Gerald Combs [Tue, 1 May 2018 16:09:27 +0000 (09:09 -0700)]
Test: Fix capinfos output and command paths.
Convert capinfos output to UTF-8 in getCaptureInfo.
Normalize our command paths, otherwise "./run/RelWithDebInfo/..." might
be interpreted as the command "." with flags "/run", "/RelWithDebInfo",
etc. on Windows.
Change-Id: Ib7336a016db3ee0805739fc44913cb9c6895aaad
Reviewed-on: https://code.wireshark.org/review/27239
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dylan Ulis [Sun, 29 Apr 2018 15:49:39 +0000 (11:49 -0400)]
obex: Fix request response arrows
They were flipped. See https://wiki.wireshark.org/SampleCaptures,
Bluetooth_HCI_and_OBEX_Transaction_over_USB.ntar.gz, packets 153136/153140
for an example.
Change-Id: Iaac853fad16e97ff88ba38a7b4c5cbbdd13052b3
Reviewed-on: https://code.wireshark.org/review/27206
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Mon, 30 Apr 2018 16:26:21 +0000 (18:26 +0200)]
prefs: fix crash when setting certain obsolete port preferences
Loading an old Wireshark profile with certain deprecated preferences
could result in a crash due to type confusion. If the new preference was
a range type, then four bytes of the pointer (address) to the range was
overwritten with the numeric value of the deprecated preference.
Minimal reproducer:
tshark -opgm.udp.encap_ucast_port:0 -r ../test/captures/empty.pcap
Bug: 14316
Change-Id: Ia8dc24f81f6b2e6494448dadffe810606765cb9e
Fixes: v2.3.0rc0-971-g268841f3e0 ("Combine Decode As and port preferences for tcp.port dissector table.")
Reviewed-on: https://code.wireshark.org/review/27226
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Kenneth Soerensen [Sat, 28 Apr 2018 13:19:07 +0000 (15:19 +0200)]
ZigBee: Add remaining attributes from Smart Energy Device Management cluster
Bug: 13360
Change-Id: Ifc7251aad62b7cb0010956d1a36a4ccbe9e3ee7c
Reviewed-on: https://code.wireshark.org/review/27187
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Sat, 28 Apr 2018 13:53:18 +0000 (15:53 +0200)]
Qt: do not further modify filename from Save dialog
Let the Save dialog fixup the extension on accepting the dialog.
Otherwise it is possible that files are silently overwritten without
prompting. Additionally, if a user decides to save a pcapng file as
"foo.pcap", do not try to rename it to "foo.pcap.pcapng".
This change is limited to macOS and Linux because Windows uses a
different file dialog. Tested with both macOS and Linux.
Bug: 14600
Change-Id: Ie0bc1f579766a04f0aad96dcd5daba3fffef9764
Reviewed-on: https://code.wireshark.org/review/27188
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Sat, 28 Apr 2018 11:15:36 +0000 (13:15 +0200)]
Qt: improve extension selection in Save As dialog
The default Qt behavior for extension adjustment is quite bad. When the
file type filter is changed, the extension always becomes "gz" because
"pcap.gz" happens to be the first extension in the list. It also did not
check that the last suffix is actually a valid extension (e.g.
"capture.2018.01" became "capture.2018.gz").
Improvements:
- Respect the "compression" checkbox when adjusting the filename.
- Replace the extension only if it is a known one, append otherwise.
- Use a better default extension (from "wtap_default_file_extension").
Affects only macOS and Linux since Windows has its own native dialog.
See also https://bugreports.qt.io/browse/QTBUG-67993
Bug: 14600
Change-Id: I8cd0788f2abac0c6d7e29490b1ebb381f5a926d0
Reviewed-on: https://code.wireshark.org/review/27186
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Darius Davis [Wed, 4 Apr 2018 01:38:10 +0000 (11:38 +1000)]
BOOTP BSDP: Allow "pad" and "end" suboptions.
Apple bsdpd uses the same routine to parse BSDP suboptions as it uses to parse
the DHCP options, which means that the "pad" (0) and "end" (255) options (as
described in RFC 2132) are also accepted as BSDP suboptions. Just like when
used as DHCP options, they do not follow the usual TLV template: They do not
have a length field and do not have any value, so they always consume exactly
one byte.
This change enhances the BSDP suboption dissector to accept the "pad" (0) and
"end" (255) suboptions, without any stored length or value.
Apple firmware/software does not issue BSDP "pad" or "end" suboptions, but will
tolerate them in received packets. At least one 3rd-party BSDP implementation
(the Dell KACE K2000 appliance) includes a BSDP "end" suboption in packets it
sends. Prior to this fix, function dissect_vendor_bsdp_suboption was expecting
a length for these suboptions, leading to dissection failing with error
"Suboption 255: no room left in option for suboption length".
For further discussion -- in which the exact same issue is found to affect
VMware virtual machine firmware -- refer to the VMware Communities forum thread
at https://communities.vmware.com/message/
2459144#
2459144 .
Interestingly, when Apple's bsdpd finds an "end" BSDP suboption, it simply
records that an "end" was encountered, and continues parsing until the whole of
the vendor options blob is consumed. The BSDP suboption dissector required no
modification to match that behavior.
