Michael Mann [Fri, 25 Sep 2015 14:09:07 +0000 (10:09 -0400)]
ncp2222: Use BASE_CUSTOM for date and time fields.
This simplifies some of the logic required for field formatting.
Change-Id: I2f9a612b18e3e4ca01311683d9cf61cbad9950f4
Reviewed-on: https://code.wireshark.org/review/10649
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann [Thu, 24 Sep 2015 02:55:35 +0000 (22:55 -0400)]
Convert dissect_nds_request and dissect_nds_reply to use proto_tree_add_xxx directly instead of the homegrown nds_val.
Change-Id: Ie67892caec2cddee591631045233f8a3f1cc0bc6
Reviewed-on: https://code.wireshark.org/review/10648
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Thu, 24 Sep 2015 17:42:46 +0000 (10:42 -0700)]
CMake: Add a hardening-check target.
On Windows, add a hardening-check target which checks for DYNAMICBASE
and NXCOMPAT using the PowerShell script Get-HardenFlags.ps1.
For a Visual Studio solution, run the check by calling:
msbuild /m /p:Configuration=RelWithDebInfo hardening-check.vcxproj
using the config as appropriate for your build.
Otherwise if we find the Debian/Fedora hardening-check script add a
target which runs it for each of our executables.
Change-Id: I62263e81d155c66e8c8edc751ffab535bf9f3b96
Reviewed-on: https://code.wireshark.org/review/10641
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pascal Quantin [Fri, 25 Sep 2015 19:38:03 +0000 (21:38 +0200)]
airpdcap: fix WEP decryption
Using memcpy with overlapping buffers is not safe; use memmove instead
Bug: 11549
Change-Id: I8e15eb0af38d325a5e67e8748008126ac5994588
Reviewed-on: https://code.wireshark.org/review/10652
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Michal Pazdera [Mon, 14 Sep 2015 08:28:30 +0000 (10:28 +0200)]
Multiple SSL content in one packet fix
When SSL packet contains multiple encrypted contents the WS shows only the
last record due the wrong indexing of the structure where the decrypted
contents are stored. Should use tvb_raw_offset(tvb)+offset instead of
offset as I think was intended.
Added the same fix for DTLS.
Bug: 11523
Change-Id: I0a977a0e6ebe7c45e526fa5152b8614463abd4fa
Reviewed-on: https://code.wireshark.org/review/10528
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Balint Reczey [Thu, 24 Sep 2015 07:56:14 +0000 (09:56 +0200)]
cmake: Enable PIE when it is available by default
Change-Id: I88930b8a9de596f93677052b2046c1b85cc34c6b
Reviewed-on: https://code.wireshark.org/review/10635
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Balint Reczey [Fri, 25 Sep 2015 07:53:25 +0000 (09:53 +0200)]
Export all hardening options in .deb packages
Change-Id: I0448e564305ce78dee4ec364007e0162c6f74c09
Reviewed-on: https://code.wireshark.org/review/10644
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Alexis La Goutte [Fri, 25 Sep 2015 09:24:07 +0000 (11:24 +0200)]
ISAKMP(ikev2): Type Hash and URL of X.509 certificate is not decoded
Reported by Marius
Bug:11543
Change-Id: Ic9d3b6b26a917601356eb957fd8270f2482f6aee
Reviewed-on: https://code.wireshark.org/review/10645
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann [Thu, 24 Sep 2015 00:56:50 +0000 (20:56 -0400)]
Refactor NCP Python data so that INFO column can be generated on the fly (TAKE 2)
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited (and allows for more fields to be displayed on some malformed packets).
There are still expert infos (and possibly column APIs) under if (tree)s, but I'm not sure how FAKE_TREE_IS_VISIBLE factors into that. Removing the FAKE_TREE_IS_VISIBLE seems to negatively affect dissection.
Change-Id: Ie487e851c2f6558dd12f0c7010757b4a5f36226b
Reviewed-on: https://code.wireshark.org/review/10631
Reviewed-by: Michael Mann <mmann78@netscape.net>
Juan Matias [Wed, 23 Sep 2015 21:49:27 +0000 (23:49 +0200)]
UI QT: fix unused variable 'show_delay_' error
Change-Id: I966d839c755090679bb3fc79d2ba36645e561c19
Reviewed-on: https://code.wireshark.org/review/10633
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris [Thu, 24 Sep 2015 17:42:59 +0000 (10:42 -0700)]
Comments based on MSDN Native 802.11 documentation.
Change-Id: Ica8ab4416f7ffd11bd71d3bd1e15098a9788c84e
Reviewed-on: https://code.wireshark.org/review/10640
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Thu, 24 Sep 2015 17:31:23 +0000 (10:31 -0700)]
Additional Windows PHY types, from the NDIS documentation.
The PHY types in the NDIS documentation, not surprisingly, match the
ones for Network Monitor. Add support for the ones that didn't have it
already.
Change-Id: Ie135b7ea5634f0eb7950380d12473ac4b12c7a6d
Reviewed-on: https://code.wireshark.org/review/10639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tatsuhiro Tsujikawa [Thu, 24 Sep 2015 15:12:12 +0000 (17:12 +0200)]
NGHTTP2: Fix warning this decimal constant is unsigned only in ISO C90
Backport patch from 1.3.4 (Available soon)
Change-Id: I32565835a3be78a9eeea2cf4f4d7d4825de9aa40
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10638
Gerald Combs [Wed, 23 Sep 2015 21:54:25 +0000 (14:54 -0700)]
Qt: Show keyboard shortcuts in the about box.
