Replace JSON-GLib by custom JSON dumper library

The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.

API design goals of the new JSON dumper library:

- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
  json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.

Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).

The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
  duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)

A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.

Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wsutil: rename some wsjson functions

Rename wsjson_unescape_json_string to json_decode_string_inplace
(inspired by the g_base64_decode_inplace name). Rename
wsjson_is_valid_json to json_validate (inspired by g_unichar_validate).

Ideally json_parse is inlined with its user (sharkd_session.c), but that
requires exporting the jsmn_init and jsmn_parse functions... Hence the
dependency on jsmn.h remains in wsjson.h.

Change-Id: I7ecfe3565f15516e9115cbd7e025362df2da5416
Reviewed-on: https://code.wireshark.org/review/30731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wsutil: fix indentation/modelines in wsjson

The modelines says tabs, but the actual indentation is 8 spaces. Let's
change it to match the standard 4 spaces in the top-level .editorconfig.

Change-Id: I2b26b095f5e4f6f8d5d083d41ceaae98f9284fba
Reviewed-on: https://code.wireshark.org/review/30730
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add an API to get a list of compressed-file extensions, and use it.

Move all the compressed-file type stuff to wiretap/file_wrappers.c.

Rename wtap_compressed_file_extension() to
wtap_compression_type_extension() for consistency with the other
compression-type-extension routine names.

Move the declarations of the compression-type-extension routines in the
header file.

wtap_compression_type_extension() now returns NULL for
WTAP_UNCOMPRESSED; there's no need to special-case it.

Get rid of the now-unused wtap_compression_type_supported() and
WTAP_NUM_COMPRESSION_TYPES.

Change-Id: Ib93874079bea669a0c87104513dba0d21390455a
Reviewed-on: https://code.wireshark.org/review/30729
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix a comment to reflect reality.

Change-Id: I789b3993dbf07805bed2f8cde70b3ded4b5bc9f9
Reviewed-on: https://code.wireshark.org/review/30727
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Ensure that fixFilenameExtension() is used only when writing a file.

It *should* never happen, but just make sure of that by calling it only
for "open for writing" ("save") dialogs.

Change-Id: I1813f31537c0aa4efdf08c1622db9cb9e7f5ae83
Reviewed-on: https://code.wireshark.org/review/30726
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Convert enum increment into int increment

Using an enum type with the increment operator causes the following
error to be emitted by newer compilers:
"increment of enumeration value is invalid in C++ [-Werror=c++-compat]"
Numerical operations seem only allowed when taking their integer value.
Convert the loops involved to use integer and cast back to
wtap_compression_type when needed.

Change-Id: Ic96a6350c7d4db9ba2ba99df8b922649924c0e7a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30722
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

rpm-setup.sh: We no longer use FOP or AsciiDoc.

Change-Id: I3b6e200be149d12a42604528a695aae98d310b9c
Reviewed-on: https://code.wireshark.org/review/30719
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix MLE security suite display

Security suite 0xff (no security) is displayed incorrectly as 0x7f.

Bug: 15288
Change-Id: Ic899ca724a4a958520e34d522c211e5c625d43ce
Reviewed-on: https://code.wireshark.org/review/30713
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ain:Prettify Carrier and AMAslpID parameters.

Bug: 15285
Change-Id: I34fc67e2faa4c4e53834b257796b3f256239f27a
Reviewed-on: https://code.wireshark.org/review/30711
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

lnpdqp: Get rid of warnings.

Change-Id: Ib38960def1bdefde64b82ba0848c5e13a51189c7
Reviewed-on: https://code.wireshark.org/review/30712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wtap.h: Fix documentation warnings

Change-Id: Ib0b5ae47047d3f574bd35cab045cefb8fcb8778d
Reviewed-on: https://code.wireshark.org/review/30710
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

text2pcap: consolidate ethernet header protocol determination

With the addition of the IPv6 dummy header the logic to set the
correct ethernet protocol has become scattered across the code
and also poured into the actual packet writing code.
Once command line parsing is completed a consistent set of frame
generating parameters should be established.

This change consolidates the ethernet header protocol
determination to one point, with the added benefit of resolving
a possible duplicate IPv4 / IPv6 paramter setting in the same
manner as is done for other conflicting parameters.

Change-Id: I2c0d3ee8ad5a28b216a374dad807406113200fa2
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30691
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Vasil Velichkov <vvvelichkov@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add an API to get the file extension for a compression type, and use it.

Add wtap_compressed_file_extension(), which returns NULL for
WTAP_UNCOMPRESSED and the appropriate file extension for other
compression types.

