git.samba.org - metze/wireshark/wip.git/log

Don't show temporary file names in title bars.

For dialogs and auxiliary windows, if we have a live capture that hasn't
yet been saved to a permanent location, there's no good reason to show
the temporary file name in the title bar, as:

  it's a random string that doesn't indicate where the capture was done
  and that could confuse people (see, for example, the confusion in bug
  14929, in which somebody referred to the "Follow TCP Stream" window as
  the ".pcap dialog" because its title had ".pcap" at the end, due to
  the capture file being a temporary file and its name showing up in the
  title bar of that window);

  it differs from what the main window title bar shows.

While we're at it, don't assume that the file name in the capture_file
structure is a UTF-8 string - some UN*Xes might not use UTF-8 for file
names.

Change-Id: I0d3dfd5d7f896ea37533daf7089b688710dbabf0
Reviewed-on: https://code.wireshark.org/review/28581
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-stcsig.c: Improve detection of false positives

Change-Id: Ic4be950dba934f3d4eb407b6d623f95022ef1985
Reviewed-on: https://code.wireshark.org/review/28580
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

packet-hsrp.c: Fix the display length of some tlv-blocks

Change-Id: I4e4dc682153e226ad4989f5b6b39a11b13abf763
Reviewed-on: https://code.wireshark.org/review/28566
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

CMake: check Asciidoctor version availability before using it

On Ubuntu trusty, Asciidoctor 1.4 is installed. This does not satisfy
the minimum version requirement (1.5) and should not be used even if the
binary is available.

Change-Id: Iaffd55a5bcb26510b4b59f209768a61c3116d32f
Fixes: v2.5.1rc0-76-g94a0f7c641 ("Switch from AsciiDoc to Asciidoctor.")
Reviewed-on: https://code.wireshark.org/review/28576
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssl-utils: Add missing entry for ECJPAKE in ssl_31_ciphersuite[] and ssl_get_keyex_alg().

Addressing code review comments from Peter Wu.

Bug: 14935
Change-Id: I5e2dbad1ab42c3f958b29092df31d3636d04812c
Reviewed-on: https://code.wireshark.org/review/28569
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nas5gs: Dissect 2 more IEs.

Change-Id: Ib2edf90cbf276ac2dc4fba30df5fffe1ddc81485
Reviewed-on: https://code.wireshark.org/review/28568
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: add more sanity checks to detect UI/file loading issues

As "cf_read" and "rescan_packets" can end up calling back to the GUI
code, that could destroy "cf->epan" which could result in use-after-free
crashes. While I can find most issues with ASAN, it would be even
better to detect the destructive action in "cf_close".

Change-Id: I72700a60c6786d153c2aaa8478bfdfb16a01dcda
Ping-Bug: 10870
Reviewed-on: https://code.wireshark.org/review/28542
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix crash on opening a capture file while loading/saving another

Closing a capture file while it is being loaded will result in a crash.
As a workaround, disallow closing the capture file. The requested action
(e.g. MainWindow::openCaptureFile) will be silently ignored.

While at it, protect process_specified_records (called when saving
files) similarly to cf_read and fix a crash that occurs when a capture
from the Capture Dialog is started while a file is being loaded:

file.c:360:cf_close: assertion failed: (cf->state != FILE_READ_IN_PROGRESS)

Bug: 10870 # moving rapidly between large files in a file set
Bug: 13594 # start capture while loading/saving file
Bug: 14351 # open another file while loading file
Change-Id: I6ce8f3163c3fa4869f0299e49909a32594326ce4
Reviewed-on: https://code.wireshark.org/review/28541
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: fix packet list update after dfilter change during live capture

During live captures, "cf->state==FILE_READ_IN_PROGRESS" holds and as
such setting "cf->redissection_queued" from "cf_filter_packets" will
prevent the packet list from being updated (no new packets are added and
display filter changes are not applied).

Fix this by not checking "cf->state" and instead perform an explicit
check to detect the "update_progress_dlg" issue (see original commit).
As "cf->read_lock" is implied by "cf->redissecting", remove that check
as well (see "rescan_packets").

