git.samba.org - metze/wireshark/wip.git/log

Throw in another tweak to check for uninitialized cops_call_t structures.

Temporariy add a "magic" field, initialize it when we allocate it, and
whenever we fetch a structure from the array, make sure the "magic"
field has the right value.

(If this all turns out to be a valgrind bug, I'm not going to be very
happy.)

Change-Id: I29becc715367fdc305504b38d48be05dc516132a
Reviewed-on: https://code.wireshark.org/review/19128
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-rpcrdma: Prepare dissector for RPC-over-RDMA on iWARP or RoCE

Remove the Infiniband-centric QP filtering. This filtering attempted
to create conversations to allow the heuristic dissector to be
bypassed once it was established that a QP was carrying
RPC-over-RDMA traffic.

However, it was preventing proper identification of RPC-over-RDMA
traffic when a CM connection establishment exchange doesn't appear
in the capture (which is frequently the case for captures of NFS
traffic).

Also, without this conversation logic, loading a capture file
appears to be significantly faster, at least for capture files
I have on hand.

Later, some form of conversation management will be needed in
order to associate RPC-over-RDMA transport headers with
RDMA Read and Write operations that go along with them. But it
will need to be agnostic about the underlying link layer.

Bug: 13199
Bug: 13202
Change-Id: Ie6b7a4c65979dac036306f7367ce18836713ab4d
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19032
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-tns: add TNS_TYPE_DATA functions dissection.

Those functions also known as NET8 commands or SQLNET layer of TNS protocol.
Also added a lot of sub-functions for one NET8 command, also known as OCI
(Oracle Call Interface).

Do other cleanup while in the neighbor hood including:
1. Use proto_tree_add_bitmask where applicable
2. Remove individual "hidden" command fields. Filtering should use "tns.type"
3. Remove unnecessary if (tree)s

Change-Id: Ib7cc5cf307179d5d252c334949a4e77d9d396ba4
Reviewed-on: https://code.wireshark.org/review/19050
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

reformatted IMF export objects

Change-Id: I3d8da3f481d6808d374c2a906652370a46a4c088
Reviewed-on: https://code.wireshark.org/review/19121
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Moshe Kaplan <me@moshekaplan.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Change SpanDSP capitalization

Many capitalization can be found for this library (spandsp, Spandsp, SpanDSP),
let's use the one found in the library README and in its spec file.

Change-Id: Ia66b723e5d582a6218da1b6366b7d4859272f80c
Reviewed-on: https://code.wireshark.org/review/19122
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

cops: try to avoid uninitialized warning error

Valgrind 3.11.0 on the Ubuntu 16.04 buildbot reports that
cops_call->solicited is not initialized:

    pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
    /* ... */
    for (i=0; i < pdus_array->len; i++) {
        cops_call = (cops_call_t*)g_ptr_array_index(pdus_array, i);
        if ( /* ... */
        ( (cops_call->op_code == COPS_MSG_KA && !(cops_call->solicited)) &&
                                                  ^^^^^^^^^^^^^^^^^^^^

which is clearly bogus since the only place where cops_call could be
created is a few lines up:

    ver_flags = tvb_get_guint8(tvb, offset);
    is_solicited = (lo_nibble(ver_flags) == 0x01);
    /* ... */
    pdus_array = (GPtrArray *)wmem_map_lookup(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value));
    if (pdus_array == NULL) {
        pdus_array = g_ptr_array_new();
        wmem_map_insert(cops_conv_info->pdus_tree, GUINT_TO_POINTER(handle_value), pdus_array);
    }
    /* ... */
    cops_call = wmem_new(wmem_file_scope(), cops_call_t);
    cops_call->op_code = op_code;
    cops_call->solicited = is_solicited;
    /* ... */
    g_ptr_array_add(pdus_array, cops_call);

Try to zero the whole structure to avoid this bogus warning.

Change-Id: I1ec4d23e99c987849af580a1c8134610c383e55e
Ping-Bug: 13044
Ping-Bug: 13203
Reviewed-on: https://code.wireshark.org/review/19119
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Bluetooth: SMP: Indicate when keys are Debug

Debug mode keys are described by Bluetooth Core4 specification.
Inform user if any of keys are debug. Debug mode is only if both
keys are debug.

Change-Id: Id7f58c2445614dc386a67b91cbe6f78ffbeda880
Reviewed-on: https://code.wireshark.org/review/19083
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Make the RTP player output device selectable.

Add a combobox for selecting the output device and populate it with our
available devices. Let the user know if our output format isn't
supported.

Ping-Bug: 13105
Change-Id: I299c7d0f191bb66d93896338036000e2c377781f
Reviewed-on: https://code.wireshark.org/review/19046
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Bluetooth: SMP: Dissect remaining Key Distribution bits

Add "Linkkey" and "Reserved" fields.

Change-Id: I21a23824348500bbcf8366c947fe2d6599b015d4
Reviewed-on: https://code.wireshark.org/review/19081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-rpcrdma: Add filter variable for Write chunk segment count

Allow the Write segment count field to be selected and filtered on.
In many Write chunks there is just one segment. However in some
special cases there can be multiple segments in a Write or Reply
chunk.