Testing Done: Built Wireshark on Linux amd64. Loaded a BSDP ACK[LIST] from a
Dell KACE K2000 appliance; Previously it would issue an error about there
being insufficient room for the length of the "end" suboption, and now it
parses correctly. Modified the packet to include a string of "0" and "255"
suboptions, and observed that they were parsed as expected: One byte each,
no subtree, no length, and parsing continues afterwards. 200,000 iterations
with tools/fuzz-test.sh using the original BSDP packet, 4,000 of which were
under Valgrind.
Change-Id: I1786414b2ef0b8726d989a566d0e8a3525d516b8
Reviewed-on: https://code.wireshark.org/review/27210
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Mon, 30 Apr 2018 12:32:22 +0000 (14:32 +0200)]
gsm_r_uus1: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I87b65113a8794b6ab0583c5d0dd4123fa0bd7ba7
Reviewed-on: https://code.wireshark.org/review/27218
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Mon, 30 Apr 2018 12:12:05 +0000 (14:12 +0200)]
bfcp: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I46cd2392022b5fb64e997c74650f6a2002f519c6
Reviewed-on: https://code.wireshark.org/review/27216
Reviewed-by: Ivan Nardi <nardi.ivan@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Tue, 1 May 2018 08:45:51 +0000 (10:45 +0200)]
TPM20: fully initialize tpm_entry structure
Bug: 14640
Change-Id: I2d7128e4da9d1568d7ef4ef7351abc1660554698
Reviewed-on: https://code.wireshark.org/review/27236
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Pascal Quantin [Tue, 1 May 2018 08:44:58 +0000 (10:44 +0200)]
TPM20: add file to .editorconfig
Change-Id: Ic2860ebfb354b9f6fa764881beee1b1881ad4e00
Reviewed-on: https://code.wireshark.org/review/27235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Stig Bjørlykke [Mon, 30 Apr 2018 07:47:58 +0000 (09:47 +0200)]
Fix comment end after SPDX identifier
Move */ to a separate line below the SPDX identifier.
Change-Id: Id1032215449cfccae0933147b45e04b65e0b727f
Reviewed-on: https://code.wireshark.org/review/27211
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke [Mon, 30 Apr 2018 19:55:30 +0000 (21:55 +0200)]
Use common indenting space in heading
Change-Id: I47022f9c7d568ca6d9705ba63c669a980822818a
Reviewed-on: https://code.wireshark.org/review/27229
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Tue, 1 May 2018 00:12:20 +0000 (17:12 -0700)]
Test: More fixes and updates.
Move UAT file creation to config.py.
Run the text2pcap and some of the clopts tests under our default
environment.
Use "in" instead of "has_key".
Change-Id: Ie5c70fb33c29676672bed7bf8205cff0bba77f8a
Reviewed-on: https://code.wireshark.org/review/27234
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Mon, 30 Apr 2018 21:42:29 +0000 (14:42 -0700)]
Test: Add unittests.
Note that these require the "test-programs" target.
Change-Id: I1bea381eaa48504fcd76f88e1c6f2edece0a78a2
Reviewed-on: https://code.wireshark.org/review/27231
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Mon, 30 Apr 2018 22:18:36 +0000 (15:18 -0700)]
Test: More fixups.
Change-Id: I5869d995754ce9e8a128feaef6911b3c05c79e85
Reviewed-on: https://code.wireshark.org/review/27233
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Mon, 30 Apr 2018 21:57:07 +0000 (14:57 -0700)]
Test: Add a missing global.
Change-Id: I5410b427b452678b24d7ee079ec48cc8300de3a0
Reviewed-on: https://code.wireshark.org/review/27232
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Sat, 28 Apr 2018 21:36:18 +0000 (14:36 -0700)]
Test: Add text2pcap.
Change-Id: Ib7cebcb911e2a59812fe03655a112acd3521e5a3
Reviewed-on: https://code.wireshark.org/review/27230
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 27 Apr 2018 23:03:24 +0000 (16:03 -0700)]
Test: Add name resolution.
Change-Id: I7b289de5c807b61e1825b30c7f98bfc50caa9625
Reviewed-on: https://code.wireshark.org/review/27228
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Darius Davis [Sun, 29 Apr 2018 05:48:53 +0000 (15:48 +1000)]
LDSS: Fix a read overrun in dissect_ldss_transfer.
dissect_ldss_transfer had a trivial read overrun: "line" was not
NUL-terminated, and strtol/g_ascii_strtoull will keep reading and discarding
any leading whitespace, so a malformed LDSS packet (with only whitespace
characters following the tag on a "Size:"/"Start:"/"Compression:" line) could
trigger a read overrun.
Let's replace the tvb_memdup with tvb_get_string_enc, which does some checking
of the input characters (which, it seems, must always be ASCII), and produces a
neat NUL-terminated string.
Testing Done: On Linux x64, ran "valgrind tshark -r fuzz-2018-04-23-14422.pcap"
without the fix (to reproduce the failure), and then with the fix, and
observed that no errors were reported anymore after the fix. 60,000 iters of
fuzz-test with ldss_filtered.pcap as input, plus 1,000 iters under valgrind.
Launched wireshark and opened ldss_filtered.pcap, and examined the dissection
of the "ldss and tcp" packets; All looks good.