Add a "Keyboard Shortcuts" tab to the about box for lack of a better
place. Show every action in the main window which has an associated
shortcut except for recent items.
We might want to add a command-line option to dump the shortcuts in
addition to or instead of showing them here.
Change-Id: I875043048a44930391fefcbbaf17c5b10a7bb8c6
Reviewed-on: https://code.wireshark.org/review/10634
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Alexis La Goutte [Thu, 24 Sep 2015 08:56:23 +0000 (10:56 +0200)]
QUIC: Fix some issue (Malformed frame) with handshake heuristics
Need to check if there is data before get a value...
Change-Id: I45592e9a2c55a5bce57a40f7e3153e8f540ca316
Reviewed-on: https://code.wireshark.org/review/10636
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Alexis La Goutte [Wed, 23 Sep 2015 20:16:46 +0000 (22:16 +0200)]
NGHTTP2: Update to 1.3.3
Change-Id: Id52d04859d61ffc720791cf90294cac4b1915a28
Reviewed-on: https://code.wireshark.org/review/10629
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Alexis La Goutte [Wed, 16 Sep 2015 10:39:21 +0000 (12:39 +0200)]
QUIC: Add Regular Frame Type...
Add also heuristic to check if it is handstake
Ping-Bug: 11494
Change-Id: I833d294a3a6fdc89cc6d6a5d72d388a3328bf802
Reviewed-on: https://code.wireshark.org/review/10566
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Wed, 23 Sep 2015 00:18:33 +0000 (17:18 -0700)]
Qt: Always make the packet list row heights uniform.
In tests here using GTK+ 2.24 and 3.10, GtkTreeView handles multi-line
items by adjusting the height for all rows, but only after the number of
multi-line items exceeds some sort of threshold. For a packet capture
which contains a few DNS packets and a lot of TCP packets, if I change
"Standard query" to "Standard\nquery" in packet-dns.c I get
single-height packet list items. If I change "[TCP segment of a
reassembled PDU]" to "[TCP segment of a\nreassembled PDU]" in
packet-tcp.c (which results in more multi-line column strings) I get
double-height packet list items.
The current Qt code initially sets the uniformRowHeights property then
falls back to variable row heights if we run across a multi-line column
string. This adds a lot of logic which can impact other functionality
(e.g. column widths) and recalculating row heights is painfully slow for
large numbers of packets.
Instead of trying to manage variable row heights, always enable
uniformRowHeights. Track the maximum newline count and trigger a row
height adjustment when it changes. This mimics the GTK+ UI behavior,
although it should be more reliable.
Note that we need to adjust some numbers in RelatedPacketDelegate.
Change-Id: I289e963b6f00338c4374e602fa3fc83d04554519
Ping-Bug: 11515
Ping-Bug: 10924
Reviewed-on: https://code.wireshark.org/review/10628
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Jeff Morriss [Wed, 23 Sep 2015 14:14:31 +0000 (10:14 -0400)]
Add a test to verify we pre-allocated enough hf entries.
This way we'll know as soon as we drop below the pre-allocated limit. As
suggested by Graham on https://code.wireshark.org/review/10601
Change-Id: Ieeb14bdcf991d7a67c30787c97ca24ebb35d1763
Reviewed-on: https://code.wireshark.org/review/10627
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Gerald Combs [Tue, 22 Sep 2015 16:08:39 +0000 (09:08 -0700)]
Use the Qt-provided media icons.
Use Qt's standard pixmaps to build our media playback, stop, and pause
icons. Note that we probably don't want to do this for all of the
available standard pixmaps.
Change-Id: I78541a46a65583d7365cd601c578ebe8f197c060
Reviewed-on: https://code.wireshark.org/review/10609
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Martin Mathieson [Sun, 20 Sep 2015 07:42:11 +0000 (00:42 -0700)]
LTE MAC Statistics Dialog
Change-Id: I2463fdc0ac209e92d2f2c1abf9da22866d6e22e8
Reviewed-on: https://code.wireshark.org/review/10578
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Dario Lombardo [Mon, 21 Sep 2015 14:06:36 +0000 (16:06 +0200)]
androiddump: add memset in adb_connect() (CID
1293396)
Change-Id: If9d281cd95cf12351d6da5e75c6de149ec7adc06
Reviewed-on: https://code.wireshark.org/review/10598
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Alexis La Goutte [Wed, 23 Sep 2015 09:31:48 +0000 (11:31 +0200)]
Bluetooth: ATT: Missing break in switch (CID
1324756)
Change-Id: Ibe49a59e8825397e776ab236fb59196d293a76c3
Reviewed-on: https://code.wireshark.org/review/10623
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Alexis La Goutte [Wed, 23 Sep 2015 09:28:35 +0000 (11:28 +0200)]
QUIC: Missing break in switch (CID
1324757)
Change-Id: Ia05f5f5679873ee4e063ea74c33c321628747623
Reviewed-on: https://code.wireshark.org/review/10622
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Guy Harris [Wed, 23 Sep 2015 05:47:46 +0000 (22:47 -0700)]
$, not %, is used to introduce a variable reference in CMake.