Change-Id: Ic4a4104e3a44bf4f2c96e4e5353a10e7547350c9
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19102
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Add udpdump to the macOS package.

Change-Id: I9d16a8291efdd564a905b2f8bc1ded4fa1aa718d
Reviewed-on: https://code.wireshark.org/review/19118
Reviewed-by: Gerald Combs <gerald@wireshark.org>

codecs: Add support for G.722 and G.726

Integrate the Spandsp library for G.722 and G.726 support. Adds support
for G.722 and all eight variants of G.726.

Note: this also fixes a crash in Qt (buffer overrun, reading too much
data) caused by confusion of the larger output buffer (resample_buff)
with the smaller input buffer (decode_buff). It was not triggered before
because the sample rate was always 8k, but with the addition of the new
codecs, a different sample rate became possible (16k).

Fix also a crash which occurs when the RTP_STREAM_DEBUG macro is enabled
and the VOIP Calls dialog is opened (the begin frame, start_fd, is not
yet known and therfore a NULL dereference could occur).

Passes testing (plays normally without bad RTP timing errors) with
SampleCaptures files: sip-rtp-g722.pcap and sip-rtp-g726.pcap. Tested
with cmake (Qt), autotools (Qt and GTK+) with ASAN enabled.

Bug: 5619
Change-Id: I5661908d193927bba50901079119eeff0c04991f
Reviewed-on: https://code.wireshark.org/review/18939
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Autotools: Disable Qt4 on macOS.

Add a check for macOS+Qt4 to configure.ac in order to roughly match the
CMake behavior in ge858829.

Change-Id: I37de95d5db515d28dd88f13d818531bf6e94d07e
Reviewed-on: https://code.wireshark.org/review/19036
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

SDP: Fix compiler warning

Change-Id: I5d415ba9ce7ae62eff43d47ceaa96e6282eaad1a
Reviewed-on: https://code.wireshark.org/review/19113
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

DOF: fix UAT update callbacks

- update callback must return a boolean to indicate success / failure
- error message must be allcoated in glib memory as GUI will g_free it

Bug: 13209
Change-Id: Ibb9690034d66dae85e775d0010aadeb192c76b4a
Reviewed-on: https://code.wireshark.org/review/19111
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: Sync "Classic" color rules

Change-Id: Ic64f9b71eba4ba8c79c28e10fe4eac983ca98f22
Reviewed-on: https://code.wireshark.org/review/19085
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>

sdp: refactor session/media level handling of attributes

The media_count meaning is horrendous. -1 means "none", a count of "0"
actually means "1". This led to various bugs in the past, so just rip it
out and use a (wmem) array from which the length can be determined.

That also means that a hard-coded limit on the media can now easily be
lifted without affecting the size of the transport_info_t structure.
(This limit, SDP_MAX_RTP_CHANNELS,  is unchanged in this patch though.)

Refactor the SDP dissector such that:

- Media and related attributes are no longer a bunch of fixed array
   fields, but grouped in one structure. This results in the largest
   changes all over the place since "transport_info->media[n]" is now
   transformed into "media_desc->media" where "media_desc" is an element
   of the "transport_info->media_descriptions" wmem array.
- Simplify protocol (in "m=") parsing (lots of ifs -> array + loop).
- Remove convert_disposable_media and disposable_media_info_t, parse
   fields (media protocol from "m=", connection address from "c=", etc.)
   while parsing the SDP instead of parsing it at the end.
- Have two distinct structures for keeping the info for the session and
   media level. Emphasize that new media descriptions are inherited from
   session level attributes (via sdp_new_media_description).
- Delay creation of dynamic payload type information table until we
   actually create the media description. Create function
   clean_unused_media_descriptions to handle the common of freeing
   unused dynamic pt.
- Remove SDP_IPv4/SDP_IPv6, these are replaced by checking the type
   member of the address structure.

Changes to MSRP part:

- Move MSRP attributes to the media-level attributes.
- Remove msrp_transport_address_set attribute, rely on the AT_NONE
   address type for detecting bad addresses.
- Remove SDP_MSRP_IPv4 check, this never worked as the flag was never
   set. Now it relies on the address family from the host in a=path:.

Tested with these capture files with no change in PDML output nor
improvements/regressions with memleaks (as reported by ASAN):

    capture sip call wireshark 1.8.2.pcap
    NOringback.pcapng
    rtp_not_parsed_by_1_10_1.pcap
    rtsp_interleaved_coreplayer.cap
    SIP_CALL_RTP_G711.pcapng
    srtpincorrectlyselected.pcap
    tdnwifitontwifi_withnatting_clientAbhopati_03082015.pcapng

Change-Id: Ia0dbc63f8bd78cc84dad2e18174540e31b78a80d
Reviewed-on: https://code.wireshark.org/review/19072
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

rtp: add function to duplicate rtp_dyn_payload_t

There is no way to iterate through the contents. For a future patch to
the SDP dissector (where the session-level info is copied to the
media-level), it would be nice to duplicate the dynamic payload info.