Bug: 14615
Change-Id: I3fccc4ffbe315a3cff6ea03cc7db37f884b0582c
Reviewed-on: https://code.wireshark.org/review/27204
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dylan Ulis [Sun, 29 Apr 2018 22:46:31 +0000 (18:46 -0400)]
WSDG: Remove ENABLE_CHM_GUIDES
ENABLE_CHM_GUIDES is no longer in CMakeOptions.txt
Change-Id: I217ac89f12c95e66591465e3230c19968dcc0bde
Reviewed-on: https://code.wireshark.org/review/27209
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Alexis La Goutte [Mon, 30 Apr 2018 12:35:20 +0000 (14:35 +0200)]
pdcp-nr: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I4f6ab2ff54c1b5d6c4892b6e76d47b5107c0a197
Reviewed-on: https://code.wireshark.org/review/27220
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Pascal Quantin [Mon, 30 Apr 2018 11:53:06 +0000 (13:53 +0200)]
NAS EPS: fix dissection of UE security capability IE
Change-Id: Ie1a749eb2abb522aadec06a01baa10ba2211443b
Reviewed-on: https://code.wireshark.org/review/27214
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
João Valverde [Sun, 29 Apr 2018 10:25:35 +0000 (11:25 +0100)]
plugins: Remove autotools specific code for build path
Change-Id: I12a987cd84a7e04189a08771ce334e1d6152eab1
Reviewed-on: https://code.wireshark.org/review/27205
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
João Valverde [Sun, 29 Apr 2018 10:17:44 +0000 (11:17 +0100)]
Lua: Remove autotools specific code for build path
Change-Id: I541bd728c159e95c2d5daa8ce0bfea3961ff1db9
Reviewed-on: https://code.wireshark.org/review/27203
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Paul Zander [Wed, 25 Apr 2018 06:29:37 +0000 (08:29 +0200)]
Qt: Make the selected packet in the packet list more clear.
When using coloring rules the selected packet is sometime hard to recognize. The stylesheet of the packet list is extended for this.
Bug: 14621
Change-Id: Ied465e0e211b3c11e69cb71f89988eb45622dd72
Reviewed-on: https://code.wireshark.org/review/27141
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Peter Wu [Sat, 28 Apr 2018 14:06:57 +0000 (16:06 +0200)]
checkAPIs.pl: fix false positive with C++ method names
Fix false positives due to method names that are considered deprecated:
int CaptureFileDialog::open(...
first_elapsed = QString().sprintf(
int open(QString &file_name, unsigned int &type);
Change-Id: Ib3c255a9f17b2cb44cd441e5277a97db63afaa72
Reviewed-on: https://code.wireshark.org/review/27189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Thu, 26 Apr 2018 15:36:58 +0000 (17:36 +0200)]
Lua: ensure that DATA_DIR and USER_DIR have trailing slashes
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stig Bjørlykke [Mon, 30 Apr 2018 08:00:26 +0000 (10:00 +0200)]
lwm2mtlv: Add interpretations checks
Only show value as String if valid as UTF-8 string.
Only show value as Boolean if 0 or 1.
Change-Id: I56168faafff9eaeeb21ec6d57b850013bbb94c33
Reviewed-on: https://code.wireshark.org/review/27212
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Jaap Keuter [Sun, 29 Apr 2018 18:58:25 +0000 (20:58 +0200)]
Source files should not be executable files.
Change-Id: I2808e0378e4a06ed749c72033a618fd1e598ee31
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/27207
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Martin Mathieson [Sat, 28 Apr 2018 21:23:05 +0000 (22:23 +0100)]
DCT2000: Only look up old protocol name mappings if preference enabled
Change-Id: I871f7669c9303452f3407b65f83f68dee1ffc3bf
Reviewed-on: https://code.wireshark.org/review/27197
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Richard Sharpe [Sat, 28 Apr 2018 18:28:15 +0000 (11:28 -0700)]
ieee80211: Improve support of the HotSpot 2.0 specification.
A number of mistakes have been found now that captures are available.
Change-Id: I883d71439f407ab9d90be878c9f52a5a300b9c8c
Reviewed-on: https://code.wireshark.org/review/27192
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Gerald Combs [Sun, 29 Apr 2018 08:17:09 +0000 (08:17 +0000)]
[Automatic update for 2018-04-29]
Update manuf, services enterprise numbers, translations, and other items.
Change-Id: I9a2b34c7c2b9749d779f43bbe4fda15150ca2dfc
Reviewed-on: https://code.wireshark.org/review/27199
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Guy Harris [Sat, 28 Apr 2018 19:10:00 +0000 (12:10 -0700)]
Pick the *first* usable file type as the default, not the *last* one.
In wtap_get_savable_file_types_subtypes(), in the search for a default
file type to use, stop as soon as we've found a usable file type, don't
keep searching.
Bug: 14601
Change-Id: Iff4ffe14f5ad07271c49a761e0856059353c1634
Reviewed-on: https://code.wireshark.org/review/27193
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Darius Davis [Thu, 26 Apr 2018 07:08:27 +0000 (17:08 +1000)]
Fix minor leak in filter_expression_new.
filter_expression_new was g_strdup()ing each of the strings in the "expression"
structure, but UAT is just going to immediately deep copy the structure (via
display_filter_copy_cb), so the copies made here are immediately leaking.
We could either free() these copies immediately after uat_add_record returns,
or skip the g_strdup altogether (which necessitates casting away the "const").
I chose the latter.
Testing Done: Linux x64 build. With a display filter configured in
~/.wireshark/preferences, Valgrind no longer reports three leaks from here.
Change-Id: I7913f260875ced597b9027c8ae92a4d6d44f6414
Reviewed-on: https://code.wireshark.org/review/27157
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stig Bjørlykke [Fri, 27 Apr 2018 13:29:32 +0000 (15:29 +0200)]
lwm2mtlv: Handle String data type as UTF-8
Display element value as bytes if value is not a valid UTF-8 string.
