragma"

This reverts commit db4f7fcdeac833f24807994b372d1e42479754bf.

That doesn't work with the compiler being used on the OS X buildbot; that compiler is probably some version of llvm-gcc, which might be based on an older version of GCC without support for that pragma, or might not support it properly courtesy of the GCC front end and the LLVM back end not quite fitting together

Change-Id: I6cd5f1322b4872ef0c4eb5695f021cec00ba85b7
Reviewed-on: https://code.wireshark.org/review/15246
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Make the overlay scroll bar work with Qt 4.

In Qt 4, QScrollBar::setRange isn't a slot. Add a setChildRange
slot and connect to it instead. Add a QT_VERSION_CHECK breadcrumb in
a comment.

Change-Id: Ie28bbb6bd8249c31154a2fe236667adf1d53df61
Reviewed-on: https://code.wireshark.org/review/15215
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Add checkAPI calls to CMake.

This generates a top level target, checkAPI, that is
excluded from the ALL build target, so must be run separately.

On Windows using a Visual Studio generator, call
msbuild /p:Configuration=RelWithDebInfo checkAPI.vcxproj

Change-Id: I44a57c564dcfc75499463b942436f4b920a82478
Reviewed-on: https://code.wireshark.org/review/14873
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>

USB Audio: Add Mixed Unit

Ping-Bug: 11858
Change-Id: I53a223f1b46b513e693b40dc8754837eee5cfec0
Reviewed-on: https://code.wireshark.org/review/15242
Reviewed-by: Michael Mann <mmann78@netscape.net>

QUIC: fix decode when use version > Q033

With Q033, connection id (CID) flag change (only on one byte and only say 0 or 8 bytes length

cid never have length 2 or 4 bytes (from old spec), see https://groups.google.com/a/chromium.org/d/msg/proto-quic/pR6FA7oyeV8/4Ec42-GrMQAJ

Change-Id: I9fffe0369a8cc0811bdbc85a9c9fa8539f049981
Reviewed-on: https://code.wireshark.org/review/15164
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PIDL: Remove _U_ and remove unused-parameter via pragma

Change-Id: Ic40f86850dc94338a8c2205e04679793f368672f
Reviewed-on: https://code.wireshark.org/review/14967
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

RTPS: Added PT PID parameters and infrastructure to dissect

Before, the dissector didn't have any code path to dissect the PT
discovery parameters. The code path necessary as well as the
parameter definitions have been added.

Change-Id: I17665a56d033ffbfd16d47fe2e7374111aff9530
Reviewed-on: https://code.wireshark.org/review/14804
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Another "this is < WTAP_MAX_PACKET_SIZE so no checks are needed" note.

Change-Id: Ie46a141b1e41ee855defe60eba9137718770df9b
Reviewed-on: https://code.wireshark.org/review/15241
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove trailing blank.

Change-Id: I57017b3e574983dac9107712a0dd6b243b62bb80
Reviewed-on: https://code.wireshark.org/review/15240
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add some more checks, clean up length handling.

Check for destination or source MAC addresses that aren't 12 characters
(hex dump of 6 octets) long and type/length fields that aren't 4
characters (hex dump of 2 octets) long.

The buffer into which we copy the hex dump characters doesn't need to be
null-terminated, so don't bother to null-terminate it. Use the final
offset into the buffer as the buffer length, rather than using strlen().

Just memcpy the MAC addresses and type/length fields into the buffer;
the buffer is guaranteed to be big enough for all of them, and, as
noted, it doesn't need to be null-terminated.

Change-Id: I790e953542ae8443af01c81229a8deb877448ee3
Reviewed-on: https://code.wireshark.org/review/15239
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't assume packets will be no larger than ISERIES_MAX_PACKET_LEN.

We don't check against it. Insteead, use phdr->caplen as the buffer
size; that's based on the number of hex digits we've found.