Print a warning instead of aborting in "cf_read" since I am not sure if
that condition is currently prevented by its callers.

Bug: 14918
Change-Id: Ieb7d1ae3cbeef18f17c850ae3778822ee625dc68
Fixes: v2.9.0rc0-1110-g8e07b778f6 ("file: do not perform recursive redissections to avoid crashes")
Reviewed-on: https://code.wireshark.org/review/28538
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

BGP: Break off IPv6 LU NLRI into its own fields

Change-Id: I2c0b521369c30d651a39f49f72bd93986499c96e
Reviewed-on: https://code.wireshark.org/review/28559
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Update a comment to reflect current reality.

Change-Id: I7abf0173e3febf0f34f5942ffe8ff26780d15752
Reviewed-on: https://code.wireshark.org/review/28575
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix various compile warnings.

Use h265_profile_idc_values as the value_string for
h265.general_profile_idc. Get rid of a duplicate value - 2 is used for
both "Main 10" and "Main 10 Still" profiles, a *separate* part of the
packet indicates whether it's the still picture version or not.

"#if 0" out h265_level_bitrate_values - it's not clear where it should
be used.

Initialize two-dimensional arrays with { { 0 } }, i.e. an array of
arrays, with the first element of the first array explicitly initialized
to zero, and all the other elements of all the other arrays implicitly
initialized to zero.

Change-Id: Ia2ddc28528dcc49fa7a69685b7e5d08d2cd6b4e7
Reviewed-on: https://code.wireshark.org/review/28574
Reviewed-by: Guy Harris <guy@alum.mit.edu>

WSUTIL/PINT: transform macros into static functions

For better type safety

Change-Id: Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af
Reviewed-on: https://code.wireshark.org/review/28570
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add first time H.265 based on the H.264 dissector.

Change-Id: I5b101d6713157a53d1d330e1bd2c70f7b7a247e1
Reviewed-on: https://code.wireshark.org/review/28426
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

The "Ethernet offset" is 16 bits in the file; make it so in the pseudo-header.

This should squelch warnings from Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Change-Id: I6803001981c63ddf76a735341ab2cc8dccdb8ab0
Reviewed-on: https://code.wireshark.org/review/28573
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make arrays of 4 octets arrays of 4 guint8.

That makes it clearer that it's not a string, and avoids some type
complaints from change Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Update a comment while we're at it.

Change-Id: I6737bb2a7ff3b4d461700c641cb580194f7809e7
Reviewed-on: https://code.wireshark.org/review/28572
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Make an array of 4 octets an array of 4 guint8.

That makes it clearer that it's not a string, and avoids some type
complaints from change Ida7b98af8c44a52ddac2c4ab0702db2519a0c4af.

Update a comment while we're at it.

Change-Id: Idba56f38d58d87f73aee41a11195371021a1328d
Reviewed-on: https://code.wireshark.org/review/28571
Reviewed-by: Guy Harris <guy@alum.mit.edu>

WSUTIL: create phtole32 and 64 functions

Change-Id: I15c3c40665ccab1e60057837ffce5bae50d1b52c
Reviewed-on: https://code.wireshark.org/review/28567
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

DNS: fix in expand_dns_name

The function parsed the DNS name correctly, however, it did not indicate
that a given name is too long (more than MAX_DNAME_LEN bytes).

Bug: 14041
Change-Id: I4078db488a814ca2114c725d1a17e3ef757843c5
Reviewed-on: https://code.wireshark.org/review/28410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Get rid of trailing space.

Change-Id: Id68b01264ada02274b63d26141df8d99419de0f5
Reviewed-on: https://code.wireshark.org/review/28565
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add new encoding names for seconds/{micro,nano}second time stamps.

Add ENC_TIME_SECS_NSECS and ENC_TIME_SECS_USECS; they make it more
explicit (especially to those not familiar with UN*X data types) what
the representation is, allow for ENC_TIME_SECS_MSECS etc. if they're
needed, and match names such as ENC_TIME_SECS and ENC_TIME_MSECS.

Change-Id: I6ab36fb4da70563587141cd65ffff8523477b0c4
Reviewed-on: https://code.wireshark.org/review/28564
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() for a number of time values.