Add a new utility function isprint_utf8_string().
Change-Id: I211d5ed423b53a9fd15eb260bbc6298b0b8f46a0
Reviewed-on: https://code.wireshark.org/review/27178
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Michail Koreshkov [Fri, 13 Apr 2018 15:12:33 +0000 (18:12 +0300)]
GSM-R protocol dissector
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Fri, 27 Apr 2018 22:47:09 +0000 (15:47 -0700)]
Test: Quote our Python executable.
Change-Id: Ica80406d6420b9f97792a19b192f8a7d764e673b
Reviewed-on: https://code.wireshark.org/review/27185
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 27 Apr 2018 19:56:08 +0000 (12:56 -0700)]
Test: Add mergecap.
Change-Id: Ib21f4866cff27e22a4dc13300c3c38fa962a860f
Reviewed-on: https://code.wireshark.org/review/27184
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 27 Apr 2018 17:35:17 +0000 (10:35 -0700)]
Test: Add fileformats and I/O.
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Fri, 27 Apr 2018 16:35:37 +0000 (09:35 -0700)]
test: Miscellaneous fixups.
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Allan Møller Madsen [Fri, 27 Apr 2018 10:59:29 +0000 (12:59 +0200)]
Bluetooth HCI: Add missing LE event mask fields
Add missing BT5 bit fields to HCI LE Set Event Mask
command. Correct displayed field name.
Change-Id: Iacaba69226663e884b60ac5a75470de77317ea92
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/27177
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hadar [Sun, 22 Apr 2018 15:09:20 +0000 (18:09 +0300)]
MGCP: add support to local/remote voice metrics option
protocol specification: in the file header
NCS 1.5: PKT-SP-NCS1.5-I04-120412, April 12, 2012 Cable Television
Change-Id: I95a1d769cb08c0e8160ca6fcdb99dd98e0f085cc
Reviewed-on: https://code.wireshark.org/review/27077
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Thu, 26 Apr 2018 23:55:21 +0000 (16:55 -0700)]
capture_ifinfo: Don't try to write to an invalid address.
Make sure err_str is valid before trying to assign a value.
Change-Id: I4e6524b93101ef28158996797e8462168e44dc2a
Reviewed-on: https://code.wireshark.org/review/27173
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Gerald Combs [Tue, 3 Apr 2018 00:12:23 +0000 (17:12 -0700)]
Start porting our test scripts to Python. Add ctest support.
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Peter Wu [Thu, 26 Apr 2018 11:13:54 +0000 (13:13 +0200)]
Qt: fix crash on dragging in packet dialog
"packet_dialog.cpp" does not use setCaptureFile, resulting in a NULL
dereference while trying to obtain the dissection context. Apply a fix
similar to
v2.5.1rc0-121-g9198448f9d (pass a fixed dissection context to
ProtoTree). Additionally, fix a memleak and correct documentation.
Why not add "proto_tree_->setCaptureFile(cap_file_.capFile())" in
PacketDialog? Well, it also uses "proto_tree_->setRootNode(edt_.tree)"
which means that "cf_->edt" would be different from "edt_". If that is
the case, then "proto_construct_match_selected_string" will not return a
filter for FT_NONE fields (see the call chain in proto.c).
Bug: 14620
Change-Id: I6eeaf32b650a2095e15f64bbe64b54cdd545c7a9
Fixes: v2.5.0rc0-1608-g4d6454e180 ("Qt: Drag n Drop Filter expression from Packet Tree")
Reviewed-on: https://code.wireshark.org/review/27160
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Thu, 26 Apr 2018 11:38:07 +0000 (13:38 +0200)]
Fix crash (double-free) on refreshing interfaces list
When normal interfaces are unavailable (chmod -x dumpcap), and after
toggling "Disable external capture interfaces" twice and then refreshing
the interfaces list (F5), a double-free occurs in ui/iface_lists.c:147
for "global_capture_opts.ifaces_err_info".
Change-Id: I98697653ab1c123186892408112c34afdd1766f5
Fixes: v1.99.0-rc1-1005-g35b4487538 ("Handle empty interface lists when the list changes.")
Reviewed-on: https://code.wireshark.org/review/27161
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Thu, 26 Apr 2018 09:01:56 +0000 (11:01 +0200)]
Ensure test directories are included with git archive
"make dist" will currently fail with "git archive" archives because
dftestfiles and dftestlib is missing. To encourage distributors to run
tests, ensure that these files (1.64MiB uncompressed, 688KiB
gzip-compressed) are bundled.
Change-Id: I1fc2bd6df45db40e64e7691235f716bbf3562f87
Reviewed-on: https://code.wireshark.org/review/27158
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Nikhil AP [Wed, 25 Apr 2018 08:17:43 +0000 (04:17 -0400)]
AVSP: Correct timestamp representation
This change reflects that the 64-bit timestamp in AVSP is in TAI
timescale and not UTC.
Change-Id: I13807ab446492c2b4f37a57989e1e0122afcc6aa
Reviewed-on: https://code.wireshark.org/review/27144
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Stig Bjørlykke [Thu, 26 Apr 2018 11:48:01 +0000 (13:48 +0200)]
coap: Store ctype values in transaction tracking
Transfer ctype values from GET request to response to be able
to decode the payload correctly.