Change-Id: Ib4af3c5cee9bd2e1adb5758b9389611165e62b62
Reviewed-on: https://code.wireshark.org/review/10619
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pascal Quantin [Tue, 22 Sep 2015 16:32:03 +0000 (18:32 +0200)]
ETSI CAT: always initialize gsm_sms_data_t structure
Otherwise a 8-bit SMS-PP Data Download could be interpreted as requiring SMS packing
Change-Id: I50b5e59194acc3d69d0e247fc909d3f96207094a
Reviewed-on: https://code.wireshark.org/review/10610
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Tue, 22 Sep 2015 15:31:44 +0000 (17:31 +0200)]
GSM RLC/MAC: fix dissection of variable length bitmaps
Bug: 11534
Change-Id: I857134f21ab6a8a135eba6e784807f3f3734bf6c
Reviewed-on: https://code.wireshark.org/review/10607
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jeff Morriss [Mon, 21 Sep 2015 19:00:35 +0000 (15:00 -0400)]
Add a "fieldcount" report to tshark -G to let us easily see how many fields
are registered.
Change-Id: I06f10d96916640cb9a782cae87898a5dd6c9c6e3
Reviewed-on: https://code.wireshark.org/review/10601
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jeff Morriss [Mon, 21 Sep 2015 15:39:11 +0000 (11:39 -0400)]
Increase the number of pre-allocated hfs (from 144k to 170k).
169756 header fields are currently registered. Including the 5k expert info
field pre-allocation this gives us about 5k unused entries (until we should
increase this number again).
Change-Id: Id8ea979cbe9e80756c12b5b73e816bbe3e9856ad
Reviewed-on: https://code.wireshark.org/review/10599
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Tue, 22 Sep 2015 15:48:18 +0000 (17:48 +0200)]
RLC: fix invalid RLC AM control type expert info
Change-Id: I43512e24a0f506b65521b7bc53acf00be58d6c2b
Reviewed-on: https://code.wireshark.org/review/10608
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Roland Knall [Mon, 21 Sep 2015 08:33:24 +0000 (10:33 +0200)]
openSAFETY: Handle SPDO message types differently
SPDOs code the 0x04 bit differently, as it is not part
of the message type, but rather a flag for connection validation
I do not want to introduce a second message type, as this would break
compatibility with existing stored filters, also adding the bitmask
to the hf field, would alter the byte value, as it would shift
the value to the right.
Change-Id: I6b70bec29a55dfb556652d9dc940a896b864943b
Reviewed-on: https://code.wireshark.org/review/10595
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann [Tue, 22 Sep 2015 20:05:25 +0000 (20:05 +0000)]
Revert "Refactor NCP Python data so that INFO column can be generated on the fly."
This reverts commit
38b6f306a70905be8b29ffaeb75288d315ff9b04.
Change-Id: I6ec83b94811be7699880e9a741c68faaac175bd0
Reviewed-on: https://code.wireshark.org/review/10613
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Mon, 21 Sep 2015 17:32:40 +0000 (10:32 -0700)]
Make it possible to disable PercentBarDelegate.
Add a check to PercentBarDelegate to see if the caller set text for this
item or did not set a valid double value. If either case is true, just
draw the item normally and return.
Change-Id: I028ee15d54f06f2cb16c6e5f1ef73c47b2886ccd
Reviewed-on: https://code.wireshark.org/review/10600
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pascal Quantin [Mon, 21 Sep 2015 12:46:38 +0000 (14:46 +0200)]
IPv4: fix 'Decode As' when used with IPv4-in-IPv4 packets
Issue reported by João Valverde
Change-Id: I38c3148e87f85486efa2720833a7559c6eec964a
Reviewed-on: https://code.wireshark.org/review/10596
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Gerald Combs [Sun, 20 Sep 2015 20:17:07 +0000 (13:17 -0700)]
Qt: Add idle dissection.
Features such as sorting and scroll bar colorization require
fully-dissected packets. We currently do dissection at the wrong time --
*after* the user clicks on a packet list column header or moves the
scrollbar.
Add a timer + slot that dissects packets when the UI is idle so that our
packets are at least partially dissected when we need them.
Change-Id: I024c590af2250d67404a520f118e46ec0c49cd71
Reviewed-on: https://code.wireshark.org/review/10593
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Peter Wu [Fri, 17 Jul 2015 13:02:49 +0000 (13:02 +0000)]
Revert "Report an error if we fail to open the keylog file."
This reverts commit
d1fcb7dd3482decd70bc3da6fbdef81800f0320f.
Warning the user multiple times about an invalid ssl.keylog_file every
time a SSL stream is encountered is an annoyance (in tshark), but
crashing in GTK+/Qt during live captures is even worse.
Disable the warning for now. Maybe detect it once at startup? That would
not cover removed files though.
Bug: 11488
Change-Id: I56b2eba1df0cff2309584a745b55ada238999fc4
Reviewed-on: https://code.wireshark.org/review/9687
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Alex Badea [Wed, 16 Sep 2015 14:34:20 +0000 (17:34 +0300)]
ssl: determine DTLS by positively checking for UDP
TLS can be tunnelled over other protocols (e.g. TLS over EAP
over 802.1x), which are neither TCP nor UDP. In this case,
we would assume DTLS, which is typically wrong. Assume TLS
instead.