Change-Id: I79b8349e5e157298a28fc608e20c2c2e03e76400
Reviewed-on: https://code.wireshark.org/review/19106
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DTLS: add support for use_srtp extension (RFC 5764)

Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.

Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

ssh: add dissection for ECDSA host keys

Change-Id: Ic9851976bfa25fc61c708ee08e5a26ad01769f06
Reviewed-on: https://code.wireshark.org/review/19097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

SDP: reduce code duplication

Observe that some code in setup_sdp_transport is effectively the same
code as a part from dissect_sdp with these differences:

- Removal of these two conditions (setup_sdp_transport already returns
   early when a packet is visited):
    (!pinfo->fd->flags.visited) && (transport_info == &local_transport_info)
- "establish_frame" in setup_sdp_transport is replaced by "pinfo->num"
   in dissect_sdp.

dissect_sdp further has two additional blocks that add information to
the VoIP calls dialog. This is preserved.

Freeing of the RTP payload information has also been simplified. Instead
of checking it inside the main loop that adds addresses (now moved to a
new function, "apply_sdp_transport"), let the caller do it outside the
loop.

The transformation in this patch is rather mechanical:

0. Add a comment on what the new function is supposed to do.
1. Move code from setup_sdp_transport into a new function,
    apply_sdp_transport and reduce indentation level.
2. Copy all variables to the new function and populate the parameter
    list.
3. Compile result, remove unused variables that the compiler warns for.
4. Move freeing of unused media outside the loop to the caller.
5. Create a new conditional statement before the duplicated loop, which
    checks whether setup_sdp_transport has been used before. (SIP first
    calls setup_sdp_transport, then it invokes the media type dissector
    which calls dissect_sdp to populate the tree.)
6. Remove the duplicated code from the dissect_sdp loop until only the
    VoIP Calls dialog info remains.

There is no functional change intended.

Change-Id: I928379466af56ef1729cccbf4a5b60895ddb3227
Reviewed-on: https://code.wireshark.org/review/19047
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

SDP: add basic ICE candidate attribute dissection (RFC 5245)

Dissect the first, fixed part of a=candidate. The candidate type is also
unabbreviated for easier understanding. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.

Change-Id: I9950c8f066becea86f1fe8e9ffab2dc07ae0f425
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

CIP: Minor enhancements

1. ENIP: Display the CIP Forward Open Request packet number for connected data
2. CIP: Extended Network: Display expert info when the expected bytes does not match actual bytes
3. CIP: Look up more data fields as CIP service or Device Type
4. CIP: Display data as Dec/Hex, depending on how the spec shows things
5. Minor: Pull out common code into load_cip_request_data()
6. Minor: Text corrections

Change-Id: I184ac3899786f650e4d4643a5dfe68bba785d6e0
Reviewed-on: https://code.wireshark.org/review/19092
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-rpcrdma: Clean up Reply chunk dissection

Display the Reply chunk as a tree, using the same code that the
Write list dissector now uses. Fix up the selection size of the
Reply chunk.

Bug: 13197
Change-Id: Ie861b7721b2c2dd9a5839986488ee22f39f81d1e
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19101
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-rpcrdma: Fix Write list dissection

The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Write list as a list of RDMA segments (it's a
list of counted arrays).

Bug: 13197
Change-Id: I6f8e788d66eefd17d6c1995e238a9ff9fa1e81f2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19100
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-rpcrdma: Fix Read list dissection

The current mechanism of dissecting RPC-over-RDMA chunk lists is not
working. It treats the Read list as a counted array (it's a list).

Part of this confusion arises because RFC 5666 uses the term "chunk"
to mean "chunk", "read segment", and "rdma segment". Re-organize
the dissector logic to make this distinction properly.

Bug: 13197
Change-Id: Iad517804dbcf8b30de795af03af7a71a6f231231
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19099
Reviewed-by: Michael Mann <mmann78@netscape.net>

RTPS: Cleanup endian handling

1. Rather than pass a boolean that has to be continually evaluated, just pass the
necessary encoding (ENC_LITTLE_ENDIAN or ENC_BIG_ENDIAN)
2. Incorporate more use of proto_tree_add_item_ret_[u]int
3. Remove NEXT_guint16 and NEXT_guint32 because we now have tvb_get_guint16 and
tvb_get_guint32

Change-Id: Ib1c3488450b4e727d2c1943ba4e577faf2350dcc
Reviewed-on: https://code.wireshark.org/review/19103
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

kafka: add dissection for rest of api keys

- support rest of api keys
- dissect kafka.required_acks with constants
- dissect kafka.message_timestamp_type
- add expert info about missing request

Change-Id: I3d18936adac6702a61f545385bdec1b75b564bd9
Reviewed-on: https://code.wireshark.org/review/18954
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

packet-rpcrdma: Display length fields in decimal

Change-Id: I3a3a51de76286800992b1445c332c50059112c54
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19098
Reviewed-by: Michael Mann <mmann78@netscape.net>

packet-rpcrdma: Remove if (tree) preventing dissectors being called.

When tshark displays each frame in default mode (without -V):

- NFS on TCP is dissected and displayed
- NFS on RPC/RDMA is displayed as only an RPC/RDMA frame

NFS on RPC/RDMA should be dissected and displayed just like NFS on
TCP. Make passing along the RPC payload to the RPC dissector
unconditional.