Add wtap_compression_type_supported(), which returns TRUE for
WTAP_UNCOMPRESSED and all supported compression types and FALSE
otherwise.  ("Supported" means "the code can decompmress files in that
compression format and can write files in that compression format", so
WTAP_GAIP_COMPRESSED is supported iff libwiretap is built with zlib.)

In MainWindow::fileAddExtension, instead of checking for
WTAP_GZIP_COMPRESSED and using ".gz" as the extension, use the extension
returned by wtap_compressed_file_extension() for the compression type.

Change-Id: I47cb0eca8c887ada3562df30b54e76509008180f
Reviewed-on: https://code.wireshark.org/review/30707
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-mint.c: Rename mint type to mint port and enhance list of ports.

Change-Id: Icdf39f23bfcbd711f1b20a6bf7144f9fcff9744e
Reviewed-on: https://code.wireshark.org/review/30706
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

text2pcap: pcapng is an output option

Buried at the end of the help text, in the Miscellaneous section,
is the '-n' option to write pcapng format files. This can hardly
be considered miscellaneous but rather an output option.
Move the option in the help text to the output section.

Change-Id: I3e39b75281091d6d5d9607891ef2f97ba031e48a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30690
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

s7comm: Add additional syntax ids 0x83 and 0x84 for NCK data access

Beside the standard NCK syntax id 0x82 the ids 0x83 and 0x84 are used
for values with metric and inch units.

Change-Id: I62bf2d2e583905c9fa90e4e7caa614a6fe6a7155
Signed-off-by: Juergen Kosel <juergen.kosel@gmx.de>
Reviewed-on: https://code.wireshark.org/review/30674
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

f5ethtrailer: Update for new format trailers

Bug: 15284
Change-Id: I062b7d85b31ced6f4e8478cdbf048fc15b0edf5e
Reviewed-on: https://code.wireshark.org/review/30671
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

.mailmap: fix duplicate entry

Change-Id: I4498178e0eae3cec45514cb11185e906edffa7c4
Reviewed-on: https://code.wireshark.org/review/30694
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

[Automatic update for 2018-11-18]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I896204ae8c6e8ca23e75ff9202ff4bc344d023f8
Reviewed-on: https://code.wireshark.org/review/30686
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CMake: call cmake_minimum_required before project

cmake_minimum_required() MUST be called even before project(), otherwise
some policies will not be correctly set. On the macOS build on Travis
for example, CMP0025 was accidentally set to "OLD" which resulted in
CMAKE_C_COMPILER_ID being reported as "Clang" instead of "AppleClang".

Change-Id: I20065e621628cde24946edb519d719f527936d87
Reviewed-on: https://code.wireshark.org/review/30685
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

text2pcap: assure an IP next layer protocol is set

Using -4 or -6 to set an IP address pair to use in the dummy IP
header it is possible to generate a capture in which the next
layer protocol is undefined. Add a check that an next layer
protocol is always set.

Bug: 15275
Change-Id: Ifef54be7f708a0f168d2067f6f691e2611f25428
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30683
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Clean up previous change.

compressed_file_extension shouldn't include the ".", as we insert the
"." before it.

Use it when appending the extension, rather than hardwiring "gz" in two
places.

Change-Id: I89e3ed1df9a8457fdbb6e6386686176816f4671b
Reviewed-on: https://code.wireshark.org/review/30682
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix addition of extensions to file names.

If the file is to be compressed, then:

  if the type in which the file is to be written has a set of extensions
  it uses, leave the file name alone if it ends with one of those
  extensions followed by the extension for the compression type,
  otherwise append the default extension for that file type followed by
  the extension for the compression type;

  if it doesn't, leave the file name alone if it ends with the extension
  for the compression type, otherwise append the extension for the
  compression type;

otherwise:

  if the type in which the file is to be written has a set of extensions
  it uses, leave the file name alone if it ends with one of those
  extensions, otherwise append the default extension for that file type followed by
  the extension for the compression type;

  if it doesn't, leave the file name alone if it ends with the extension
  for the compression type, otherwise append the extension for the
  compression type.

Change-Id: I7c4093af28cc30d579a2ae9faa8f4164b4764001
Reviewed-on: https://code.wireshark.org/review/30681
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

wiretap/merge.c: consolidate three similar merge_files routines

The three merge_files routines (filename, tempfile, stdout) have exactly
the same code except for a single wtap_dump_open routine. Reduce code
duplication to ease further improvements to this file.

Change-Id: I4fa890730d54c11b3614e56cf4d3d3da1ae9f5fd
Reviewed-on: https://code.wireshark.org/review/30678
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix build failure due to adding two incompatible pointers

Change-Id: I08d45c87c9232edcabfc69d25a773552fe9e0871
Fixes: v2.9.0rc0-2567-g43872a3a0e (""." in version numbers and file names isn't translated into other languages.")
Reviewed-on: https://code.wireshark.org/review/30680
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

etypes.h: Small whitespace fixes

Change-Id: Idd4178eb69bb69adb2df812dda8462e2631101e3
Reviewed-on: https://code.wireshark.org/review/30677
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

"." in version numbers and file names isn't translated into other languages.