While we're at it, also get rid of ISERIES_PKT_ALLOC_SIZE - it makes it
less obvious that it's based on the packet length from the packet
header.

Change-Id: I8ad6306c62e7bc4cf896b335f39a5a77780fb2ea
Reviewed-on: https://code.wireshark.org/review/15236
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make sure the packet length isn't > WTAP_MAX_PACKET_SIZE.

Change-Id: I65c1e87e2fcff93b3db998666ff51f19ecd71b55
Reviewed-on: https://code.wireshark.org/review/15233
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix wsutil/Makefile.nmake rule for ws_version_info.obj

Change-Id: I397da333b467d140613947fe49cd98338ab1d8f6
Reviewed-on: https://code.wireshark.org/review/15218
Tested-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>

IMAP: Add heuristic check for TLS

If the IMAP TCP stream doesn't include the STARTTLS command/response
the IMAP dissector will try to dissect TLS ciphertext as IMAP protocol
plaintext.

Add heuristic check for SSLv3/TLS and if the heuristic matches register
dissect_ssl() as the dissector for that IMAP session.

Change-Id: If84eca22315193a306e93e66c608de6634e6cd85
Reviewed-on: https://code.wireshark.org/review/13570
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>

Don't treat the packet length as unsigned.

The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().

So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.

Bug: 12394
Change-Id: I4b19b95f2e1ffc96dac5c91bff6698c246f52007
Reviewed-on: https://code.wireshark.org/review/15230
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't treat the packet length as unsigned.

The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().

So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.

Bug: 12395
Change-Id: I43b458a73b0934e9a5c2c89d34eac5a8f21a7455
Reviewed-on: https://code.wireshark.org/review/15223
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ICMPv6: Observe "Redirected Header" option length

Bug: 12400
Change-Id: Ic4116082b0f6c119172b222aadefab821f1b0971
Reviewed-on: https://code.wireshark.org/review/15205
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>

Don't treat the packet length as unsigned.

The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().

So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.

Bug: 12396
Change-Id: I54fe8f61f42c32b5ef33da633ece51bbcda8c95f
Reviewed-on: https://code.wireshark.org/review/15220
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't treat the packet length as unsigned.

The scanf family of functions are as annoyingly bad at handling unsigned
numbers as strtoul() is - both of them are perfectly willing to accept a
value beginning with a negative sign as an unsigned value. When using
strtoul(), you can compensate for this by explicitly checking for a '-'
as the first character of the string, but you can't do that with
sscanf().

So revert to having pkt_len be signed, and scanning it with %d, but
check for a negative value and fail if we see a negative value.

Change-Id: I6450d468504e942df72342176a0e145e5ac3db5f
Reviewed-on: https://code.wireshark.org/review/15216
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make class "type" for USB conversations.

USB dissectors can't assume that only their class type has been passed around in the conversation. Make explicit check that class type expected matches the dissector and stop/prevent dissection if there isn't a match.

Bug: 12356
Change-Id: Ib23973a4ebd0fbb51952ffc118daf95e3389a209
Reviewed-on: https://code.wireshark.org/review/15212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

qt: SH_ScrollBar_Transient is not available for Qt <= 5.2

add a version check in order to fix compilation with older Qt versions

(I couldn't figure out when exactly SH_ScrollBar_Transient was
introduced. It appears in the Qt 5.6 documentation, it's unavailable in
Qt 5.2)

Change-Id: Idf7ea1302e4a40e290a6750cbe077d9d2b7b56a8
Reviewed-on: https://code.wireshark.org/review/15196
Reviewed-by: Gerald Combs <gerald@wireshark.org>

zvt: return -1 if we need more data from tcp

0 means that the dissector rejected the packet.