Bug: 13198
Change-Id: Ia86f3abcfcbc65a860d4ff7bac19a5f3af44a0b0
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19027
Reviewed-by: Michael Mann <mmann78@netscape.net>

CMake: Update FindWiX.

The WiX Toolset installer sets the WIX environment variable. Search for
our WiX executables there first.

Change-Id: I5acc9cb369dc2bdbb071d35b5a39498c6db117a3
Reviewed-on: https://code.wireshark.org/review/19096
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

RTPS: Added submessages and fixed minor issues for Secure DDS

Bug: 13204
Change-Id: Iaad562aafe3a4f0300398fc45927ac810814ee75
Reviewed-on: https://code.wireshark.org/review/18990
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: SMP: Dissect remaining AuthReq bits

Dissect SC, Keypress and Reserved bits.
Up to Bluetooth Core 4 specification.

Change-Id: Id7ac75bd917786abe9aada433a1343887a32234d
Reviewed-on: https://code.wireshark.org/review/19079
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: SMP: Implement 3 more commands

0x0C: /* Pairing Public Key */
0x0D: /* Pairing DHKey Check" */
0x0E: /* Pairing Keypress Notification */

Change-Id: I18dc88d2cb7a96412b230a9b414ce053bfde09fa
Reviewed-on: https://code.wireshark.org/review/19080
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: SMP: Add coloring rule for SMP

SMP occurs very rare, because of it nature - it is just pairing
procedure. It is better to distinguish it from L2CAP by assigned to it
another yellow colour.

Change-Id: I71e8641b717581253cd86cc867fa71241e7650b7
Reviewed-on: https://code.wireshark.org/review/19082
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: BTLE*: Initialize what initialized was not

Fix unexpected Direction flag pass to BTLE dissector
what caused reassemble of L2CAP not working correctly
(it based on Source/Destination addresses/columns).

Change-Id: I10fb17c29b020f6ca746f7bbccb7527e0ba04624
Reviewed-on: https://code.wireshark.org/review/19084
Reviewed-by: Michael Mann <mmann78@netscape.net>

Bluetooth: Assigned Numbers: Update Member UUIDs

Update manually from time to time based on:
https://www.bluetooth.com/specifications/assigned-numbers

Change-Id: I506e58c16322862c9fe517b71ab12806818331b5
Reviewed-on: https://code.wireshark.org/review/19086
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>

androiddump: Add support for Bluetooth on Android 7.0

Now "ps" command does not support process name as parameter,
use grep instead.

Change-Id: I0c35bc7d560e237e4140000e67af097744cb2c1b
Reviewed-on: https://code.wireshark.org/review/19087
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

SMB: Limit Export object files to 32 bits.

Most of the file offset fields are 32-bit, but the algorithms use gsize
variables, which can vary between 32 and 64 bit builds. The 64-bit
builds are the ones with the problem with "garbage" data comes from
(effectively) invalid 32-bit offsets.

Bug: 11133
Change-Id: I20b8cafb75fc021594159ab092c18c24f3e257e3
Reviewed-on: https://code.wireshark.org/review/19073
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Honor protocols.display_hidden_proto_items preferences when outputting fields in TShark

Bug: 13192
Change-Id: Ibb2b3913716d31a3d5f600e1b6400fdf14a69ca4
Reviewed-on: https://code.wireshark.org/review/19075
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Clean up initialization code for programs.

Make the init_progfile_dir() call unconditionally, even if plugins
aren't supported, as that doesn't necessarily mean nobody uses the
directory containing the executable.

Report the error the same way in all programs, and free the error string
after we're finished with it.

Make the error - and the comment before the code - reflect what
init_progfile_dir() is actually doing (the goal is to get the full
pathname of the directory *containing* the executable; that's generally
done by getting the pathname of the executable and stripping off the
name of the executable, but that's won't necessarily always be the
case). Also note for TShark that we won't be able to capture traffic,
just as we do for Wireshark (if we don't have the pathname of the
program file, we don't have a pathname to use to find dumpcap).

Have the plugin scanner just fail silently if we weren't able to get the
plugin directory path, so we don't have to worry about calling it if
init_progfile_dir() fails.

Clean up white space while we're at it.

Change-Id: I8e580c719aab6fbf74a764bf6629962394fff7c8
Reviewed-on: https://code.wireshark.org/review/19076
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update a comment to reflect current reality.

Change-Id: Ied84e0363161ebc42c8cf24e7ade4b1b4e536448
Reviewed-on: https://code.wireshark.org/review/19074
Reviewed-by: Guy Harris <guy@alum.mit.edu>

cmake: Fix building with plugins disabled

When Lua is enabled, scripts can still be loaded from the plugin dir
(filesystem.c uses PLUGIN_INSTALL_DIR), so be sure to set it or the
cmake build fails.

Change-Id: I87d2d705434052220f9619438c90905c24b2a3a6
Reviewed-on: https://code.wireshark.org/review/18976
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Reflect API changes.