Change-Id: I45d70789f7fa793861297fc2e7a5f2be311bbbb1
Reviewed-on: https://code.wireshark.org/review/10416
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Michael Mann [Mon, 21 Sep 2015 02:20:40 +0000 (22:20 -0400)]
Remove proto_tree_add_text API.
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Tom Haynes [Thu, 17 Sep 2015 21:40:23 +0000 (14:40 -0700)]
nfs: Register CB program statically and not whilst parsing it
The existing code parsed the callback program number from
a packet and then registered the callback program number.
But since the RPC dissector checks for valid and known
program numbers, it never parses it out.
Anyway, NFS4_CALLBACK is a well known number - use it!
Change-Id: Ia812359102bf6620e3b83109eb918032155cd8d3
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/10558
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Sun, 20 Sep 2015 19:09:38 +0000 (12:09 -0700)]
Arguably, some sort of assert belongs there.
Passing a null pointer probably means there's really something else
wrong at a higher level. If we could arrange that the DISSECTOR_ASSERT
macros do something useful when *not* executed during a dissection, that
would work.
Change-Id: I2605d1e1f97d35370736852aaf29eeaf2c560279
Reviewed-on: https://code.wireshark.org/review/10592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Sun, 20 Sep 2015 19:08:34 +0000 (12:08 -0700)]
Return NULL from routines that return pointers, for stylistic consistency.
Change-Id: Idfc236f712e288662bab618e72cd68263950fff4
Reviewed-on: https://code.wireshark.org/review/10591
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Sun, 20 Sep 2015 19:04:52 +0000 (12:04 -0700)]
Don't hand zero-length UUIDs to print_numeric_uuid().
It returns a null pointer if you do.
Change-Id: I3bc934a576dba261d1e71767978e3789a892e728
Reviewed-on: https://code.wireshark.org/review/10590
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Michael Mann [Sat, 5 Sep 2015 13:55:03 +0000 (09:55 -0400)]
Make CSN.1 dissectors more filterable.
The intent here is to remove proto_tree_add_text from packet-csn1.c, but the macros setup means A LOT more hf fields needs to be created.
Many of those new hf fields were created with a perl script
Bug: 11504
Change-Id: If12c7677185f18a7f684fd3746397be92b56b36d
Reviewed-on: https://code.wireshark.org/review/10391
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Sun, 20 Sep 2015 15:11:25 +0000 (08:11 -0700)]
[Automatic update for 2015-09-20]
Update manuf, services enterprise-numbers, translations, and other items.
Change-Id: Ifcdb1c02406189085bda58bc7db10829e3fae2c0
Reviewed-on: https://code.wireshark.org/review/10580
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 18 Sep 2015 18:31:16 +0000 (11:31 -0700)]
Call cf_cb_file_rescan_* callbacks in rescan_packets.
We call cf_cb_file_rescan_{started,finished} in rescan_file. Do the same
in rescan_packets. In the Qt UI this ensures that flushVisibleRows gets
called so that packet_list_select_row_from_data works as expected.
Change-Id: I425b7beb0f97a7d5b84c979fca65b877673b4722
Reviewed-on: https://code.wireshark.org/review/10569
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Gerald Combs [Fri, 18 Sep 2015 22:13:29 +0000 (15:13 -0700)]
Start moving RTP decoding routines to the ui directory.
Move decode_rtp_packet to ui/rtp_media.[ch].
Change-Id: Ib138781c37ac17b807bf75f9d772351aadf72071
Reviewed-on: https://code.wireshark.org/review/10575
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Guillaume Autran [Mon, 27 Jul 2015 15:17:46 +0000 (11:17 -0400)]
TCPROS - Initial implementation for the Robot Operating System TCP protocol
TCPROS is a transport layer for ROS Messages and Services.
It uses standard TCP/IP sockets for transporting message data.
Inbound connections are received via a TCP Server Socket with a header containing message data type and routing information.
For more information, see: http://wiki.ros.org/ROS/TCPROS
Bug: 11404
Change-Id: If8810dbb2cb6d6522eb035fd0fa1cf49933bad3d
Reviewed-on: https://code.wireshark.org/review/9807
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dhananjay Patki [Fri, 18 Sep 2015 12:08:38 +0000 (17:38 +0530)]
MIPv6: Added support for RFC 7148
- Added support for Delegated Mobile Network Prefix as
defined in RFC 7148.
- Corrected the issue where GRE Key option with no key
was not displayed properly.
- Also added append-text for the HNP option to also
display the HNP value.
Change-Id: I42a4bc1627e9e764f10d96aa3988c1f430f00ceb
Reviewed-on: https://code.wireshark.org/review/10565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Wed, 16 Sep 2015 21:58:49 +0000 (23:58 +0200)]
Fix 'Decode As' when used with IPv6-in-IPv6 packets
Add the ability to identify an instance of the dissector table to be modified by 'Decode As' thanks to pinfo->curr_layer_num
For now only IPv6 makes use of it but it could be extended to any other protocol
Also get rid of ipv6.nxt protocol: it is not required for 'Decode As' functionality and was colliding with ipv6.nxt field
Change-Id: I3c7403c77328ad7170e13af028d178f962a2b508
Reviewed-on: https://code.wireshark.org/review/10552
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Gerald Combs [Sat, 19 Sep 2015 01:04:19 +0000 (18:04 -0700)]
Fix more signal+slot mismatches.