Change-Id: Ida7598aefbd3f245dd487d50562539395f130ac4
Reviewed-on: https://code.wireshark.org/review/27163
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Stig Bjørlykke [Thu, 26 Apr 2018 11:44:51 +0000 (13:44 +0200)]
lwm2mtlv: Identifier and Length fields are big endian
The header Identifier and Length fields are using big endian encoding.
Change-Id: I1b557168ae467cc5eb63ada3991279cf080fa687
Reviewed-on: https://code.wireshark.org/review/27162
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Darius Davis [Wed, 25 Apr 2018 06:39:25 +0000 (16:39 +1000)]
BOOTP: Add latest IETF Processor Arch assignments.
The IETF has assigned many more Processor Architecture IDs since RFC 4578, so
let's add those to the BOOTP dissector.
There's also now a published erratum for RFC 4578's Client Architecture type
table, so we should update the dissector table to match. Since it leads to a
relatively widespread (and difficult to troubleshoot) problem, let's add an
"expert info" warning when we see a packet specifying EFI BC as its Client
Architecture, since it is almost certainly intended to be EFI x64.
And, while we're here, RFC 4578 describes the Client Architecture type field as
an array of 16-bit values, so let's implement that too.
Testing Done: Examined packet captures from EFI DHCP with architecture ID 7
(now displays as "EFI x64") and 9 (now displays as "EFI BC", with a warning
to explain that "EFI x64" was probably intended). Manually edited packets
to contain multiple entries in the Client Arch option, and they all showed
correctly (including the warning for type 9). Manually edited a packet to
contain an odd number of bytes for the Client Arch option, and saw the
expected warning. Ran 30000 iterations of fuzz-test.sh with a corpus of 5
DHCP/PXE packets as input, and an additional 1000 iterations with the "-g"
(valgrind) option.
Change-Id: I2ef153316141eb051785fc86f420ad2f721f2a76
Reviewed-on: https://code.wireshark.org/review/27155
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tadeusz Struk [Tue, 24 Apr 2018 15:12:57 +0000 (08:12 -0700)]
tpm20: Add TPM2.0 dissector
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Wed, 25 Apr 2018 10:09:15 +0000 (12:09 +0200)]
Document "len" and "count" in wireshark-filter(4) and WSUG
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Kenneth Soerensen [Tue, 24 Apr 2018 18:18:37 +0000 (20:18 +0200)]
ZigBee: Place SE cluster attributes correctly in ZCL client and server
Change-Id: If495c51dd70af291905ef717ac3c6be5c1ab329d
Reviewed-on: https://code.wireshark.org/review/27122
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Wed, 25 Apr 2018 18:05:13 +0000 (11:05 -0700)]
Fix indentation.
Change-Id: Ia38d4a9d04d99ab49baab7174c21e4040af0c800
Reviewed-on: https://code.wireshark.org/review/27153
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 17:57:07 +0000 (10:57 -0700)]
Don't install autotools or GTK+, but do install CMake.
We no longer use autotools/libtool, so we don't need to install
automake, autoconf, or libtool; we only support CMake, so we *do* need
to install it.
We no longer support GTK+, so we don't need to install it.
Change-Id: I41df9f67c8aba486220e77f7c8c67efa7784a7f2
Reviewed-on: https://code.wireshark.org/review/27152
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 16:58:36 +0000 (09:58 -0700)]
Remove now obsolete information.
We don't use autotools, so there are no configuration scripts that need
to be generated by autogen.sh.
Change-Id: I8b2a5bc3cb91a4c2bc59069a29b8ca774b6f239f
Reviewed-on: https://code.wireshark.org/review/27150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 16:54:00 +0000 (09:54 -0700)]
Put references to autotools in the past tense.
In CMake files, we don't do some checks that our autotools scripts did;
speak of those in the past tense, as the autotools scripts are gone.
(Leave the comments there, to note that we *might* have to reinstate
those tests, although they're for old versions of macOS and GCC.)
In CMake files, we use some #defines because that's what autotools did;
speak of those in the past tense as well.
Change-Id: I594fe8225cf94b5087093febc11f6b0a7e42e7cd
Reviewed-on: https://code.wireshark.org/review/27149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 16:44:50 +0000 (09:44 -0700)]
Remove references to autotools, GTK+, and X11.
We don't support building with autotools (except for building the
support libraries using macos-setup.sh), and we don't support GTK+ and
thus don't require X11.
Change-Id: If9da937285016fc178a0153d38212404b0ff2c59
Reviewed-on: https://code.wireshark.org/review/27148
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 16:39:49 +0000 (09:39 -0700)]
We're not using autotools/libtool any more.
Remove FAQ items that assume we are (and, in one case, that we're using
SVN...).
Change-Id: Ifd04ac0f34f562b2b0b588bed8db8f4e13317c18
Reviewed-on: https://code.wireshark.org/review/27147
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Roland Knall [Wed, 25 Apr 2018 08:28:30 +0000 (10:28 +0200)]
Qt: Fix various missing header includes
Qt 5.11 seems to have changed the include dependencies, so adding those, that are missing
Change-Id: I2b0482f7554467d6981be65bfd3fea1a3e118976
Reviewed-on: https://code.wireshark.org/review/27145
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Pascal Quantin [Wed, 25 Apr 2018 08:03:31 +0000 (10:03 +0200)]
F1AP: fix a typo in ASN.1 description
Change-Id: Ic24fddcff47615cbdee6811a195ee3e087bb9f03
Reviewed-on: https://code.wireshark.org/review/27142
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Peter Wu [Tue, 24 Apr 2018 20:34:26 +0000 (22:34 +0200)]
dfilter: fix memleaks with functions and slice operator
Running tools/dfilter-test.py with LSan enabled resulted in 38 test
failures due to memory leaks from "fvalue_new". Problematic dfilters:
- Return values from functions, e.g. `len(data.data) > 8` (instruction
CALL_FUNCTION invoking functions from epan/dfilter/dfunctions.c)
- Slice operator: `data.data[1:2] == aa:bb` (function mk_range)
These values end up in "registers", but as some values (from READ_TREE)
reference the proto tree, a new tracking flag ("owns_memory") is added.