Change-Id: I6a8d50cb697bcd4a5232dc01107c7d9618258d87
Reviewed-on: https://code.wireshark.org/review/19071
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Rawshark uses libwiretap, so it has to call wtap_init().

Change-Id: I4b87227e4828ebad98b22e5e5d1f3896e636582a
Reviewed-on: https://code.wireshark.org/review/19070
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Have a routine to do all the work of initializing libwiretap.

Have programs that use libwiretap call that routine rather than
separately calling some or all of init_open_routines(),
wtap_register_plugin_types(), and wtap_opttypes_initialize().

Also don't have routines internal to libwiretap call those. Yes, this
means doing some initialization work when it isn't necessary, but
scattering on-demand calls throughout the code is a great way to forget
to make those calls.

Change-Id: I5828e1c5591c9d94fbb3eb0a0e54591e8fc61710
Reviewed-on: https://code.wireshark.org/review/19069
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Show codec information in About dialog

Show codec libraries in About dialog, this should give the user a clue
of what codecs are available.

SBC is already supported, Spandsp (for G.722/G.726) is work in progress.

Change-Id: Iebc4d9c9fae619a442e06c8afc780a420aa3971b
Reviewed-on: https://code.wireshark.org/review/18978
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

codecs: allow it to be used without plugins

Not all codecs require the plugin infrastructure. For example, G.711U/A
is a built-in codec. Allow such functionality to be registered even if
plugin support is disabled.

Change-Id: I2505cc9955e7953268ec0739531278921f70a771
Reviewed-on: https://code.wireshark.org/review/18977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

[Automatic update for 2016-12-04]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: Icad3ffb6cbd570b0b8a2c650d3c11a3c9bed536f
Reviewed-on: https://code.wireshark.org/review/19066
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Qt: clear Export Objects list on retapping

The tap reset callback should not just invoke the reset callback of the
dissector, but also clear the previous list of objects in the dialog.
Otherwise duplicate entries will be created every time retapping occurs
(e.g. on changing the display filter).

Bug: 12230
Change-Id: I75f25db0652dcc9c0ac59ab0e536c06874aedb9c
Reviewed-on: https://code.wireshark.org/review/19055
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

ssh: fix the heuristic for MAC size determination

size_str points to a dash, so the result of calling ws_strtoi32 on it is
a negative number, which becomes a huge positive number, because size is
a guint32.

Parse the number after the dash instead, and use ws_strtou32.

Also, check that size is divisible by 8, since otherwise it's unlikely
to be a bit length.

Change-Id: I531f67d45e9e914574d36a9ffceed9239fd46d64
Reviewed-on: https://code.wireshark.org/review/19006
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Have separate merge APIs for regular file/temporary file/standard output.

This is similar to what we have for opening a dump file - one API that
uses the file name as specified, one that creates a temporary file and
provides the file name, and one that uses the standard output.

All of those APIs handle closing the output file.

Change-Id: I56beea7be347402773460b9148ab31a8f8bc51e1
Reviewed-on: https://code.wireshark.org/review/19059
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Squelch a casting-away-constness warning.

Change-Id: I77ca8ffd38baf812ef20b9611f59cd70ae37d392
Reviewed-on: https://code.wireshark.org/review/19062
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove unnecessary cast (gchar = char) that removes const.

Change-Id: I3924c2b4a525c0ae5ab57b7f9867296586d78509
Reviewed-on: https://code.wireshark.org/review/19061
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update list of symbols.

Remove symbols from plugins; they're not part of libwireshark.

Put all the get_rtd_ symbols together.

Add some new symbols.

Change-Id: I724ca7fd19ad083b7e05526a30974c23fa321e0b
Reviewed-on: https://code.wireshark.org/review/19060
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use ws_close(), rather than the UN*X-only close().

Change-Id: Iae29db90273191c10455e172bdd2aac00b12143c
Reviewed-on: https://code.wireshark.org/review/19058
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Get rid of test printout.

Change-Id: I0db268b0f7010d23c938ae56674cc5cd6c0bd998
Reviewed-on: https://code.wireshark.org/review/19057
Reviewed-by: Guy Harris <guy@alum.mit.edu>

When opening the standard output for writing, dup it.

That way, we can close the resulting wtap_dumper the same way we close
any other wtap_dumper, including closing the FD, rather than trying to
do everything *except* closing the FD (which is tricky for a FILE *).

Change-Id: I8cb66e32784d73e598b2e8720a12f9bdab1c6205
Reviewed-on: https://code.wireshark.org/review/19054
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ssh: dissect the host key when the connection uses DH group exchange

After this, hf_ssh_kexdh_host_key is no longer used, so remove it.

Change-Id: Ie56a086481bbe087b7ba3b17aea394c05986f63d
Reviewed-on: https://code.wireshark.org/review/19052
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

install_rpms_for_devel: add optional packages.

Install all optional dependencies as reported by cmake.

Tested on Centos7, openSUSE Leap 41.1, Fedora 24.
Fedora 24 is shipped with lua5.3, that is not compatible
with the current master, then it is not enabled.