"xxx.pcap.gz" is "xxx.pcap.gz" in any language.  "3.0.1" is "3.0.1" in
any language.

Change-Id: I231a3f9bd21a3ea5d56a8e410d20b1bc3927540f
Reviewed-on: https://code.wireshark.org/review/30676
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Man pages: Update pipe input documentation.

Make sure the -i <pipe> documentation is consistent and correct.

Change-Id: I9019effb658f914ac754e4ae893eafbe7c4b4da1
Reviewed-on: https://code.wireshark.org/review/30675
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Dumpcap: Fix writing SHBs and IDBs.

If we have a single capture source and that capture source is pcapng and
we're writing a pcapng file, do the following:

- Pass its SHB and IDBs through unmodified. Don't save or write command
  line interface IDBs.

- Save the most recent SHB and IDBs so that we can write them when we're
  writing multiple output files.

If we have multiple capture sources, do the following:

- Write Dumpcap's SHB.

- Keep a global list of IDBs, consisting of both command line interfaces
  and IDBs read from pcapng sources.

- When reading an EPB or ISB, remap its local interface number to its
  corresponding global number.

Add Dumpcap pcapng section tests. Make the application IDs in the
"many_interfaces" captures unique.

Change-Id: I2005934c1f83d839727421960005f106d6c682dd
Reviewed-on: https://code.wireshark.org/review/30085
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

nettrace: Handle failure to parse IPv6.

Reading of Address needs refacoring.

Change-Id: Icca094a50bda4314bda72005bfc0d722e3d185d2
Reviewed-on: https://code.wireshark.org/review/30672
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RTPS: RTPS 2.3 Domain ID and Domain Tag support.

Added dissection of field PID_DOMAIN_TAG. PID_DOMAIN_ID moved to
PID_RTI_DOMAIN_ID and PID_IS_RELIABLE moved to PID_DOMAIN_ID.

Change-Id: Ie189b2d2e66b705df202e7ee3e752aea5ddee271
Reviewed-on: https://code.wireshark.org/review/30664
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

LISP: Switch to proto_tree_add_subtree_format()

When the LISP dissector was initially written, it followed a different
pattern for adding subtrees with a text label, which needs to be
modified while dissecting: proto_tree_add_item() +
proto_item_append_text() + proto_item_add_subtree().

This commit updates the code to use the more elegant
proto_tree_add_subtree_format() call.

Change-Id: Icb6424be3c9cdecbfe9bb5aa2d39f3ad3d1499e0
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/30655
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

travis: enable tests even if libpcap is disabled

Proper dependency tracking has been implemented such that tests that
require dumpcap are skipped when unavailable, let's enable tests again.
Use pytest for nicer traces.

Bug: 14949
Change-Id: I1751bed8bd62e1a69d6e19161f7517735ae96662
Reviewed-on: https://code.wireshark.org/review/30669
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

test: finalize suite_capture conversion to fixtures, drop config.py

Convert the old start_pinging routine to use pytest fixtures, rewriting
it to enable a different generator that uses (for example) UDP.
Remove the config module since it is no longer neded.

Change-Id: Ic4727157faab084b41144e8f16ea44f59c9037d8
Reviewed-on: https://code.wireshark.org/review/30659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

test: convert capture tests to use fixtures, fix tests without dumpcap

Add a new --capture-interface option to pytest, similar to test.py. It
will grab some Ethernet interface on Windows. An empty value overrides
this and disables capture tests. Remove the test.py --enable-capture
option since that is implied by the --capture-interface option.

Port the `test.py --program-path` option to pytest and additionally make
the pytest look in the current working directory if neither WS_BIN_PATH
nor --program-path are specified. Drop config.setProgramPath, this
allows tests to be run even if not all binaries are available.

With all capture tests converted to fixtures, it is now possible to run
tests when Wireshark is not built with libpcap as tests that depend on
cmd_dumpcap (or capture_interface) will be skipped.

Bug: 14949
Change-Id: Ie802c07904936de4cd30a4c68b6a5139e6680fbd
Reviewed-on: https://code.wireshark.org/review/30656
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

tshark: do not print packet information when using -w without libpcap

The test_tshark_io_direct_stdout test was failing because the command
"tshark -r test/captures/dhcp.pcap -w - > some.pcap" produced a corrupt
capture file which has the packet information appended at the end.