Add missing tests for some functions and try to improve documentation.
Change-Id: I28e8cf872675d0a81ea7aa5fac7398257de3f47b
Reviewed-on: https://code.wireshark.org/review/27132
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Tue, 24 Apr 2018 21:05:54 +0000 (23:05 +0200)]
x509ce: fix indent (use 2 spaces)
Change-Id: I48c74126a57945033dbe5c81c9bb92012af6c719
Reviewed-on: https://code.wireshark.org/review/27129
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 24 Apr 2018 17:29:35 +0000 (19:29 +0200)]
ftypes: fix memleak when converting protocol values
When converting byte array strings to a FT_PROTOCOL value (for example,
when using a display filter such as `eth contains aa:bb`), the converted
memory in GByteArray was not freed. If an error occurred (the value
cannot be parsed as hex string), then an error message was leaked.
Fix the above issues and avoid an unnecessary g_memdup.
Change-Id: I3a076b3a2384b1a0e15ea8518f2e0f66a7b6ea49
Reviewed-on: https://code.wireshark.org/review/27130
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 24 Apr 2018 17:37:27 +0000 (19:37 +0200)]
dfilter: fix small leak for filters containing ranges
A filter such as "data.data[1] == 2" would leak the GSList structure.
Change-Id: If57ffbdbf815434f6e11fb53ffa031dde370a9ec
Reviewed-on: https://code.wireshark.org/review/27131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Wed, 25 Apr 2018 04:39:30 +0000 (21:39 -0700)]
Remove some references to autotools from developer documentation.
Change-Id: I4c95e56e067eed98d269812225256462dfa46273
Reviewed-on: https://code.wireshark.org/review/27140
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 04:27:51 +0000 (21:27 -0700)]
Get rid of a no-longer-needed README file.
Now that we only support CMake, that file would be reduced to
Wireshark is built using CMake.
which doesn't justify keeping it around.
Change-Id: I07d0ce0689ab274fd6c7dff3d8e5a8b31e110cbb
Reviewed-on: https://code.wireshark.org/review/27139
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 25 Apr 2018 03:58:02 +0000 (20:58 -0700)]
Get rid of more .libs stuff.
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Uli Heilmeier [Tue, 24 Apr 2018 19:11:42 +0000 (21:11 +0200)]
WSUG: Add SS7 code point resolution
Bug: 14617
Change-Id: I0af61d1ad7a80796db057e25f94869b98dfdacf1
Reviewed-on: https://code.wireshark.org/review/27128
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 24 Apr 2018 21:02:04 +0000 (23:02 +0200)]
addr_resolv: fix memleak of g_penterprises_path
Found by valgrind. Remove unnecessary "if" guard for g_free while at it.
Change-Id: I58a18472f2c82e4c6c810d3cb3eeb2358b64f4ab
Reviewed-on: https://code.wireshark.org/review/27133
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Wed, 25 Apr 2018 03:46:25 +0000 (20:46 -0700)]
Get rid of stuff that checks for a .libs directory.
.libs is a libtoolism, and we're not using autotools or libtool any
more, so there aren't any more libtoolisms.
Change-Id: Idc9ef37f9650197da096cc8e3cb3ed459b71dea0
Reviewed-on: https://code.wireshark.org/review/27137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Tue, 24 Apr 2018 21:19:47 +0000 (14:19 -0700)]
Clean up EOF/short read/hard error handling in heuristics.
Do all the per-record processing in a libpcap_try_record() routine. EOF
on the header is OK, but a short read on the header *might* be due to
the format being tested not being the format of the file rather than due
to the file having been cut short.
Change-Id: I5748ed550fa1079dc9c746fd93ee5c59187b80a1
Reviewed-on: https://code.wireshark.org/review/27135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu [Tue, 24 Apr 2018 11:19:08 +0000 (13:19 +0200)]
vg-suppressions: suppress more GLib-related memleaks
g_get_charset, g_get_filename_charsets, g_strerror, g_get_home_dir all
return a const char pointer. get_global_random is internally called by
g_random_int, g_random_int_range, etc.
On Arch Linux with glibc 2.26-11 and glib2 2.56.0+7+g66948ae23-1,
"call_init" is not visible in the stack trace, so replace it by "...".
It also has "possibly lost" entries due to GLib types initialization
(gobject_init -> _g_enum_types_init). Finally "g_private_set" internally
leaks after calling "g_private_get_impl".
Change-Id: Ifb2be3188add7bdd060d1e7321c8126e5924a738
Reviewed-on: https://code.wireshark.org/review/27118
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Mon, 23 Apr 2018 21:00:53 +0000 (23:00 +0200)]
QUIC: fix NEW_CONNECTION_ID dissection (draft -11)
Since draft -11, NCI CID has become non-fixed with a length prefix. See
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-7.13
Only dissection is implemented, processing it for connection migration
will be done in the future.