Change-Id: I9e04443a5f378198f94038e0e67b2e1fde8054be
Reviewed-on: https://code.wireshark.org/review/15210
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

ldss: remove if (tree) checks

Change-Id: Ib453a247eb1a2b6e88b3a4abab301bdc7c18bdb0
Reviewed-on: https://code.wireshark.org/review/15209
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

ldss: return -1 (not 0) if we need more data from TCP

If a dissector returns 0, it rejects the packet ("this is not my
protocol"). This is in contradiction to requesting more data from TCP.

Bug: 12359
Change-Id: Ib0da7fc3ef92b35b3950e74f50484d9e21a93a6f
Reviewed-on: https://code.wireshark.org/review/15198
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

[Automatic update for 2016-05-01]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: Icfa09469ffc84943f9e54eae10f60001a3790694
Reviewed-on: https://code.wireshark.org/review/15206
Reviewed-by: Gerald Combs <gerald@wireshark.org>

qt: don't declare dp_ratio for Qt < 5.1

this avoids warnings about unused variables

Change-Id: I0ee033f90c1387615ffc167161e53f4293d89763
Reviewed-on: https://code.wireshark.org/review/15195
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Return the same error for too-large packets as we do for other files.

And note that our limit (which is what we use as the fixed buffer size)
is less than WTAP_MAX_PACKET_SIZE, so we don't have to check against
WTAP_MAX_PACKET_SIZE.

Change-Id: I28cd95c40fd2fba9994a5d64ef323f1d8c1c4478
Reviewed-on: https://code.wireshark.org/review/15204
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Note that we don't have to worry about too-large packets.

Change-Id: If72fb1ed64686348fa24b441cba8534fadc0e707
Reviewed-on: https://code.wireshark.org/review/15203
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Clean up packet length handling.

Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.

A normal packet should be Ethernet-sized; initially make the buffer big
enough for a maximum-sized Ethernet packet.

Once we know the payload length, check to make sure the packet length
won't be > WTAP_MAX_PACKET_SIZE and fail if it will. Then boost the
buffer size to be large enough for the packet, even if it's bigger than
a maximum-sized Ethernet packet.

Change-Id: I75b2108dd68f5bc5cd436bf5b82990089a7116bf
Reviewed-on: https://code.wireshark.org/review/15200
Reviewed-by: Guy Harris <guy@alum.mit.edu>

qt: use NULL instead of Q_NULLPTR

Q_NULLPTR is not defined in Qt4

Change-Id: I0dd5444c6c019b7e8f1a346d9e12432d9b306d8a
Reviewed-on: https://code.wireshark.org/review/15197
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Have daintree_sna_read_packet() do all the packet reading work.

Share more code between the read and seek-read routines.

Also note why that code doesn't have to check against
WTAP_MAX_PACKET_SIZE.

Change-Id: I09086fcd3c16883c2598fb0aeb172c66f480d315
Reviewed-on: https://code.wireshark.org/review/15193
Reviewed-by: Guy Harris <guy@alum.mit.edu>

IPv4: use calculated value for Header Length display filter

Bug: 12387
Change-Id: I63370ea884b6fb75a0743fecc06af2e213700645
Reviewed-on: https://code.wireshark.org/review/15163
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Don't bother checking for getaddrinfo(): we don't use it.

Since Ie5e670b769eb0674950f3679ef511047641c2873 we no longer support
synchronous name resolution.

Change-Id: Icc65bd665bd610d89f894549e77608cfb5ef4c53
Reviewed-on: https://code.wireshark.org/review/15165
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Netflow: Updating the list of Ixia IxFlow fields

Change-Id: I38c2b337bf276f6edc6b5d3f10e47ae81a1610b5
Reviewed-on: https://code.wireshark.org/review/15167
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add TCP preference for Process information from IPFIX

The preference is disabled by default and saves a little
bit of memory for those that don't get process information
from IPFIX.

Change-Id: I4b6a106d156862a8d53bf2ad5ee88ea857637815
Reviewed-on: https://code.wireshark.org/review/15139
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Check for packets bigger than WTAP_MAX_PACKET_SIZE.