Change-Id: Ie4de7ff2849d66371e94d5d7960aab8146337dea
Reviewed-on: https://code.wireshark.org/review/18968
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>

packet-infiniband: Fixed duplicate conversation entries

1. Fixed find_conversation for PT_IBQP to not lookup in reverse
direction when all searches fail.
This is required, because there could be valid different connection in
reverse direction which mistakenly gets updated for non template cases.

2. Added support for having MAD data for upper level dissectors to process
during RC packet processing.
This is required because connection options are negotiated out of band
using this CM exchanges (unlike in band TCP options).

3. Moved creating unidirectional connections when actually MAD packets
are processed.
Previously client-to-server unidirectional conversation was created when
CM_RSP stage, where MAD Data of CM_REQ packet is inaccessible.

4. Fixed creating multiple conversations with same address property by
eliminating create_conv_and_add_proto_data during RTU stage, which was
incorrect.
Now they are created during REQ and RSP frame processing. (Instead of
RSP and RTU processing).

5. Added support for creating bidirectional connection that ULP can
refer.
This is required to keep track of oustanding transactions on a
connection (requests and responses).

Bug: 11363
Change-Id: I32ea084a581a58efbc16dbb7a3e267c82622c50c
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/18982
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

tshark: Add -G folders report

Add a new tshark feature to generate a folders report. The folders report
is essentially the information presented by Wireshark's About / Folders page
in a TAB delimited format.

Change-Id: Ic4b3d332b4bdaa7e6b7aad1e9cc5dd18413aada6
Reviewed-on: https://code.wireshark.org/review/19002
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Temporarily break up complicated expression into a bunch of separate ifs.

Maybe this way we can identify which *particular* test is, according to
Valgrind, looking at uninitialized data; there's nothing obvious that
shows up from inspecting the code, and neither of our static analyzers
seem to have found anything.

Change-Id: I80f6bb8e6fa92decfe195c01766330b97e980821
Reviewed-on: https://code.wireshark.org/review/19049
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-rpcrdma: Fix protocol frame pre-detection

The current mechanism of detecting RPC-over-RDMA is broken because
it treats the Read list as a counted array (it's a list); and treats
the Write list and Reply chunk identically (one is a list, one is
always a single chunk).

While we're here, refactor pre-detection helper functions so they
can be used during frame dissection as well.

Bug: 13196
Change-Id: I76e210c8d2a9464fed00e7199072d37f4ebbebf2
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19025
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>

echo: decide on req/resp based on matched port

Since the use of 'Decode as' can result in another port number than the
default port (7) being the service port, this should be checked against.

Change-Id: I93383613115595fff621e2fb9ab7959cd448c01e
Reviewed-on: https://code.wireshark.org/review/18991
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

packet-rpcrdma: Display length and version fields in decimal

Display length fields in decimal, just as they are displayed by the
RDMA RETH dissector.

Display version fields in decimal, just as they are displayed by the
RPC dissector.

RDMA offset fields are left in hexadecimal since they are
essentially addresses, and at least the Linux RPC-over-RDMA
implementation has debugging messages that display these as
hexadecimal values.

Change-Id: I7206970675ca0ca486b3a2837b6dbb1c4d764091
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19028
Reviewed-by: Michael Mann <mmann78@netscape.net>

Include config.h first, for large-file-related #defines.

Change-Id: Iced77fb65c2db8bc370cefe4c48c972fe1262f92
Reviewed-on: https://code.wireshark.org/review/19039
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-rpcrdma: Dissector should exit when frame is not RPC-over-RDMA

On an RDMA transport, RPC protocol never appears in a frame by
itself. If RPC-over-RDMA is not present, then RPC is by definition
not present as an InfiniBand data payload.

Bug: 13195
Change-Id: Icaea9d4936477af32adc73140c67539e977a7a9a
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19024
Reviewed-by: Michael Mann <mmann78@netscape.net>

Include config.h first, for large-file-related #defines.

Change-Id: Id71326bc89e1461b100df99b618a1c49256b93af
Reviewed-on: https://code.wireshark.org/review/19037
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Include config.h at the very beginning of all Flex scanners.

That way, if we #define anything for large file support, that's done
before we include any system header files that either depend on that
definition or that define it themselves if it's not already defined.

Change-Id: I9b07344151103be337899dead44d6960715d6813
Reviewed-on: https://code.wireshark.org/review/19035
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make SMB2 MessageId field a FT_UINT64

Also adjust the smb2_info_t structure that handles the value.

Bug: 12915
Change-Id: Ia314b8dc840b9d26d2c1d185f06ef93f242a3a7b
Reviewed-on: https://code.wireshark.org/review/19019
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Put tap-exportobject.h into the release tarball.

Change-Id: I5c103c5b513c32c5de0ea90956f9049fd6b0edec
Reviewed-on: https://code.wireshark.org/review/19022
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Enable exporting objects with tshark

A new "--export-object <protocol>,<destdir>" option is added to tshark.