Change-Id: I1a79e98f1475c29d7dad3ff90d4cb689f46b0e57
Fixes: 57389a0c69 ("make tshark compile and work also when pcap is not available")
Reviewed-on: https://code.wireshark.org/review/30668
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: fix build with Qt 5.4 and older

Change-Id: Iabdd87128a2af8c668c0602ea677f71984e64723
Fixes: v2.9.0rc0-2556-gb894c53d5e ("Add an API to get a description of a compression type, and use it.")
Reviewed-on: https://code.wireshark.org/review/30670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add an API to get a description of a compression type, and use it.

Add wtap_compression_type_description(), which returns NULL for
WTAP_UNCOMPRESSED and a descriptive string for other compression types.

Instead of checking for WTAP_GZIP_COMPRESSED and appending "(gzip
compressed)", just pass the compression type to
wtap_compression_type_description() and, if the result is non-null,
append its result, wrapped in parentheses, with a space before the left
parenthesis.

Change-Id: I79a999c7838a883953795d5cbab009966e14b65e
Reviewed-on: https://code.wireshark.org/review/30666
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ZigBee: Fixed incorrect field type

Fixed incorrect field type for tariff label in publish tariff information.
It is an zigbee octet string, so the first byte indicates the length of the string.

Change-Id: Ia90e47a19a3bd1ca7642f5e7ce99377618198f15
Reviewed-on: https://code.wireshark.org/review/30663
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nettrace: fix var init.

Error:
../wiretap/nettrace_3gpp_32_423.c:745:47: error: missing field 'src_ip' initializer [-Werror,-Wmissing-field-initializers]
        exported_pdu_info_t  exported_pdu_info = { 0 };
                                                     ^
1 error generated.
ninja: build stopped: subcommand failed.

Change-Id: I6c083b474854ea062f0a1c9f94e83af83574fc91
Reviewed-on: https://code.wireshark.org/review/30661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gtpv2: Handle different sizes of 8.38 MM Context.

Change-Id: Iaeb795f439a1157bca6d006d2a0bf8fe44703267
Reviewed-on: https://code.wireshark.org/review/30662
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

dictionary.symbol: Update to version received from vendor with minor formatting changes

Change-Id: I569e2fdb96ffc6757fffce8ddaf0086037cfa64f
Reviewed-on: https://code.wireshark.org/review/30665
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Use an enum for compression types in various interfaces.

This:

1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);

2) leaves space in the interfaces in question for additional compression
types.

(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup.  Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).

Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

TDS: Fix decoding of TDS7 password.

Fix decoding of the TDS7 password field by treating it as a byte string, not an ASCII string.

Also fix another display problem demonstrated by the sample trace.

Bug: 15274
Change-Id: I906d6e9499e2e986820e9248604e98051d877bed
Reviewed-on: https://code.wireshark.org/review/30653
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Use the dump parameters structure for non-pcapng-specific stuff.

Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.

Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Always use the input file's encapsulation for the output file.

Using WTAP_ENCAP_PER_PACKET if there's more than one interface forces a
format supporting multiple encapsulations even if all interfaces use the
same encapsulation; there's no reason to force that - you might as well
let the user specify pcap format, for example, if that's what they
really want.

(If there are multiple interfaces and they have different
encapsulations, the file encapsulation will be WTAP_ENCAP_PER_PACKET
*anyway*.)

Change-Id: I0e65c06e1ae3ff159ccd27f72cc63014e30a58f3
Reviewed-on: https://code.wireshark.org/review/30658
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Just pass on a snapshot length of 0 to the dumper.

It means "snapshot length unknown".

For most file formats, the snapshot length isn't recorded (even for
formats that support slicing - all they record is the on-the-network
length, and length after slicing, for each packet), so it's ignored in
the dumper.

The one exception is pcap, which records it in the file header; if it's
unknown, the pcap-writing code picks the maximum supported snapshot
length for the file's link-layer header type.

Change-Id: Ieda5dfe34c4bac63e43fdadeff31799ac3c908de
Reviewed-on: https://code.wireshark.org/review/30657
Reviewed-by: Guy Harris <guy@alum.mit.edu>

test: convert suite_dfilter to use fixtures

Stop using subprocesstest, drop the (now redundant) DFTestCase base
class and use pytest-style fixtures to inject the dependency on tshark.
This approach makes it easier to switch to pytest in the future.
Most substitutions were automated, so no typos should be present.

Change-Id: I3516029162f87423816937410ff63507ff82e96f
Reviewed-on: https://code.wireshark.org/review/30649
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

test: convert suite_nameres to use fixtures

Create a special custom profile just for the nameres tests, instead of
doing this for all tests. Other tests do not need it.