Change-Id: Iaa4865393e711633312e44eaba4985c75668746a
Reviewed-on: https://code.wireshark.org/review/15190
Reviewed-by: Guy Harris <guy@alum.mit.edu>

debian: Fix hardening-check during package build

Change-Id: I30465f1cd0b725e58f3445813e443521350900a2
Reviewed-on: https://code.wireshark.org/review/15160
Reviewed-by: Balint Reczey <balint@balintreczey.hu>

Check for packets bigger than WTAP_MAX_PACKET_SIZE.

Change-Id: Ia932f3e5aeaca7a566ea9f00ce1dca1a2071a1a4
Reviewed-on: https://code.wireshark.org/review/15187
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Note some cases where we don't need to check the packet length.

These file formats have 16-bit packet lengths, so, even with some extra
metadata added, the packet data length will never be bigger than
WTAP_MAX_PACKET_SIZE. (No, we won't ever reduce WTAP_MAX_PACKET_SIZE.)

Change-Id: I9e1b1d90971f91cc6e5d66d0aa93841445b2bc22
Reviewed-on: https://code.wireshark.org/review/15186
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Check for packets bigger than WTAP_MAX_PACKET_SIZE.

Change-Id: If7cd6ae60b805121c3f54dcaa48d730b6cd9b648
Reviewed-on: https://code.wireshark.org/review/15183
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Check for packets bigger than WTAP_MAX_PACKET_SIZE.

And note the cases where we don't have to check, as the length in the
file is 2 bytes long, and 65535 + the metadata length is <
WTAP_MAX_PACKET_SIZE.

Change-Id: I1e690eeee900b9aa7484dc0bd0c106dc38c77269
Reviewed-on: https://code.wireshark.org/review/15180
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use WTAP_MAX_PACKET_SIZE as the maximum packet length.

And use the actual packet length, rather than a fixed value, as the
buffer size we need for the packet.

Change-Id: I3af6724210a85b50610839d1bdf97fcf5a152b2f
Reviewed-on: https://code.wireshark.org/review/15179
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix packet length handling.

Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.

Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.

Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.

Merge the header and packet data parsing routines while we're at it.

Bug: 12396
Change-Id: I7f981f9cdcbea7ecdeb88bfff2f12d875de2244f
Reviewed-on: https://code.wireshark.org/review/15176
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Make sure we pass along a resizeEvent.

Change-Id: I6bf07058b0a5b53fe862f4ca414602c658cf50dd
Reviewed-on: https://code.wireshark.org/review/15168
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix packet length handling.

Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.

Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.

Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.

Merge the header and packet data parsing routines while we're at it.

Bug: 12395
Change-Id: Ia70f33b71ff28451190fcf144c333fd1362646b2
Reviewed-on: https://code.wireshark.org/review/15172
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Add recent items to the OS X dock menu.

Qt 5.2 added QMenu::setAsDockMenu. Use it to add recent items to the
Wireshark dock menu.

Add QWinJumpList code which does something similar. Comment it out
because it does it slowly and not-quite-correctly.

Change-Id: I801b1037b998516eacab695f982d7d6e889bafb6
Reviewed-on: https://code.wireshark.org/review/15166
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix packet length handling.

Treat the packet length as unsigned - it shouldn't be negative in the
file. If it is, that'll probably cause the sscanf to fail, so we'll
report the file as bad.

Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
allocate a huge amount of memory, just as we do in other file readers.

Use the now-validated packet size as the length in
ws_buffer_assure_space(), so we are certain to have enough space, and
don't allocate too much space.