Change-Id: I347509d3a7765387c48e5aaeaab417617320cf13
Reviewed-on: https://code.wireshark.org/review/10576
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petr Gotthard [Fri, 18 Sep 2015 20:15:20 +0000 (22:15 +0200)]
AMQP 0-9-1: More expert information
A little usability improvement: Warn user on connection and channel
errors and when a message is undeliverable.
Change-Id: I6106a63472b1fb5cbbabcf82a90af0f489030458
Reviewed-on: https://code.wireshark.org/review/10573
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann [Fri, 18 Sep 2015 19:39:37 +0000 (15:39 -0400)]
Refactor NCP Python data so that INFO column can be generated on the fly.
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited.
There are still expert infos (and possibly column APIs) under if (tree)s, but with the FAKE_TREE_IS_VISIBLE "hacks" removed, there should be less fear in removing the tree checks.
Change-Id: I847827395fc28704f468df8bc8b47b297dde8479
Reviewed-on: https://code.wireshark.org/review/10572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann [Wed, 16 Sep 2015 21:55:43 +0000 (17:55 -0400)]
Some more ncp2222 improvements
Including:
1. Using ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN instead of self made macros
2. Creating an "expert info hook" so that fields can be parsed "in real time" and added as expert info instead of searching by field name and manually getting values. Most of the expert info is still under if (tree)s, but this is another step closer to removing all of the "manual labor" done that requires "special handling" of all tree functionality. Once the "manual labor" is removed, this dissector can behave like every other dissector and the if (tree)s can be removed with more abandon.
Change-Id: If2c6a4c723e12e070e68d6df2d492d4b5ac35123
Reviewed-on: https://code.wireshark.org/review/10555
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Fri, 18 Sep 2015 21:33:41 +0000 (14:33 -0700)]
Fix a VoipCallsDialog signal+slot mismatch.
Change-Id: I9c16cc138b55572aa19b6e02ca059ebde294bdbd
Reviewed-on: https://code.wireshark.org/review/10574
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pascal Quantin [Fri, 18 Sep 2015 19:16:57 +0000 (21:16 +0200)]
Qt: set default current protocol in 'Decode As' window to none instead of HTTP
It makes more sense (not trying to decode UDP/TCP ports as HTTP) and is consistent across dissectors tables (while currently we have an empty field for tables other than UDP/TCP)
Change-Id: I794529f0f46b4197437a1d258f808991ae2338ad
Reviewed-on: https://code.wireshark.org/review/10571
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Fri, 18 Sep 2015 19:08:57 +0000 (12:08 -0700)]
Fix WLAN statistics header behavior.
Connect itemSelectionChanged to header label updates instead of
currentItemChanged, which seems to be more reliable.
Change-Id: I29f8f2144ad6584e0612d43ec3aac5b258f08ebd
Reviewed-on: https://code.wireshark.org/review/10570
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 18 Sep 2015 16:09:38 +0000 (09:09 -0700)]
Sync GTK+ and Qt progress timer logic.
The GTK+ update_progress_dlg() initially forces a UI update. Do so in
the Qt version as well.
Change-Id: I05d9e61a0d0e4e05af448039bbb81785ac00908c
Reviewed-on: https://code.wireshark.org/review/10568
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Pascal Quantin [Fri, 18 Sep 2015 16:48:09 +0000 (18:48 +0200)]
Qt: flush visible rows before trying to select one
Otherwise you end up with a 'End of capture exceeded' popup when calling rescan_packets() with only a few packets in the capture
Change-Id: Idb387ce95f1d22b934e735c350ea0c117763d89a
Reviewed-on: https://code.wireshark.org/review/10567
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Peter Wu [Sun, 13 Sep 2015 22:33:27 +0000 (00:33 +0200)]
spdy: do not overwrite HTTPS registration
Setting a zero port still allows it for selection in the UAT dialog
while not breaking HTTPS dissection.
(In theory the UAT setting would work. In practice it would still call
ssl_dissector_add and take over the SSL registration for all tcp/443
traffic. On removal with ssl_dissector_remove, the HTTPS port is not
added back again until a restart (or until the HTTPS ports list is
changed from the default) because the spdy registration overwrites the
HTTP one...)
Also note that NPN detection for SPDY is not implemented, only ALPN
detection is supported.
Bug: 10984
Change-Id: I6e84aa6408abf40bb860abee4845731ce55ce254
Reviewed-on: https://code.wireshark.org/review/10517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pascal Quantin [Fri, 18 Sep 2015 10:41:05 +0000 (12:41 +0200)]
NAS EPS: do not try to decode Message Elements when the end of the message is reached
Change-Id: Iaa05c3b4268c5c618134810c49f65d63995eccfb
Reviewed-on: https://code.wireshark.org/review/10564
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Alexis La Goutte [Thu, 23 Apr 2015 06:30:45 +0000 (08:30 +0200)]
QUIC: Fix Num Timestamp dissection
Change-Id: I75ba3807daadf95d135bc73083b6ff37528b2068
Reviewed-on: https://code.wireshark.org/review/10561
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Fri, 18 Sep 2015 07:15:42 +0000 (09:15 +0200)]
main_toolbar (GTK): Fix no previous prototype for ‘plugin_if_maintoolbar_goto_frame’ [-Wmissing-prototypes]
Change-Id: Ibb58694e730389b1e8ef3790595ed16d8699d37c
Reviewed-on: https://code.wireshark.org/review/10563
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Fri, 18 Sep 2015 06:50:46 +0000 (08:50 +0200)]
DHCP (bootp): Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
Change-Id: Ie67b4fd7a3d8655f0b33c3a37b0cf08e7f248a76
Reviewed-on: https://code.wireshark.org/review/10562
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hadriel Kaplan [Wed, 5 Aug 2015 13:24:50 +0000 (09:24 -0400)]
RTP: handle payload reassembly for multiple fragments
If an RTP payload spans more than two packets, the dissector needs to
save the previous fragment info.