Change-Id: I41de0ece9dcf1ee310957beab2bbee0a99784753
Reviewed-on: https://code.wireshark.org/review/30633
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

test: convert suite_text2pcap to use fixtures

Inline all capture file names and use fixtures instead of the global
config object. This makes dependencies more explicit.

Change-Id: I37a6eda73822735b5a6957b44bce53bb5ecd1aa0
Reviewed-on: https://code.wireshark.org/review/30631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Don't set anything in *wth until we've decided it's a Peek classic file.

Change-Id: I8b6f5b46cc578a65eec3e255d468d3841f9b0197
Reviewed-on: https://code.wireshark.org/review/30652
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Dumpcap: Update our pipe closed logic.

Check for pipe status only when we no longer have packets. This keeps us
from flushing packets that we should have written.

Change-Id: I714f52597da792a0b228b5e1a1dd3a993dc93681
Reviewed-on: https://code.wireshark.org/review/30651
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

nettrace: Parse IPv6 addresses.

Change-Id: Iad583c39605ed2dd7a1c64f3729500c6b8a31fd3
Reviewed-on: https://code.wireshark.org/review/30650
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Simplify code.

Just directly set wth->file_encap.

Change-Id: I9fb3d34d3d46d9bef6b7206e25ba72049d9b12f1
Reviewed-on: https://code.wireshark.org/review/30648
Reviewed-by: Guy Harris <guy@alum.mit.edu>

CBRS-OIDs: adding Citizens Broadband Radio Service Object Identifiers

Used within CBRS X.509 certificates, related certificate requests etc

Extracted from
- WInnForum CBRS COMSEC TS WINNF-15-S-0065-V2.0.0
  https://www.wirelessinnovation.org/assets/work_products/Specifications/winnf-15-s-0065-v2.0.0%20cbrs%20communications%20security%20technical%20specification.pdf
- WInnForum CBRS Certificate Policy Document WINNF-17-S-0022
  https://www.wirelessinnovation.org/assets/work_products/Specifications/winnf-17-s-0022%20v1.0.0%20cbrs%20pki%20certificate%20policy.pdf

Change-Id: I7ee5246bb15214d37cd566f8b2beadeb0a2bce01
Reviewed-on: https://code.wireshark.org/review/30642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Debian: Add missing symbols.

Change-Id: Ia8a385faad06a1221a9ab6f31e27e4be09a5590d
Reviewed-on: https://code.wireshark.org/review/30646
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Always use the file header to set the encapsulation type for Peek classic.

The information given by the person who provided the change to do so for
V7 files seems to indicate that 1) V5 and V6 files have the same file
header and 2) the protoNum field shouldn't be used for this purpose.

It also provided information about the bits in the flags and status
field, so add that.

The first three of those bits appear to match the first three bits of
the flags field in Peek tagged files, so note that in the Peek tagged
reader, in case the other bits also match.

Change-Id: I492afd594676efc14b487b3030c861bf5feb2d23
Reviewed-on: https://code.wireshark.org/review/30647
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Dumpcap: Make sure we set our pipe error status.

Make sure cap_pipe_read_data_bytes sets pcap_src->cap_pipe_err if it
encounters an error or EOF. This fixes a regression introduced in
ga51b3d1d16. Have it return -1 or the number of bytes read similar to
read(2). Explicitly treat its return value as a signed integer.

Change-Id: I3de92859eee45e8d4a24a8c8309a816ef1b7924a
Reviewed-on: https://code.wireshark.org/review/30639
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

WSDG: update test section with pytest fixtures

Try to describe the motivation of pytest fixtures and update the
examples. Add a missing build dependency in CMake while at it.

Change-Id: I5384a86f2191835b834285b81343a7ee56f88e79
Reviewed-on: https://code.wireshark.org/review/30632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

LISP: Fix action bits decoding

Change-Id: I76f5e10fbc5ca0071d1444e31ce4c8fba639c3bc
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/30630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

macos-setup.sh: Update library and tool versions.

Update the following versions:

CMake: 3.7.2 to 3.12.4
Qt: 5.9.5 to 5.9.7 (Current LTS)
libxml2: 2.9.4 to 2.9.7 (2.9.4 has security issues)
c-ares: 1.12.0 to 1.15.0 (1.12.0 has security issues)
libssh: 0.7.4 to 0.8.5 (0.7.4 has security issues)

Change-Id: Ia97b436981705a4d99c0b0a2f238738e18394d45
Reviewed-on: https://code.wireshark.org/review/30589
Reviewed-by: Gerald Combs <gerald@wireshark.org>

nas5gs: Update AMF in 5GS mobile identity.

Change-Id: I6e2f2c259b9aed3073b322b8a3301ce8acfd79c6
Reviewed-on: https://code.wireshark.org/review/30629
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DOCSIS: both TLV 43 and 44 need VSIF encodings

Change-Id: Ide8fe96de05423fed135797988dd620b92e9cddc
Reviewed-on: https://code.wireshark.org/review/30628
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nettrace_3gpp_32_423: Don't crash on error and improve error output.