Change-Id: I862a7870d335f8b0b57d13e2981a8bb1a02b2726
Reviewed-on: https://code.wireshark.org/review/28563
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Update a comment.

Change-Id: I867e344b75281e4faa0998f71d8d99b364d5a1f8
Reviewed-on: https://code.wireshark.org/review/28562
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds value.

Change-Id: I908292838b7acf2a1c3da0237c8158bfd4f615b1
Reviewed-on: https://code.wireshark.org/review/28561
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add support for 8+8 and 8+4 struct timespec, and use it with 9P.

Add support for 8-byte-seconds/8-byte-nanoseconds and 8-byte-seconds/
4-byte-nanoseconds time values. Use them in the 9P dissector, with
proto_tree_add_item().

Only do the length validity checking for time values in
get_time_value().

Change-Id: I0f1d791d7aa503093a491d2c33300bd55ca7866e
Reviewed-on: https://code.wireshark.org/review/28560
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds value.

Change-Id: Idf4e2f30b3709fc2df5d105064a68860e02a6003
Reviewed-on: https://code.wireshark.org/review/28558
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use proto_tree_add_item() to add a seconds/nanoseconds value.

Change-Id: Ie019d33153afa38e1b1fb4a142c981458758910b
Reviewed-on: https://code.wireshark.org/review/28557
Reviewed-by: Guy Harris <guy@alum.mit.edu>

smb2: Add request/response arrows

SMB2 can call subdissectors, but none of them use the request/response
arrows so there won't be any confusion in the display.

Change-Id: If79861a18a38afafa5b9a0f36e838d7e9ac35801
Reviewed-on: https://code.wireshark.org/review/28554
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

NGAP: upgrade dissector to v15.0.0

Change-Id: I859265260fde2e986a3b95ff117512cff90bed90
Reviewed-on: https://code.wireshark.org/review/28556
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Mkae the handling of non-full-frame time stamps match RFC 5456.

At least as I read RFC 5456:

1) non-full-frame time stamps should have high-order bits from
the time stamp of the last full frame ORed into it;

2) "mini voice packets" have a 16-bit time stamp and "mini video
packets" have a 15-bit time stamp;

so adjust the non-full-frame time stamps in that fashion rather than by
adding 32768 until the value looks OK - and don't adjust full-frame time
stamps at all.

Change-Id: I20873a633a99415ac73a7e6baf087e5ec62a4905
Reviewed-on: https://code.wireshark.org/review/28555
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Bluetooth: ATT: Implement 0x2A0B-0x2A1B remaining characteristics

- 0x2A0B  Exact Time 100
- 0x2A10  Secondary Time Zone
- 0x2A15  Time Broadcast
- 0x2A1A  Battery Power State
- 0x2A1B  Battery Level State

Change-Id: I857a8ff6e38b0093d2d746c789d8f33ec59eb553
Reviewed-on: https://code.wireshark.org/review/28553
Petri-Dish: Michal Labedzki <michal.labedzki@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

XnAP: capitalize 2 hand made fields

Change-Id: I05caf9212121d87e2c2dd5fd803c9e748f68b871
Reviewed-on: https://code.wireshark.org/review/28552
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

S1AP: search GCSNA dissector only at startup

Change-Id: I1805010dc4d8f5cc920786a00a2fb175cc7eebdd
Reviewed-on: https://code.wireshark.org/review/28551
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

[Automatic update for 2018-07-01]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: I41a23250a0b818b08475ede50792fd9acc37b2ae
Reviewed-on: https://code.wireshark.org/review/28547
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Fix creation of conversation.

The last argument to conversation_new_by_id() is the options for the
conversation, *not* the frame number.

Change-Id: I44e1819123432aa043e82f6b74ebdfad26ce76c0
Reviewed-on: https://code.wireshark.org/review/28545
Reviewed-by: Guy Harris <guy@alum.mit.edu>

randpktdump: add --delay option

For testing live capture mode in the Qt UI, it is useful to have a
continous capture source with some dummy packets.