Bug: 11413
Change-Id: I62558f40136881d70bf2a9597eabd3697966ac4a
Reviewed-on: https://code.wireshark.org/review/9875
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Thu, 23 Apr 2015 06:30:45 +0000 (08:30 +0200)]
QUIC: Add Client/Server handshake (CHLO / SHLO / REJ)
Support decode of tag/value
Only try to decode handshake when sequence number = 1
(Working on function to check if the packet is handshake..)
There is sometimes issue for decode ACK Special Frame Type...
Bug: 11494
Change-Id: If1f4051fc9c11d343acb7f15f94a325d4243a070
Reviewed-on: https://code.wireshark.org/review/8171
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
João Valverde [Wed, 2 Sep 2015 00:28:18 +0000 (01:28 +0100)]
Make IPv4/IPv6 DiffServ fields uniform
Replace DSCP/ECT/CE with DSCP/ECN for IPv6.
Introduce short descriptions for DSCP/ECN values.
Formating changes:
- Make IPv4 and IPv6 as similar as possible.
- Display short abbreviations only for "Differentiated Services Field".
- Display DiffServ field as hex for IPv4.
- Elide leading zeros from hex representation from DiffServ field for IPv6.
- Display DSCP/ECN as decimal in subtree (same as "IP DSCP" column format).
Change-Id: Ia69d11dc9c1d752eb2e269314287c885506b5353
Reviewed-on: https://code.wireshark.org/review/10360
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Wed, 16 Sep 2015 10:34:46 +0000 (12:34 +0200)]
pkcs1: remove unused RSAPrivateKey definition
RSA private keys are typically not found in network captures, so let's
just remove it. This removal avoids overloading the pkcs1.modulus
field with the same meaning from two different contexts (RSAPrivateKey
and RSAPublicKey).
Change-Id: I65239718e6fc801fc53fa46c467dc86620aa3b29
Reviewed-on: https://code.wireshark.org/review/10546
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jeff Morriss [Fri, 18 Sep 2015 00:41:50 +0000 (20:41 -0400)]
When we're updating the progress bar, ask that it be updated (redrawn) too.
At least on Linux/X11 with Qt5 this appears to be necessary so the progress
bar updates more than once every 2 seconds or so (when loading a large file).
Change-Id: I7eea9c0d97d24bc14ad75f082a3531dcf1a3b6ae
Reviewed-on: https://code.wireshark.org/review/10559
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Jeroen Roovers [Sun, 13 Sep 2015 23:10:55 +0000 (19:10 -0400)]
do not clobber user CFLAGS
Bug: 10791
Change-Id: I58c35c757039e69111a39100f5ccb306e098d591
Reviewed-on: https://code.wireshark.org/review/10519
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs [Thu, 17 Sep 2015 19:32:28 +0000 (12:32 -0700)]
Fix some signal → slot mismatches.
Update some signal definitions to match gb4e972b.
Bug: 11524
Change-Id: I0d98a4e83c791221962943c3dec8f0d4296d3027
Reviewed-on: https://code.wireshark.org/review/10557
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Thu, 17 Sep 2015 17:32:55 +0000 (10:32 -0700)]
Qt: Add an event processing timer.
When updating the progress dialog (which happens each time we read a
packet) the GTK+ UI processes application events every 100ms. Do the
same in the Qt UI.
Ping-Bug: 11515
Change-Id: Ic53eade05c0b82bf436c08618f28506c5fcdbc94
Reviewed-on: https://code.wireshark.org/review/10554
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Wed, 16 Sep 2015 17:46:45 +0000 (10:46 -0700)]
Packet list speedups.
beginInsertRows + endInsertRows is expensive. Instead of calling them
each time we add a packet to the list, queue up a list of visible packets
and flush it during the next UI update.
Assume that none of our column data has newlines. Enable
uniformRowHeights and only disable it when we need to. Note that this
requires further work.
Ping-Bug: 11515
Ping-Bug: 10924
Change-Id: Ifbdd2964b174247a4745d4889ebda5bf3b886ba4
Reviewed-on: https://code.wireshark.org/review/10553
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Thu, 17 Sep 2015 19:21:54 +0000 (12:21 -0700)]
IAX2: Initialize a variable.
Change-Id: I0981fd93969e2f0168c83688b691f51407f4119e
Reviewed-on: https://code.wireshark.org/review/10556
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Michael Mann [Wed, 16 Sep 2015 17:09:12 +0000 (13:09 -0400)]
ncp2222 - Convert process_bitfield -> proto_tree_add_bitmask and other cleanup.