Change-Id: I4ea7ccf51321d6ce316456bde24aa37880ea52ed
Reviewed-on: https://code.wireshark.org/review/30627
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

blip: fix memory safety issues and a build failure without zlib

Fix use-after-free of decompress_streams when reloading a capture file.
Cleanup the z_stream on capture file closure and simplify the hash key.
Fix build in case zlib is not available, remove unnecessary headers and
fix the indentation information (tabs instead of spaces).

Change-Id: I08268db1b9714cdddfc7f47b496f3e9da518139a
Fixes: v2.9.0rc0-2492-ga8c40412d8 ("Added support for the Couchbase BLIP protocol")
Reviewed-on: https://code.wireshark.org/review/30626
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jim Borden <jim.borden@couchbase.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: Add RETIRE_CONNECTION_ID frame type (draft -15)

Change-Id: If181e89a70044db6d429e2066db6bd8869968ef3
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/30492
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

QUIC: Renumbering ACK and ACK_ECN frame (draft -15)

* create a draft14 (and older) frame type
* on ACK_ECN, ECN (ect0, ect1, ecn-ce) are after ACK block

Change-Id: I810e32865a00abebbc29611cae5972d51268f476
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/30491
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update MongoDB ObjectID dissector element

The MongoDB ObjectID spec traditionally included a "host hash" and "PID" field.
These have for a while been treated as random data for the server, and the
MongoDB drivers have recently addopted a specification that says the same:
https://github.com/mongodb/specifications/blob/master/source/objectid.rst#random-value

This patch reorganises the original Host Hash and PID fields under a new
"Machine ID" field, to be able to show both the current interpretation of the
field, as well as the historical one.

Change-Id: Ib25b5552935781bc512fcdadb870ed20838d8808
Reviewed-on: https://code.wireshark.org/review/30604
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

ui: add missing break.

Error:
../ui/alert_box.c: In function ‘cfile_write_failure_alert_box’:
../ui/alert_box.c:359:13: error: this statement may fall through [-Werror=implicit-fallthrough=]
             simple_error_message_box(
             ^~~~~~~~~~~~~~~~~~~~~~~~~
                         "Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         framenum, in_file_string,
                         ~~~~~~~~~~~~~~~~~~~~~~~~~
                         wtap_file_type_subtype_string(file_type_subtype));
                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../ui/alert_box.c:364:9: note: here
         case WTAP_ERR_PACKET_TOO_LARGE:
         ^~~~

Change-Id: I55464afff5625ae8c587470e417234560c7e606c
Reviewed-on: https://code.wireshark.org/review/30623
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

All Veriwave files and packets use WTAP_ENCAP_IXVERIWAVE.

We set the file encapsulation to WTAP_ENCAP_IXVERIWAVE when we open the
file; we don't need to update it when we read packets. and we don't need
to set the per-packet encapsulation because it's set to the file
encapsulation for us by wtap_read() and wtap_seek_read().

Change-Id: I2f123e3fb0d505334f3451685290bdbae77a598b
Reviewed-on: https://code.wireshark.org/review/30622
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix whitespace.

Change-Id: I4e1ca2bcefbaf8bb04e26bed0c668c43b1a6f788
Reviewed-on: https://code.wireshark.org/review/30621
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fail more cleanly if the file has no records.

If we have no records, we can't determine the link-layer type.

Also:

Use more signed values, and do more sanity checks on the file header and
TLVs to make sure we don't run into the first packet.

When writing the file header, accumulate the header length/first packet
offset in a 32-bit variable, and stuff it into the
offset-to-first-packet fields (plural) once we're done.

Change-Id: I3aeb5258bc16ddd8cf0ec86ef379287d0c4b351a
Reviewed-on: https://code.wireshark.org/review/30620
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ieee80211: Avoid decrypting packets two times

Encrypted packets were decrypted two times. One time to scan for
new keys. If no keys were found the decrypted data was simply
discarded. Then later on the packet was decrypted again for
dissection.

Avoid decrypting packets two times by storing the result from first
decryption if no key was found. Skip the second attempt.

Note though that in the special case where a key was actually found
inside an encrypted packet the decryption will still be performed
twice. First time decrypt, discover the key, and return the EAPOL
keydata. Second time decrypt and return the decrypted frame.

Change-Id: I1acd0060d4e1f351fb15070f8d7aa78c0035ce39
Reviewed-on: https://code.wireshark.org/review/30568
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ieee80211: Decrypt and dissect EAPOL keydata

Decrypt EAPOL keydata information and have it dissected with the
ieee80211 dissector.