Change-Id: Id76ecbf24828dd3212b208c96679524e4c25b00f
Reviewed-on: https://code.wireshark.org/review/28537
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix handling of DEB_BUILD_OPTIONS=nocheck

When DEB_BUILD_OPTIONS is set to nocheck when running dpkg-buildpackage, tests
would not be built but still run. Changed to nether build or run tests when set
to nocheck.

Change-Id: I2a27025273aab536f0fc0a98cb8efd2d825c5013
Reviewed-on: https://code.wireshark.org/review/28529
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix debugging code.

Don't show address or ports that aren't provided; this is especially
important for address 1, where its absence is indicated by the pointer
being null, so we can't blithely dereference it.

Show ports as unsigned, because that's what they are.

Change-Id: I162b6f08a3973c0cded0742c267a016dbb5ee31a
Reviewed-on: https://code.wireshark.org/review/28543
Reviewed-by: Guy Harris <guy@alum.mit.edu>

mdp: fix no previous prototype for ‘proto_reg_handoff_mdp’ [-Wmissing-prototypes]

Change-Id: I0ebc71f240ace38cb6c111c0cc56f20fee10749d
Reviewed-on: https://code.wireshark.org/review/28539
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Minimal support for ECJPAKE.

"Elliptic Curve Cryptography (ECC) variant of Password Authenticated
Key Exchange by Juggling (ECJPAKE)" as defined in
https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt
and used in
https://www.threadgroup.org/ThreadSpec.

Change-Id: I8c73a2528182427ff4f4734e3fe1618adc464192
Reviewed-on: https://code.wireshark.org/review/28531
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ubdp: fix no previous prototype for ‘proto_reg_handoff_ubdp’ [-Wmissing-prototypes]

Change-Id: I38b8269930a96fa2cac1fdda3806eef41f296d20
Reviewed-on: https://code.wireshark.org/review/28540
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Exablaze: Fix signed/unsigned comparison

Change-Id: Ibfdb86a6590921039634f0e4a8e48099d13a2d20
Reviewed-on: https://code.wireshark.org/review/28530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

packet-cisco-fp-mim.c: Add support for FP packets that contain an extra QinQ header

Also: Minor style cleanups (some still missing) and add two FP specific WKAs.

Change-Id: I908ec92ba4682caf8e9c9cc4fb44c2f9c336b4e3
Reviewed-on: https://code.wireshark.org/review/28535
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

XnAP: add an option to force target NG-RAN container decoding format

Change-Id: Ia166e9e16fe5d7b12f9b3ff6ca4577761941ccc3
Reviewed-on: https://code.wireshark.org/review/28532
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

XnAP: add dissector based on v15.0.0

Change-Id: If5cbcd4d6c2d0442945e8a46fe836b1dbd17991d
Reviewed-on: https://code.wireshark.org/review/28528
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

AT: Allow padding in heuristic check

Bug: 14882
Change-Id: I0aa26d2ae898d47e0e33794f95e9c464cf5ec6f1
Reviewed-on: https://code.wireshark.org/review/28296
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Do not add Change-Id on packaging branches

Change-Id: I2a40d4d005dfab6b887833150cb6556e08622a1d
Reviewed-on: https://code.wireshark.org/review/28517
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Windows: run update_tools_help target when building installer

It ensures to have up to date help output for our command line tools

Change-Id: I5b900be692c05d6231678cf3ca82e86ef843d01c
Reviewed-on: https://code.wireshark.org/review/28476
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

packet-ieee80211.c: Mikrotik IE should be Routerboard, added dissection update

The MIKROTIK OUI is actually allocated to Routerboard and should be considered
as such. The IE is utilized by Routerboard, Ubiquiti, Mikrotik, and other
Routerboard derivative device types. Added subtype1 dissection which contains
data element carrying descriptive info no the network, device, or model info.

Bug: 14925
Change-Id: Ic7c091877d5c5eb12a51b17dbd8761efdf242f9c
Reviewed-on: https://code.wireshark.org/review/28510
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sflow: print sysuptime in human readable form.