This required refactoring Export Object behavior in all GUIs to give the
export object handling to the dissector, rather than the ui layer.
Included in the refactoring was fixing some serious memory leaks in Qt
Export Object dialog, crash due to memory scope issues in GTK Export
Object dialog, and addition sorting column feature in Qt dialog (set
up by creating a widget to manage the items that were previously
leaking memory)

Bug: 9319
Ping-Bug: 13174
Change-Id: I515d7662fa1f150f672b1476716f347ec27deb9b
Reviewed-on: https://code.wireshark.org/review/18927
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>

BOOTP: Fix V-I Vendor-Specific Information Option

Apply the same value checks to the vendor generic suboption dissection
as is done for the Cable lab and ADSL forum ones.
See https://ask.wireshark.org/questions/57695 for an example issue.

Change-Id: I4fe07d07cf0a93f4693e5ff54dd70c008701cf41
Reviewed-on: https://code.wireshark.org/review/18999
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

autotools: fix typo.

The required executable is rpmbuild and not rpm.

Change-Id: Iba1bff9c7fb6907659451a977ad8ab98efb169da
Reviewed-on: https://code.wireshark.org/review/19015
Reviewed-by: Anders Broman <a.broman58@gmail.com>

simple_dialog(.h): fix parameter 'Type' not found in the function declaration [-Wdocumentation]

Change-Id: I3dc476af941221b1d59f31bd6f639a49059e38a9
Reviewed-on: https://code.wireshark.org/review/19014
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make sure config.h is included before inet_addr.h.

Otherwise, _FILE_OFFSET_BITS might be defined by a header file included
by inet_addr.h before it gets defined by config.h.

Change-Id: I5987b3f1493b81fd2d427d9792b9606117b255d0
Reviewed-on: https://code.wireshark.org/review/19018
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Do *NOT* strip newlines from the standard input of sed.

There is *NO* guarantee that sed will do anything useful with input that
doesn't have a newline and, in fact, the default sed in Solaris 11
doesn't produce *any* output if you hand it input with no newline.

Furthermore, doing xxx=`yyy` will, if the output of yyy has newlines at
the end, strip them; to quote section 2.6.3 "Command Substitution" of
the Single UNIX Specification:

The shell shall expand the command substitution by executing
command in a subshell environment (see Shell Execution
Environment) and replacing the command substitution (the text of
command plus the enclosing "$()" or backquotes) with the
standard output of the command, removing sequences of one or
more <newline> characters at the end of the substitution.

so there's no need to strip the newline.

Change-Id: Ia710f67a42739c1e218eb9fec53a54bde6e010da
Reviewed-on: https://code.wireshark.org/review/19016
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Qt: Fix QStyledItemDelegate assertions.

QStyledItemDelegate::paint asserts if you pass it an empty QModelIndex.
We were doing this in PercentBarDelegate and TimelineDelegate in order to
keep it from drawing any text. Return an empty string from ::displayText
instead, which appears to be the correct way to paint without text.

Bug: 13180
Change-Id: I8064d9575e04e95a926797eec7f6ad2b0bfef1c0
Reviewed-on: https://code.wireshark.org/review/19007
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

The Kerberos dissector include Kerberos header, and needs KRB5_CFLAGS.

Change-Id: I9a0e6ff09292fafca970e8ff423f18a835b5f2c4
Reviewed-on: https://code.wireshark.org/review/19011
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Prefs: Use g_utf8_strlen instead of strlen.

Change-Id: I99e2906b3c31f4aebcda44f4433f0fdd457ced3b
Reviewed-on: https://code.wireshark.org/review/19008
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Clean up error messages.

Also, use elif in some chains of tests, to make it a bit clearer that
the cases in question are disjoint.

Change-Id: I6dc92d536450c7ac3db6ee118581a5ed0c3ce80c
Reviewed-on: https://code.wireshark.org/review/19009
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RPM: fix the date in a recent changelog entry.

RPM complains when the date isn't valid.

Change-Id: I859a9900ba87d52159071b06310d5873c092231a
Reviewed-on: https://code.wireshark.org/review/19003
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>

ssh: add DSA host key dissection

Change-Id: Ib1e2b4e57832e94b94d34102c0079f820b18f350
Reviewed-on: https://code.wireshark.org/review/19000
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Check preference titles and descriptions.

When registering preferences, make sure our titles and descriptions are
valid UTF-8. Make sure our titles are short and only contain printable
characters.

Fix problematic titles and descriptions.

Change-Id: I20d3f93438f2b3c30266f934297feb79897f2ee5
Reviewed-on: https://code.wireshark.org/review/18998
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

Qt: fix crash when closing RTP player while playing

For some time, the RTP Player has been crashing for me (Arch Linux, Qt
5.7.0) when the RTP Player is active (affects also Wireshark 2.0.5).

This call trace was observed:

    + RtpPlayerDialog::reject (closing dialog via Escape / Close button)
      + RtpAudioStream::stopPlaying
        + RtpAudioStream::outputStateChanged(QAudio::StoppedState)
          + QAudioOutput::deleteLater   // problematic!
      + RtpPlayerDialog::~RtpPlayerDialog
        + RtpAudioStream::~RtpAudioStream

As the QAudioOutput instance is a child of RtpAudioStream, it is also
destroyed after that. QAudioOutput's destructor somehow invokes (via
libqtmedia_pulse.so) a main loop iteration which invokes the previously
scheduled deleteLater call.