The dissector is doing a lot of unnecessary "manual" operations. Start the process of simplifying that to encourage use of general APIs and put control of the "field name" in the hands of the hf_ entry it belongs with.
Change-Id: I5b048c04858ac4a846a276ba12d61c665deb66f8
Reviewed-on: https://code.wireshark.org/review/10547
Reviewed-by: Michael Mann <mmann78@netscape.net>
Martin Kaiser [Wed, 16 Sep 2015 20:25:17 +0000 (22:25 +0200)]
[iax2] don't THROW() an exception from a dissector
in this case, it's enough to exit the switch block and try to continue
with the next element
we might now end up with ie_item==NULL after the switch, so replace the
assertion with a check
Change-Id: Id54346077eb8aa12b22575f3ab6fa80087f240ce
Reviewed-on: https://code.wireshark.org/review/10549
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Kaiser [Tue, 15 Sep 2015 17:33:32 +0000 (19:33 +0200)]
change the representation of an empty byte array in a display filter
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Martin Kaiser [Wed, 16 Sep 2015 20:29:18 +0000 (22:29 +0200)]
[iax2] minor cleanup
replace switch-case with if
remove an initial value that's overwritten immediately
Change-Id: I98487ed08f91416179fcbbbaf80bf1b126a8d1c2
Reviewed-on: https://code.wireshark.org/review/10548
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Wed, 16 Sep 2015 20:51:08 +0000 (13:51 -0700)]
As far as I can tell the name is "Git" and not "GIT".
Update the Git protocol dissector strings accordingly.
Change-Id: If9a8f04dcd31e9ad930d328654b1c6479472e48c
Reviewed-on: https://code.wireshark.org/review/10550
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Jeff Morriss [Mon, 14 Sep 2015 21:22:47 +0000 (17:22 -0400)]
Don't force Lua support in RPMs (some distros don't ship a compatible Lua
anymore).
Also make the RPM follow configure's qt4-vs-qt5 choice.
Change-Id: I832af99e055d42b92f3a7c8e4378c7a9d5d628b9
Reviewed-on: https://code.wireshark.org/review/10532
Reviewed-by: Jeffrey Smith <whydoubt@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
João Valverde [Thu, 10 Sep 2015 17:55:57 +0000 (18:55 +0100)]
IPv6: Make "ip.version" field hidden
Change-Id: Ib9a29205c36b3a50989ffeddb28e349ede16efd3
Reviewed-on: https://code.wireshark.org/review/10474
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Peter Wu [Wed, 16 Sep 2015 09:06:00 +0000 (11:06 +0200)]
http: preserve desegmentation functionality for http2
When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Pascal Quantin [Wed, 16 Sep 2015 08:49:43 +0000 (10:49 +0200)]
NFS: add a missing return when the IO hints bitmap is too large
Bug: 11528
Change-Id: I9f92a2b38e9c094609b960eb1e105cc57ea66de3
Reviewed-on: https://code.wireshark.org/review/10543
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Peter Wu [Tue, 15 Sep 2015 22:29:00 +0000 (00:29 +0200)]
http2: fix dissection when using Upgrade
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bill Meier [Sat, 5 Sep 2015 22:31:11 +0000 (18:31 -0400)]
[tcp] Fix case of incorrect "[TCP ACKed unseen segment]"
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Peter Wu [Tue, 15 Sep 2015 16:46:36 +0000 (18:46 +0200)]
x509,ber: fix header field of large integers
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Jeff Morriss [Tue, 15 Sep 2015 14:53:58 +0000 (10:53 -0400)]
mate.released_time is added as a float so register it as such.
As noted in:
https://ask.wireshark.org/questions/45835/wireshark-mate-correlation-multiple-gops
Realistically all MATE's times should probably be converted to
FT_RELATIVE_TIMEs but that's a project for another day.
Change-Id: I11f640be769d16ccfd787ae2d7f3837fa03ad379
Reviewed-on: https://code.wireshark.org/review/10537
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peter Wu [Tue, 15 Sep 2015 16:37:09 +0000 (18:37 +0200)]
asni_tcap: actually regenerate dissector after cleanup
Rane make -C asn1 and found this missing change.
Somehow the unnecessary initialization was not included with the
dissector regeneration in
3243b6f964c96f0137fc3fffd66a74dd9f7910fd
("asn1: split off cleanup routines").
Change-Id: I26d6f0ca4e7fa0b791108f016c684556da5d06e8
Reviewed-on: https://code.wireshark.org/review/10538
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Alexis La Goutte [Tue, 15 Sep 2015 12:48:19 +0000 (14:48 +0200)]
MTP3 Summary: fix no previous prototype for ‘register_tap_listener_gtk_mtp3_summary’ [-Wmissing-prototypes]
Change-Id: Iee26ba47802f3091f7e7264d2d7ce4b5e22db53c
Reviewed-on: https://code.wireshark.org/review/10536
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michael Mann [Sat, 12 Sep 2015 13:37:05 +0000 (09:37 -0400)]
Apply fix-encoding-args.pl "manually" and other cleanup.
I'm guessing fix-encoding-args.pl doesn't work on packet-ncp2222.inc because the hf_ declarations/definitions aren't in the file itself, so it can't figure out endianness or field type. So to bring the file up to modern coding standards, I did it "manually". In general I think this file has escaped critique because of the "generated" nature of the dissector.