Change-Id: Ib4b59b1451fc32f89136f79865ccf1672146401c
Reviewed-on: https://code.wireshark.org/review/28516
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

file: do not perform recursive redissections to avoid crashes

When packets are being read (in "cf_read") or rescanned/redissected (in
"rescan_packets"), it could call "update_progress_dlg". That could end
up accepting GUI actions such as changing profiles (which triggers a
redissection via "cf_redissect_packets") or changing the display filter
(which triggers another "rescan_packets" via "cf_filter_packets").

Such recursive calls waste CPU and in case of "cf_redissect_packets" it
also causes memory corruption (since "cf->epan" is destroyed while
"cf_read" tries to read and process packets).

Fix this by delaying the rescan/redissection when an existing rescan is
pending. Abort an existing rescan/redissection if a new redissection
(due to profile changes) or rescan (due to display filter changes) is
requested and restart this to ensure that the intended user action is
applied (such as a new display filter).

Bug: 14918
Change-Id: I646730f639b20aa9ec35306e3f11bf22f5923786
Reviewed-on: https://code.wireshark.org/review/28500
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix indentation.

Change-Id: I0ef6d0a9a957e645aa7f7e507609b9195fe9c19f
Reviewed-on: https://code.wireshark.org/review/28520
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-lldp.c: Some updates to Cisco vendor subtypes (UPOE and ACI)

- Use UPOE instead of four-wire - it's the term everyone knows.
Also provide a link to the "spec".
- Add some more ACI fields I found in some traces.
Guess the function of unknown-CA to be Node Role.

Change-Id: I7bdb4c1f720868da4f502ba43ba9e2b1c072d4e0
Reviewed-on: https://code.wireshark.org/review/28422
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

NGAP: dissect PLMNIdentity IE

Change-Id: I47b16ec0ceb71662b8030c00cff7c58e09f75606
Reviewed-on: https://code.wireshark.org/review/28515
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Darien Spencer <cusneud@mail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NGAP: display TAC and EPS TAC as DEC_HEX

Change-Id: I10d1f5b89551be177f6883c2f66334d2fb36ef06
Reviewed-on: https://code.wireshark.org/review/28514
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

X2AP: display 5GS TAC as DEC_HEX

Change-Id: Ic8d0baf39851a8f0ae260f55ffab1bec218ed79a
Reviewed-on: https://code.wireshark.org/review/28513
Reviewed-by: Anders Broman <a.broman58@gmail.com>

S1AP: display 5GS TAC as DEC_HEX

Change-Id: Ib5950cbd587809424c1e3fc3ae8cd2dc7e504348
Reviewed-on: https://code.wireshark.org/review/28512
Reviewed-by: Anders Broman <a.broman58@gmail.com>

nas5gs: Dissection updates

- Change the defines a bit.
- Update the way the header is handled.

Change-Id: I47fafcbec526ed4147b9202168e349f9b68bed6d
Reviewed-on: https://code.wireshark.org/review/28511
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

IEEE 802.11: Disable FCS validation by default.

Disable FCS/checksum validation by default to match Ethernet, IPv4,
IPv6, TCP, UDP, SCTP, etc.

Change-Id: I289b6a05e73da2b020ee65b3298cb054a29c6d42
Reviewed-on: https://code.wireshark.org/review/28485
Reviewed-by: Gerald Combs <gerald@wireshark.org>

DICOM: use pinfo pool memory for strings used in columns

Packet scope lifetime is too short for it.

Bug: 14923
Change-Id: I4bd5ef8c7382d5d3d98598b797732ba3d88e44fd
Reviewed-on: https://code.wireshark.org/review/28505
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

opa: Add support for TID RDMA protocol

Change-Id: I04a4333e64a8fc9efc96bd351c55b293986629e2
Signed-off-by: Goldman, Adam <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/28504
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Make white space consistent.

Change-Id: I19053ecc53b7f0d2b4dfb0462f381f7d28bb578a
Reviewed-on: https://code.wireshark.org/review/28502
Reviewed-by: Guy Harris <guy@alum.mit.edu>

rtps: Fixed multichannel locator fields order

Change-Id: Ib84b659022f9dfb64f5869410c85c64193a3c3f8
Reviewed-on: https://code.wireshark.org/review/28425
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tcp: add support for reassembling out-of-order segments

Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.