Bug: 12394
Change-Id: Ifa023ce70f7a2697bf151009b035a6e6cf8d5d90
Reviewed-on: https://code.wireshark.org/review/15169
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Diameter AVPs] Add AVP 620 Redirect-Realm

Bug 12381

Change-Id: I8ba1306661b4b2c30c865761e1c2a90b5e4140b0
Reviewed-on: https://code.wireshark.org/review/15162
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ANSI IS-637 A: fix display of reserved bits when using 7bits GSM encoding

Change-Id: Ida59c339d174e8f9a3b8bf108374875d12c51b21
Reviewed-on: https://code.wireshark.org/review/15153
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Separate out the members of tcp_flow_t structure that are only used for sequence analysis.

That way they only need to be allocated if analysis is being done.

Inspired by https://www.wireshark.org/lists/wireshark-dev/201604/msg00218.html
Ping-Bug: 12367

Change-Id: I797e5b305133d85a2a89688109cc3a218d0a9e88
Reviewed-on: https://code.wireshark.org/review/15138
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update BPKM Auth Reply key length for DOCSIS 3.1

Wireshark was failing to parse DOCSIS 3.1 BPKM Response (Auth Reply)
messages with a key length of 256 bytes, which is in the DOCSIS 3.1
specification located here:

http://www.cablelabs.com/specification/docsis-3-1-security-specification/

See Appendix I.4 "Authorization Reply"

Change-Id: Ic50eb4a2d637a7bc47385b7c0a96c830f7a920be
Reviewed-on: https://code.wireshark.org/review/15149
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

make-version.pl: Preserve line endings.

Make sure we replace a line using the same line endings.

Change-Id: I73b07a773bc39b05ba7a73b3c3c984a73c545a48
Reviewed-on: https://code.wireshark.org/review/15157
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Print version variables in make-version.pl

Print our various version variables when we set versions.

Change-Id: I9212369c17f3d2a040e83900945eb57670d4992d
Reviewed-on: https://code.wireshark.org/review/15156
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Win32: Make sure we zero out PROCESS_INFORMATION.

Make sure we zero our PROCESS_INFORMATION struct before passing it to
CreateProcess.

Change-Id: Ib42320965bb7b2d37a9fc106d78ace02153e48d2
Reviewed-on: https://code.wireshark.org/review/15154
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Win32: Pass a mutable string to CreateProcess.

CreateProcess can modify its second (lpCommandLine) argument. Don't
pass it the output of utf_8to16.

Constify the return value of utf_8to16.

Change-Id: I0d4361396e90c88a4ab2a3f2f0e058230e897fdf
Reviewed-on: https://code.wireshark.org/review/15155
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Don't mix g_malloc() and wmem_alloc().

Always allocate sub_net_hashipv4 structures with wmem.

Bug: 12386
Change-Id: Ibc4f09c267a2e651d9120ef67d4d5b77635172d6
Reviewed-on: https://code.wireshark.org/review/15152
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Cleanups to issues found while investigating 12386.

Get rid of the printable-IP-address member of a sub_net_hashipv4; it's
not used.

Free hash buckets of those structures iteratively, not recursively.

Change-Id: I1ee8f46d3175a380e6a439fe71e7c06a0e939a3d
Reviewed-on: https://code.wireshark.org/review/15150
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add support for ModbusRTU over UDP.

Bug: 12374
Change-Id: I2df806c902b932d87e82f6f097f7acce814e5040
Reviewed-on: https://code.wireshark.org/review/15126
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Use "system" for "use system language", and don't try to print a null string.

Add a #define USE_SYSTEM_LANGUAGE for the language string meaning "use
the system setting", and use that instead of hardcoding "system" in
various places.

If "language" is null, don't try to write it to the file with fprintf()
- on *most* systems, that prints "(null)", but on some systems, such as
Solaris, it *crashes*. Write USE_SYSTEM_LANGUAGE instead. Check for
"(null)" and treat it as meaning "use the system language".

Map "auto" to "use the system language" as well, for backwards
compatibility.

Change-Id: Iba9be540a5139e9cca8bddd0761ee4cbf0f79a49
Reviewed-on: https://code.wireshark.org/review/15147
Reviewed-by: Guy Harris <guy@alum.mit.edu>