Also removed tvb_ensure_bytes_exist and tvb_get_ptr use as both were superfluous.
Change-Id: I224f0ce15f8eb93c48ecb8eea66d161d98468f23
Reviewed-on: https://code.wireshark.org/review/10502
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
gmor1207@gmail.com [Thu, 13 Aug 2015 15:28:18 +0000 (10:28 -0500)]
ncp2222 Updates
Modifications to ncp2222.py
Add absolute time values eptime for file/volume info
Add support for 64 bit File Transfer NCP's (22/54, 22/55, 22/56, 22/57, 22/58, 87/70, 87/71, 87/72, 87/73, 89/41, 123/35)
Fix numerous dissection errors in NWInfo and ExtNWInfo structures
Fix some indention (white space) in source
Modifications to packet-ncp2222.inc
Change seq count rollover value to 16 instead of 255 to make it more robust
Add ncp 87,72 reply
Add ncp 8x20 request
Fix ncp 8x20 reply
Change-Id: I80bdcc5854c02edd4ea51c74aa0bbc9c0e062bc1
Reviewed-on: https://code.wireshark.org/review/10017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Michael Mann [Sun, 13 Sep 2015 22:38:35 +0000 (18:38 -0400)]
Make fchdr "packet" scoped.
Broken in ge450b9b, when it stopped being static (which fixed other bugs). Conversations still need the fchdr "address" data to remain in scope.
Bug:11457
Change-Id: I17a3814bf76d2940124a2700fb6b12c6d7d834c1
Reviewed-on: https://code.wireshark.org/review/10518
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Michael Mann [Fri, 11 Sep 2015 21:41:13 +0000 (17:41 -0400)]
Eliminate proto_tree_add_text from odds and ends.
A few calls in the epan directory and comments in the ui directory
Change-Id: Ia8f8830ac6909ab94d3a03283bfd173456bc9718
Reviewed-on: https://code.wireshark.org/review/10492
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Alexis La Goutte [Mon, 7 Sep 2015 14:03:11 +0000 (16:03 +0200)]
IAP: Enhance Aruba IAP dissector
After some analysis, update the dissector
Display only VC IP when type = 3, 4, 5 or 7
Change-Id: I53214125eebe978f67f6503072638ce3521cd155
Reviewed-on: https://code.wireshark.org/review/10441
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Jeff Morriss [Thu, 10 Sep 2015 17:41:16 +0000 (13:41 -0400)]
MPEG-PES: tell the user (in COL_INFO) when the stream or frame type is unknown.
Inspired by: https://www.wireshark.org/lists/wireshark-users/201508/msg00023.html
Change-Id: Ib632b79aef5cbb4c83965a276ec955be43493455
Reviewed-on: https://code.wireshark.org/review/10472
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Alexis La Goutte [Mon, 14 Sep 2015 13:43:53 +0000 (15:43 +0200)]
SCSI: Fix typo on modelines
Change-Id: Id3613adbb69a4d02e752504a93bf13aa233ad00c
Reviewed-on: https://code.wireshark.org/review/10530
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Mon, 14 Sep 2015 14:02:43 +0000 (16:02 +0200)]
Qt: align display of packets statistics in status bar with GTK UI
Bug: 11517
Change-Id: Ie47b7eebe58e8a9ac485ddd04fe074c94a0c6741
Reviewed-on: https://code.wireshark.org/review/10531
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Jeffrey Smith [Wed, 26 Aug 2015 14:09:06 +0000 (09:09 -0500)]
Begin support for Qt5 in RPM packaging
The spec file for building RPM's is not currently set up to handle
using Qt5 rather than Qt4.
This change adds Qt5 support to the spec file.
Change-Id: Ie726603377953bec41692a21148325829a26ba9a
Reviewed-on: https://code.wireshark.org/review/10276
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Michal Labedzki [Sun, 7 Jun 2015 09:48:12 +0000 (11:48 +0200)]
Bluetooth: ATT: Add remaining attributes
Add 34 attributes.
All attributes for this day should be supported now.
Expect 3:
0x2906 - Valid Range
0x2A2A - IEEE 11073-20601 Regulatory Certification Data List
0x2A4D - Report
The first is hard to implement now, the second needs to buy
specification, the last one will be implemented later - when USB HID
implementation will be full.
Please note that FLOAT/SFLOAT types are now supported right now.
Change-Id: I0499e17257aa8cb831fbd0cf1524d8e59c98cac7
Reviewed-on: https://code.wireshark.org/review/10526
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Michal Labedzki [Sun, 6 Sep 2015 16:15:04 +0000 (18:15 +0200)]
Use FT_UINT40 in two places
Finally we have FT_UINT40, so used it in Bluetooth ATT and
HDP dissectors.
Change-Id: Iab0e71345f031bca972b1eee20d7e95e193b2aef
Reviewed-on: https://code.wireshark.org/review/10527
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Michal Labedzki [Wed, 26 Aug 2015 16:39:15 +0000 (18:39 +0200)]
Bluetooth: Add "PAN" prefix to three UUIDs
"GN" does not seems to be really useful, but "PAN GN" is reasonable.
Change-Id: Ia04aa20e4b95743c7db46e87606e3843a124d7e4
Reviewed-on: https://code.wireshark.org/review/10524
Reviewed-by: Michael Mann <mmann78@netscape.net>