The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.

The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)

As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.

Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.

This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.

Bug: 3389   # capture 2907 (HTTP) ok
Bug: 4727   # capture 4590 (HTTP) ok
Bug: 9461   # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006  # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517  # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754  # capture 15593 (MySQL) ok2
Bug: 14649  # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: add info about using symbolic links for git hooks.

Change-Id: I4b448c1a12946479638d04819570f5a0dd1227dd
Reviewed-on: https://code.wireshark.org/review/28497
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add macros to initialize nstime_t values and use them.

This allows code to initialize them without having to know the details
of the structure; the initializes should, and will, be changed if the
members of the structure are changed.

Change-Id: I93e6ebfcde9ceca17df696fcba4e8410c5afb175
Reviewed-on: https://code.wireshark.org/review/28501
Reviewed-by: Guy Harris <guy@alum.mit.edu>

packet-mdp.c: New dissector for Cisco Meraki Discovery Protocol

Bug: 14912
Change-Id: I2f99931abde331d087a994a22c74cf8d4dd8d53a
Reviewed-on: https://code.wireshark.org/review/28478
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

packet-updp.c: New dissector for Ubiquiti Discovery Protocol

Bug: 14911
Change-Id: Ie567a85e869707269ea66d4cd73577f926b16232
Reviewed-on: https://code.wireshark.org/review/28467
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

NAS EPS: add subtrees for extended emergency numbers and ciphered data sets

Change-Id: I8c1fcf960ad058f25b24b796fecf1ff08eb78f7a
Reviewed-on: https://code.wireshark.org/review/28499
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

RTP: If multiple codecs are used in RTP stream flow, all are shown in codecs column

Change-Id: Ica8b3bc2b6b59790805764ec88c6f4e3f8689a85
Reviewed-on: https://code.wireshark.org/review/28435
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

macosx-setup: fix indentation.

Change-Id: Ifece9846cb6e94d2cdb1f29fc28db2700f269495
Reviewed-on: https://code.wireshark.org/review/28498
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CIP: Improve Class 2/3 connection handling

1. Add new dissector table that allows for registration of CIP Class 2/3 Data
   against CIP Class that was used in the Forward Open. This is similar to the
   Class 0/1 I/O dissector table. The new logic is this:
     a. If there is connection info and a table entry: Call the registered dissector
        handle (cip_connection_message_router.pcap).
     b. If there is connection info and no table entry, use the CIP implicit
        dissector (cip_connection_implicit.pcap)
     c. If there is no connection info: Assume Message Router (Class 0x2)
        format (cip_no_connection_message_router.pcap)
2. Remove old dissector table for "enip.sud.iface". The specification states that
   the Interface Handle "shall be zero" for SendUnitData, so there isn't a need
   to have custom handling for different Interface Handle values. SendRRData
   does not have the same restriction, so that dissector table (enip.srrd.iface)
   will stay.
3. Pull out Class 2/3 data processing into separate function: dissect_cip_class23_data()
4. Remove extra unnecessary tree layer in implicit data dissector.

Bug: 14916
Change-Id: Id53a2031a6064551b3915d8954527a7b3261d222
Reviewed-on: https://code.wireshark.org/review/28496
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Sort our column descriptions.

Convert our column descriptions to a value_string and sort it by
description. This ensures that they are properly sorted in the UI.

Change-Id: I7d699a1c45906b9c42e443fcdcdcb4d8d49deb77
Reviewed-on: https://code.wireshark.org/review/28492
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet export: Add default file extension

Adds a default file extension when exporting packet dissection
in various formats:

text       -> txt
postscript -> ps
csv        -> csv
pdml       -> pdml
psml       -> psml
c arrays   -> c
json       -> json

Change-Id: Ie5d942a3c694abd8edf9df184f6e219d4b870a1b
Reviewed-on: https://code.wireshark.org/review/28490
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Remove IPX from our default filters.

Remove IPX items from the default capture, color, and display filter
files. Suggested by Laura Chappell at SharkFest 2018.