This is achieved by letting the Dot11Decrypt engine retrieve the EAPOL
keydata decrypted while extracting the GTK during 4-way handshake.
The ieee80211 dissector then stores the decrypted data in packet proto
data so that the wlan_rsna_eapol subdissector can retrieve it for
dissection.

Change-Id: I2145f47396cf3261b40e623fddc9ed06b3d7e72b
Reviewed-on: https://code.wireshark.org/review/30530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Dumpcap: Don't let individual pipes stop our capture.

If a capture source is a pipe and it reaches the end of its input, don't
stop capturing globally since we might have other active interfaces. We
do need to stop capturing if all of our interfaces are pipes and none of
them are open, so add a check to do so.

Change-Id: Id7f950349e72113c9b4bfeee4f0a9c8a97aefe8c
Reviewed-on: https://code.wireshark.org/review/30615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

test: convert some more tests to use fixtures

Continue the conversion from use of globals (the config module) to
fixtures. If a program (like wmem_test or tshark) is unavailable, it
will be skipped now rather than failing the test.

The general conversion pattern is:
- Decorate each class with `@fixtures.uses_fixtures` and (for tests that
  run tshark) `@fixtures.mark_usefixtures('test_env')`.
- Convert all `config.cmd_*` to `cmd_*` and add an argument.
- Convert all `config.*_dir` to `dirs.*_dir` and add an argument.
- Convert users of `os.path.join(dirs.capture_file, ...)` to use a new
  'capture_file' fixture to reduce boilerplate code. Inline variables if
  possible (this conversion was done in an automated way using regexes).

Some other changes: tests that do not require a test environment (like
wmem_test) will use 'base_env' which avoids copying config files,
`env=config.test_env` got removed since this is the default. Some test
classes in suite_clopts were combined. Removed unused imports.

Change-Id: Id5480ffaee7d8d56cf2cb3189a38ae9afa7605a1
Reviewed-on: https://code.wireshark.org/review/30591
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Dumpcap: Move packet dequeueing code to a common routine.

Dequeue and write packets in capture_loop_dequeue_packet. This ensures
that we properly handle pcapng packets both inside our capture loop and
after it's finished.

Change-Id: Iacc980c90481b1378761eac83d8044aaddabfdc2
Reviewed-on: https://code.wireshark.org/review/30609
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

extcap: save debug flag and use it to activate ssh debug.

Change-Id: Ida32834f8c0838f1d815f7e33116b6a6161acf34
Reviewed-on: https://code.wireshark.org/review/30572
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssh-base: define a struct for storing ssh parameters.

Update sshdump and ciscodump to use it.

Change-Id: I5fbb9e3a870ec8baa0f326ad34733743cbb981f3
Reviewed-on: https://code.wireshark.org/review/30571
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssh-base: support libssh config file.

It's operating system dependent, but the library takes care of it
on different operating systems.

Options are set with this precedence:
- if user-provided, use it
- if not, take the one from config file
- (username only) if none in the config file, take the current user from OS

Change-Id: I00dcc1c9a8613e6d1250b6404bf2100f6ccff7b7
Reviewed-on: https://code.wireshark.org/review/30558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Catch attempts to write multiple encapsulation types if unsupported.

If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.

If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.

Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.

Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.

Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Give an error if an output file isn't specified.

Just silently not bothering to do any work isn't all that useful in that
case; giving the usage message indicates that you need both input and
output files.

Change-Id: I9512d3e45e1e9a9d4bccb28b49aeea8c12ad0100
Reviewed-on: https://code.wireshark.org/review/30614
Reviewed-by: Guy Harris <guy@alum.mit.edu>

tshark: Print the packets' comments in the expert info

Previously 'tshark -z expert' was failing with abort when a packet
contains a comment

- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests

Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RTPS: APP_ACK_CONF submessage dissection fixed.

Count field of APP_ACK_CONF submessage was dissected using a signed
integer rather than unsigned. That avoids the dissection to be concluded
due to a wrong type error.

Change-Id: Ie5f85ce5b3d745d74e1b50d96a77560fb854034b
Reviewed-on: https://code.wireshark.org/review/30605
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

extcap: Allow ASCII '0' in preference name

Update another regex to also allow '0' in the preference name.

Change-Id: I61e39a160d86195c989ab53623bc5887a10dcaad
Reviewed-on: https://code.wireshark.org/review/30606
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>

PKIX1EXPLICIT: Fixing Attribute and AttributeTypeAndValue ASN.1 cnf

EXPERIMENTAL, this has not been widely validated yet.  It is not clear whether
there is any deeper sense in how the prior ASN.1 cnf was done.

If this is used, it might also be beneficial to rename the double-overloaded
"type".