Bug: 13881
Change-Id: I4be8c2eb306d5c1090b28ed2a6386c6c9006c561
Reviewed-on: https://code.wireshark.org/review/27107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peter Wu [Mon, 23 Apr 2018 14:53:40 +0000 (16:53 +0200)]
QUIC: add (expert) info for connection-related info
Include "quic.connection.number" for easier filtering of a connection
and to detect which connection packets are associated with. Expert info
is shown when a packet cannot be associated (due to dissector bug or
protocol violations).
Bug: 13881
Change-Id: I097e41d1abff629d6f8cc25396bad60c6790e84e
Reviewed-on: https://code.wireshark.org/review/27099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dario Lombardo [Tue, 24 Apr 2018 10:26:47 +0000 (12:26 +0200)]
tools: make rpm and debian setup scripts more similar.
Change-Id: Ie46d56aff91694a3b8c4c62b4b03e38d3fb1e68a
Reviewed-on: https://code.wireshark.org/review/27116
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Ivan Nardi [Mon, 23 Apr 2018 10:00:36 +0000 (12:00 +0200)]
gtp: update values used as accepted cause in session tracking
v1: TS 29.060 7.3.2: A PDP context has not been created in the GGSN if the
Cause differs from "Request accepted", "New PDP type due to network
preference" or "New PDP type due to single address bearer only"
v2: TS 29.274 8.4: Acceptance in a Response / triggered message:
"Request accepted", "Request accepted partially", "New PDN type due to
network preference" and "New PDN type due to single address bearer only"
Change-Id: I8d3b2fc3c35e4a3e3d281cf0e5c97f084616a05d
Reviewed-on: https://code.wireshark.org/review/27093
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Joakim Karlsson [Tue, 24 Apr 2018 18:20:33 +0000 (20:20 +0200)]
cmake: remove warnings -Werror=old-style-definition
see https://cmake.org/Bug/bug_relationship_graph.php?bug_id=15058
Change-Id: I325f476b145a542e987a13bedd1f95a7d8faba94
Reviewed-on: https://code.wireshark.org/review/27121
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dario Lombardo [Tue, 24 Apr 2018 11:57:39 +0000 (13:57 +0200)]
bluecom: fix compilation with gcc-4.
../epan/dissectors/packet-bluecom.c: In function 'dissect_bluecom':
../epan/dissectors/packet-bluecom.c:498:43: error: variable 'block' might be clobbered by 'longjmp' or 'vfork' [-Werror=clobbered]
guint cmd, flags, blocknb, segcode=0, block;
Change-Id: I148ba4bc6b3e026f0626120235c59305b5204529
Reviewed-on: https://code.wireshark.org/review/27119
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Dario Lombardo [Tue, 24 Apr 2018 10:34:37 +0000 (12:34 +0200)]
RPM: remove packaging/rpm/SPECS/wireshark.spec.in.
Not used anymore.
Change-Id: I22dd0ad073059064630f7a7683b82724e2bfa452
Reviewed-on: https://code.wireshark.org/review/27117
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dario Lombardo [Tue, 24 Apr 2018 09:58:49 +0000 (11:58 +0200)]
cmake: remove gtk find scripts.
Change-Id: I1645b664ddbf879e82bd4759d26993eab9f2490e
Reviewed-on: https://code.wireshark.org/review/27115
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Tue, 24 Apr 2018 09:56:51 +0000 (11:56 +0200)]
tools: remove install_rpms_for_devel.sh.
Obsoleted by tools/rpm_setup.sh.
Change-Id: I2d13f4ae96970802b2edfe3e4028ec37b9cb6269
Reviewed-on: https://code.wireshark.org/review/27113
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Tue, 24 Apr 2018 08:32:22 +0000 (01:32 -0700)]
Strengthen the heuristcs that check for "alternate" pcap formats.
Try to read up to 3 pcap records, making the value a #define so that we
can crank it up if necessary.
Bug: 14595
Change-Id: Ie9d62a1763fe7d1d46fdd8781691ea975770f3d7
Reviewed-on: https://code.wireshark.org/review/27111
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Tue, 24 Apr 2018 07:35:52 +0000 (00:35 -0700)]
Clean up a warning.
offset has to be volatile, as it's used in a loop that involves the
setjmp/longjmp-based TRY mechanism.
Instead of passing pointers to the offset to routines that dissect
headers, have the routines take the offset as an argument and return the
updated offset, to avoid having to mark said pointers as pointing to a
volatile variable.
Update comments while we're at it.
Change-Id: I3058a4e6a736c234ad7508521c9fe9da358b6096
Reviewed-on: https://code.wireshark.org/review/27109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
chinarulezzz [Mon, 23 Apr 2018 18:45:48 +0000 (21:45 +0300)]
remove redundant break statement
Change-Id: Ib6d4bbb1662d921fc4b5920b50e47d2b30ebb95c
Reviewed-on: https://code.wireshark.org/review/27103
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
chinarulezzz [Sun, 22 Apr 2018 18:16:06 +0000 (21:16 +0300)]
tools/cppcheck/cppcheck.sh: improve script; add new option: colorize html output
Change-Id: I34dad2fa9ea80529997103491219027edaf3ac41
Reviewed-on: https://code.wireshark.org/review/27080
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jakub Zawadzki [Sun, 22 Apr 2018 14:29:04 +0000 (16:29 +0200)]
oss-fuzzshark: use install directory for headers. Install missing one.