Change-Id: I5e14caaa69efc638a5da7c795bf8a9e5e890b3fd
Reviewed-on: https://code.wireshark.org/review/28489
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

NAS5GS: Dissect 5GS network feature support IE-

Change-Id: Iee5f2f71229c6ea9a66707cd4f13f79a244ffdb2
Reviewed-on: https://code.wireshark.org/review/28486
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Revert "docbook: remove equivalent case."

We still need the "length == 2" behavior.

This reverts commit 622b17a475a81aa3af5cc743b831d01233b99c31.

Change-Id: Id3b7ed9231f3fefeeac5fb910b792139c4844ec8
Reviewed-on: https://code.wireshark.org/review/28484
Reviewed-by: Gerald Combs <gerald@wireshark.org>

docbook: reduce ruby code duplication by introducing utils module.

Change-Id: I7e436db3cb86f5ebd0f5827c6da630303bc3f538
Reviewed-on: https://code.wireshark.org/review/28400
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: remove equivalent case.

The output for this case is achieved by the following one.

Change-Id: I585aba39ebb67d65a8f5159217ea8a85ad13e49c
Reviewed-on: https://code.wireshark.org/review/28421
Reviewed-by: Anders Broman <a.broman58@gmail.com>

docbook: rewrite some ruby code according to RuboCop suggestions.

Change-Id: I2d1ea982c1622dbc29f927ee168b552b46e39faa
Reviewed-on: https://code.wireshark.org/review/28399
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Release note updates.

Change-Id: Idbcea0e67e53665ea7b9e5e10962af3e4fd34eda
Reviewed-on: https://code.wireshark.org/review/28483
Reviewed-by: Gerald Combs <gerald@wireshark.org>

prefs: fix crash when importing old filter expression preference

When the filter label was missing, it would result in a crash
(use-after-free) while reading the next expression. For example:

    gui.filter_expressions.label: Not-Junk
    gui.filter_expressions.expr: tcp.flags.reset==1
    # note: missing label preference
    gui.filter_expressions.expr: dns

While at it, do not duplicate the filter expression,
"filter_expression_new" has always been copying it.

Change-Id: I980fd720c9a04b679a71dd2e7e8bf5e53c72ac43
Fixes: 1a046d693b ("Added Filter Toolbar Save functionality.")
Bug: 11648
Reviewed-on: https://code.wireshark.org/review/28471
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

git hooks: prevent first commit message line to exceed 80 chars.

Change-Id: Ic3b2d93e7da7cdf671f97977b4d0501ba4b84122
Reviewed-on: https://code.wireshark.org/review/28431
Reviewed-by: Anders Broman <a.broman58@gmail.com>

editcap: move -I and -a options description to packet manipulation section

Change-Id: I090c214eeb636ec8f769ee133e2f12825802335e
Reviewed-on: https://code.wireshark.org/review/28472
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

TRANSUM: fix crash when switching profiles

"output_rrpd" is NULL when the TRANSUM dissector is disabled (which is
the default behavior). When switching to a profile where the dissector
is enabled, redissection happens, but without invoking the init routine.
This leads to a crash when dissect_transum tries to query "output_rrpd".

Fix this by creating the map unconditionally. Use wmem_map_new_autoreset
since its contents should be erased for new capture files.

Bug: 13697
Change-Id: Iea897da8faf8042dffdc74327d9d1221e5fb155f
Fixes: v2.3.0rc0-1887-g78d56e5dd7 ("Cleanup transum post-dissector.")
Reviewed-on: https://code.wireshark.org/review/28474
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Ethernet: Disable FCS validation by default.

Ethernet checksum offloading seems to be common nowadays, similar to
IPv4, IPv6, TCP, and UDP. Disable FCS validation by default. Suggested
by Laura Chappell at SharkFest US '18.

Change-Id: Icf0e262c65ad328a58da9bd78f3aefbefa2f9394
Reviewed-on: https://code.wireshark.org/review/28477
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add Windows 10 Release ID to About info

Adds the Windows 10 (and Server 2016) Release ID to the info in the
About Wireshark blurb.