Removing pre-existing empty line at the end of packet-pkix1explicit-template.c
to comply with coding style requirements.

Change-Id: Iaddeb62f8abb8605b182091ea9c64b8f2172a884
Reviewed-on: https://code.wireshark.org/review/30599
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PKCS10/pkix1explict: adding PKCS#9 OIDs

Attribute types for use in PKCS #10 certificate requests as specified
in PKCS#9 / RFC 2985

A CSR including one of the PKCS#9 OIDs, SubjectAltNames within an
pkcs-9-at-extensionRequest, can be generated with the following OpenSSL command
line on most Linux systems:

openssl req -new -sha256 -nodes -keyout domain.key \
            -subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" \
            -reqexts SAN -config \
            <(cat /etc/ssl/openssl.cnf \
            <(printf "\n[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) \
            -out attr_with_san.csr

Change-Id: I5ae4bd782003c65286bbebf41b96d142e4e99a60
Reviewed-on: https://code.wireshark.org/review/30600
Reviewed-by: Anders Broman <a.broman58@gmail.com>

extcap: Allow ASCII '0' in preference name

Update the regex to also allow '0' in the preference name.

Change-Id: I881079b579b9193dd31dda2150d9a50c000c0dd3
Reviewed-on: https://code.wireshark.org/review/30602
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RTCP: Fix RTCP Floor Control message Sub-type "Floor taken" is displayed
as "Unknown"

Bug: 15276
Change-Id: I313f9d98d0c305a1508f465ec99ae98a91d3d9e9
Reviewed-on: https://code.wireshark.org/review/30603
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PKCS10: Enabling own dissection function for Attributes

The one in pkix1explicit might be broken, while it might have unexpected
side-effects to mess with that.  Anyway, RFC 2986 defines the Attribute
sequence for PKCS10 directly.

Change-Id: I854b5b5fb83322a1302d011c9cd6f2d5c9fc2b78
Reviewed-on: https://code.wireshark.org/review/30585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix function name in comment.

Change-Id: Ice41094e6cc91df7e1f8286f35d49e1a20a89cc7
Reviewed-on: https://code.wireshark.org/review/30598
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Move the Linux ARPHRD_ types to epan/arptypes.h.

Change-Id: I6fa9593af64e8af1ade4f049ea949989adfd00c7
Reviewed-on: https://code.wireshark.org/review/30595
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix dissection of 802.11+radiotap frames in Linux "cooked" captures.

Those frames *don't* have their link-layer headers stripped, even on
PF_PACKET/SOCK_DGRAM captures (hopefully, nobody will consider that a
bug and "fix" it).

The "hatype" field is the ARPHRD_ value for the adapter, as returned by
SIOCGIFHWADDR; in monitor mode, those frames will have an hatype of
ARPHRD_IEEE80211_RADIOTAP.  Add an "sll.hatype" dissector table, which
we check before checking the "sll.ltype" dissector table, and have the
radiotap dissector register in that table.

We still use the special hack for an hatype of ARPHRD_NETLINK, because,
for *those* frames, the "protocol" field of the nominal SLL header is
the netlink family, not an Ethertype or anything else that the SLL
dissector would handle.

Change-Id: If503a7daa9133adf1b8c330ec28c4c824d4f551d
Reviewed-on: https://code.wireshark.org/review/30592
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Don't have _ng versions of the dumper open routines.

Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.

Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use the Wayback Machine for a page that currently isn't working.

It loads, but displays nothing (either in Safari 12, or a presumably
recent Chrome, on my Mac).

Change-Id: I4a5530007ddf3c14a5fd349998318d5868da5d5c
Reviewed-on: https://code.wireshark.org/review/30588
Reviewed-by: Guy Harris <guy@alum.mit.edu>

wiretap: refactor common parameters for pcapng dump routines

Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).

Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).

No functional change intended.

Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Remove obsolete files.

Change-Id: Ibc2f20a895f7aaf4fc5988eb8814124a68dd886e
Reviewed-on: https://code.wireshark.org/review/30583
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>

IPv6: Fix payload root tree for IPv6 Routing Hdr

We need to pass the original proto_tree pointer to sub-dissectors,
not the p_ipv6_pinfo_select_root() return value. Rename the "_tree"
argument to follow the existing style and make the code more readable.

Bug: 15270
Change-Id: I0322f015abc0d6426d6f05c16c48e928c253c2eb
Reviewed-on: https://code.wireshark.org/review/30579
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gtpv2: Update RAT types.

Change-Id: Ifb134ce340d847af65bad4dd20d5c453af85d4e1
Reviewed-on: https://code.wireshark.org/review/30582
Reviewed-by: Anders Broman <a.broman58@gmail.com>