From compilation log:
epan/ipv4.h:19:10: fatal error: 'wsutil/inet_ipv4.h' file not found
tools/oss-fuzzshark/fuzzshark.c:27:10: fatal error: 'version_info.h' file not found
Change-Id: I3e147e014ae398ae07e64aec5a6535a8f9e357a3
Reviewed-on: https://code.wireshark.org/review/27076
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dylan Ulis [Mon, 23 Apr 2018 00:48:27 +0000 (20:48 -0400)]
Rename ENIP conversation menus to CIP
Even though these are (currently) implemented in the enip dissector,
these conversations are actually for different types of CIP connections.
This changes makes it obvious to CIP users/developers what these are.
EtherNet/IP (enip) is mainly the encapsulation layer that allows CIP to
function on Ethernet.
Change-Id: I760f832026e35aec412d51d80e85a997b341e0b4
Reviewed-on: https://code.wireshark.org/review/27086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Fri, 20 Apr 2018 12:04:50 +0000 (14:04 +0200)]
wsutil: use json-glib instead of jsmn if present.
Change-Id: I61b0fc2c23ad08aba3e29471bdfef6cab682bb21
Reviewed-on: https://code.wireshark.org/review/27056
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 23 Apr 2018 15:31:25 +0000 (08:31 -0700)]
CMake: Doxygen and API reference target updates.
The DOXYGEN_* variables which we use to create doxygen.cfg are native
paths and are not compatible with Cygwin. We could try to make them
compatible, but given that we're trying to migrate away from Cygwin set
"DOXYGEN_EXECUTABLE" to "DOXYGEN_EXECUTABLE-NOTFOUND" if "cyg" is anywhere
in its path.
Add the wsar_html* targets to "Docs" and exclude them from Visual Studio's
default build.
Change-Id: Id23a3c43a9f4f1edb2d827bbf36a3a7eb64f0212
Reviewed-on: https://code.wireshark.org/review/27100
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 23 Apr 2018 17:01:21 +0000 (10:01 -0700)]
CMake: If we find Strawberry's xsltproc, un-find it.
Strawberry Perl ships with xsltproc but no DocBook XML files, which will
break the User's and Developer's Guide targets. Set XSLTPROC_EXECUTABLE
to XSLTPROC_EXECUTABLE-NOTFOUND if "strawberry" is anywhere in its path.
Change-Id: I070eaa247a24a1a79fcdb01256dd5812aa8f6fa8
Reviewed-on: https://code.wireshark.org/review/27101
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Mon, 23 Apr 2018 21:54:43 +0000 (23:54 +0200)]
TLS13: add draft-27 and draft-28 version numbers
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Mon, 23 Apr 2018 20:45:15 +0000 (13:45 -0700)]
Redo dissction of blocks in a bluecom packet.
It *looks* as if a bluecom packet has a count of blocks, and a sequence
of that number of blocks, with each one containing a block header and a
block data.
Dissect the packet in that fashion. If we get an exception (other than
"we hit the snaplen") while dissecting a block, record it and step on to
the next block.
Don't try to avoid hitting the snaplen - we *want* that to be reported,
so the user knows that the capture only includes the first part of the
packet.
Change-Id: I1b668ffea9b67d3a6ff06100b868f7d941c1f509
Reviewed-on: https://code.wireshark.org/review/27106
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
chinarulezzz [Mon, 23 Apr 2018 18:44:29 +0000 (21:44 +0300)]
fix link speed indication
Change-Id: I01351f6b4693ef5135c508124bce2d0aff8c8208
Reviewed-on: https://code.wireshark.org/review/27102
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu [Mon, 23 Apr 2018 10:19:38 +0000 (12:19 +0200)]
QUIC: fix short header decryption (draft -11)
Now that the DCID is known from the connection, fix offset calculation.
Bug: 13881
Change-Id: Ic64505247ec0e2d1de2bd5153e4d2264be5114c2
Depends-On: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27098
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peter Wu [Sat, 21 Apr 2018 12:18:03 +0000 (14:18 +0200)]
QUIC: implement connection migration (draft -10 and -11)
QUIC connections can survive address and port changes and should not be
tracked per UDP conversation, but by Connection ID instead. To make this
possible, early on (before full dissection), DCID and SCID are parsed
from the header and then used to associate packets with new or existing
QUIC connections.
Previously a "connection" was always created when missing (in a
conversation). Now it will only be created if an Initial Packet is
found (by DCID or address + port). If not found, as side-effect packet
number tracking will fail. This can be changed if needed.
This work also prepares for proper draft-11 short packet dissection and
use of NEW_CONNECTION_ID frames. Additionally, it now assumes draft 11
rather than draft 10 if the version number is not recognized.
Only tested with ngtcp2-10.pcap which has a single UDP conversation.
Bug: 13881
Change-Id: I58740c38bb62400d22481a26f83f247f9b539d56
Reviewed-on: https://code.wireshark.org/review/27068
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peter Wu [Mon, 23 Apr 2018 10:11:22 +0000 (12:11 +0200)]
QUIC: fix decoding of initial_max_streams_uni/bidi
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2
2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peter Wu [Mon, 23 Apr 2018 07:48:00 +0000 (09:48 +0200)]
QUIC: fix decryption with long header (draft -11)
The header length has increased in draft -11.
Bug: 13881
Change-Id: Iaa3f4cb14b88a3c5cb53373245c1929113910893
Reviewed-on: https://code.wireshark.org/review/27096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
git.samba.org / metze / wireshark / wip.git / log