As QAudioOutput was already being destructed, this results in a crash.
Workaround this by removing this child from RtpAudioStream (no cruelty
intended).

Change-Id: I88f2e929ac566534be5d2270e2e0b194685533eb
Reviewed-on: https://code.wireshark.org/review/18970
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Fix simple_dialog formatting.

Make sure that simple_dialog displays plain text. Trim whitespace
and remove excessive newlines in order to improve message formatting.
Add a comment about simple_dialog's behavior in Qt and GTK+ and how it
might be improved.

Bug: 13178
Change-Id: Ic6ff3cecd5ef1d76ec095d7a409f38e602b41ce2
Reviewed-on: https://code.wireshark.org/review/18985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ssl,dtls: add expert info for overly large record lengths

All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
add expert info if this is exceeded. Spotted in the wild via
https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid

Tested with a synthetic pcap having length 2^14+1 using Python:

    from scapy.all import IP, TCP, UDP, wrpcap
    len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
    wrpcap('bad-record-length.pcap', [
    IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
    IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
    ])

Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
Reviewed-on: https://code.wireshark.org/review/18959
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

sip: register with Websocket dissector (RFC 7118)

The subprotocol is also listed in the IANA registry at
https://www.iana.org/assignments/websocket/websocket.xhtml#subprotocol-name

Tested with the pcap from the linked bug.

Bug: 11420
Change-Id: I4ba8e6c55889f72f5aca37c4ae759e2cd20a22b7
Reviewed-on: https://code.wireshark.org/review/18989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix the build when a different version of Qt is in PATH

When we add our Qt to PATH, prepend it so that it will be found first.

Change-Id: I405496d6a08d676b5a2e0d9bd792de7ba9abe7f9
Reviewed-on: https://code.wireshark.org/review/18988
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>

Qt: fix GoToPacket when Voip Calls dialog is closed

After opening the Call Flows dialog from the Voip Calls dialog, followed
by closing the Voip Calls dialog, the Go To Packet functionality in the
Call Flows dialog is broken. That happens because the signal is not
proxied anymore.

Just remove all these indirections via signals and directly update the
selected packet.

Change-Id: I9c6d519dbe800e4dfdf0407d832f17819b344e46
Reviewed-on: https://code.wireshark.org/review/18933
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

3GPP NAS: shorten some value_string to avoid truncation during display

Change-Id: I50f9bbec5405c17a59c5eaac9833929737b8c145
Reviewed-on: https://code.wireshark.org/review/18984
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Handle FT_CHAR, and report unsupported types as such.

FT_CHAR is straightforward to support.

Split the list of "invalid" types into a list of "unsupported" types and
a short list of "invalid" types, containing FT_PCRE (which isn't a valid
type for a field) and "everything else". Add FT_IEEE_11073_SFLOAT and
FT_IEEE_11073_FLOAT to the "unsupported" list.

Flag the whole unsupported list as just "not handled yet".

Change-Id: I62d2d7eead53377e4e601594a035b4395fdbeead
Reviewed-on: https://code.wireshark.org/review/18979
Reviewed-by: Guy Harris <guy@alum.mit.edu>

3GPP NAS: add an expert info when APN encoding exceeds 100 bytes

As stated in 3GPP 23.003:
"the APN has, after encoding as defined in the paragraph below,
a maximum length of 100 octets"

Change-Id: Iae23117f44ea5b668f6cb23dbd0e726e4e56ce41
Reviewed-on: https://code.wireshark.org/review/18972
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Qt: Position UAT hint label just below the list.

Place the UAT hint label at the same position as in other dialogs;
just below the main widget. Also use smaller font and italic.

Change-Id: I51251825ff08122e17ca60144ef53fed5c6142ef
Reviewed-on: https://code.wireshark.org/review/18969
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Update UAT OK button enabled on delete.

Check if the OK button should be enabled when removing a row in a
UAT dialog. Also update the error hint.

Change-Id: Icb5c47c2b2e65ed266fd2c7e3a1535f6a3a50279
Reviewed-on: https://code.wireshark.org/review/18967
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Fix conversation buttons.

Move parts of currentTabChanged to conversationSelectionChanged. This
lets us enable the "Follow Stream" and "Graph" buttons when either the
current tab or the current selection changes.

Bug: 12893
Change-Id: I025447d26073a938f2d8b5a8fcad7c0d5e855650
Reviewed-on: https://code.wireshark.org/review/18963
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Qt: fix heap-use-after-free when double-clicking a packet number

On double-clicking a packet number, the current field item is
invalidated by goToPacket. Skip the URL since a field can either have a
URL or a frame number (but not both).

Change-Id: I58e5445fa74071fa0fd203df77ebdecdd1478d31
Reviewed-on: https://code.wireshark.org/review/18971
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Update message on outdated precommit hook

Change-Id: I3afb93cced09df7844c0810438ee6d760f8237a5
Reviewed-on: https://code.wireshark.org/review/18960
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

[Automatic update for 2016-11-27]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: I3dae07ff98d80f02d1aaf7408e81faf6614d7058
Reviewed-on: https://code.wireshark.org/review/18964
Reviewed-by: Gerald Combs <gerald@wireshark.org>