The ID displayed in parentheses, e.g.

Running on 64-bit Windows 10 (1803), build 17134

Change-Id: I1bbce27e149dbf6da6da7847ad1f7dd861176ece
Reviewed-on: https://code.wireshark.org/review/28475
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

BGP-MP NLRI can have Path ID for IPv4 Unicast/Multicast and Labeled Unicast

Change-Id: Ieb46c9d5dbafbf33bfd1ddda0b0397509fdada4f
Reviewed-on: https://code.wireshark.org/review/28436
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Exported PDU: adjust protocol and tag tree lengths

Change the exported_pdu size from two to the full size of the tag
(including type and length fields) and limit the protocol length to just
the tags (without the PDU data).

Change-Id: I1c20740627ebd74c117bb1735ff4c189d2d750d6
Reviewed-on: https://code.wireshark.org/review/28470
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

epan: Fix session null-pointer check

Fix rare null-pointer when switching profiles

Change-Id: I2a57ef22b4567f936f3a87e133db6132864a83ac
Reviewed-on: https://code.wireshark.org/review/28468
Reviewed-by: Roland Knall <rknall@gmail.com>

Remove code specific to older versions of Visual Studio.

Remove -DBUILD_WINDOWS and sections of code that we no longer use.

Bug: 14715
Change-Id: Iae1a950e2f52f4ce45fcf0ae5dea06c1172c3a28
Reviewed-on: https://code.wireshark.org/review/28466
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

WSDG: Fix a couple of links.

Change-Id: I6f96ac45cd3cd4f992c11dea0f0aff6df2a2bff8
Reviewed-on: https://code.wireshark.org/review/28469
Reviewed-by: Gerald Combs <gerald@wireshark.org>

GTK+: Remove the last original bit of GTK+ code.

Change-Id: If1eedf278336494d6989515aa573ae1682851d44
Reviewed-on: https://code.wireshark.org/review/28464
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

print.c: Handles special chars when using -T fields

Tshark poorly handles printing when using -T options where a field
contains newline, carriage return, or other special characters such as tab.

Bug: 14907
Change-Id: I94a797bb98b94aac254bcd2e6911b37192e9c91f
Reviewed-on: https://code.wireshark.org/review/28442
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Windows: Fetch our version using RtlGetVersion.

GetVersionEx is deprecated. Use RtlGetVersion instead. Remove
get_windows_major_version since it's no longer needed.

Change-Id: I02f6458608c2328a96a0ac71c6b1f9187babd049
Reviewed-on: https://code.wireshark.org/review/28443
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Qt: Fix crash when starting to drag on the wrong position

When dragging on the wrong position in the toolbar, wireshark
crashes

Change-Id: I756e9caebc844d32e99e9fd3e338a872986b9e96
Reviewed-on: https://code.wireshark.org/review/28458
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

CMake: Make the pdb_zip_package target passive.

Remove the pdb_zip_package target's dependency on epan, otherwise we
might end up triggering a build which creates a mismatch.

Change-Id: I1e077e5f119273ee80a89c30f54e29fdb242e082
Reviewed-on: https://code.wireshark.org/review/28457
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

RRC: upgrade dissector to v15.3.0

Change-Id: I4fb62d5d3210f767e2db75da4a8185c249b4b4ec
Reviewed-on: https://code.wireshark.org/review/28456
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

PER: Also report if open type length is less than dissected length.

Change-Id: I3111038e0dbdfacdfdf7c01614f631b4b64cdee5
Reviewed-on: https://code.wireshark.org/review/28428
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet-dcm.c: heuristic dissection rework

- Fixed initial COL_INFO for associations. It used to 'append' instead of 'set'.
- Changed initial length check from tvb_reported_length() to tvb_captured_length()
- Heuristic Dissection:
  o Modified registration, so it can be clearly identified in the Enable/Disable Protocols dialog
  o Enabled by default
  o Return proper data type

Tested heuristic vs. static on many DICOM captures

Change-Id: I0aa42b91e4f55a6d9fc834657710a6a92c8dadef
Reviewed-on: https://code.wireshark.org/review/27518
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>