metze/wireshark/wip.git
3 years ago[Nettrace] Parse timestamps and add to individual packets.
AndersBroman [Tue, 20 Oct 2015 13:47:40 +0000 (15:47 +0200)]
[Nettrace] Parse timestamps and add to individual packets.

Change-Id: I4a84f19011ef0e02836c84dff665b6fcadbf59ae
Reviewed-on: https://code.wireshark.org/review/11180
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoTDS: add more casts to please OSX 10.5 x86 buildbot
Pascal Quantin [Tue, 20 Oct 2015 13:58:20 +0000 (15:58 +0200)]
TDS: add more casts to please OSX 10.5 x86 buildbot

Change-Id: I92f3c2b869132da38f15c20355abd24d4e11639c
Reviewed-on: https://code.wireshark.org/review/11181
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoNCP2222: use wmem string buffer to build search pattern string
Pascal Quantin [Mon, 19 Oct 2015 08:59:55 +0000 (10:59 +0200)]
NCP2222: use wmem string buffer to build search pattern string

Bug: 11591
Change-Id: I2c76938234da076fd22f77dc0ce04d09a9a0ba6c
Reviewed-on: https://code.wireshark.org/review/11142
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoTDS: try to pacify buildbots
Pascal Quantin [Tue, 20 Oct 2015 10:44:18 +0000 (12:44 +0200)]
TDS: try to pacify buildbots

Change-Id: Ic54cdf0849fb5b4b4f5147b170184fedcb9c1e76
Reviewed-on: https://code.wireshark.org/review/11177
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoTDS: fix variable 'header_length' is uninitialized when used here [-Wuninitialized]
Alexis La Goutte [Tue, 20 Oct 2015 06:38:05 +0000 (08:38 +0200)]
TDS: fix variable 'header_length' is uninitialized when used here [-Wuninitialized]

fix also (header) item length

Change-Id: I4107fdb3020789a55e71814a42a53830e0371ea1
Reviewed-on: https://code.wireshark.org/review/11170
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoTCP: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
Alexis La Goutte [Mon, 19 Oct 2015 05:44:46 +0000 (07:44 +0200)]
TCP: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang

Change-Id: Ib63d634b08da60c300e124e93399442adbde1c5e
Reviewed-on: https://code.wireshark.org/review/11169
Reviewed-by: Matthieu Coudron <matthieu.coudron@lip6.fr>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agonbns: Added closing parenthesis on flags item
Stig Bjørlykke [Tue, 20 Oct 2015 06:50:43 +0000 (08:50 +0200)]
nbns: Added closing parenthesis on flags item

Change-Id: I022ed8e9b14290c69a64f08f9bf373d34fb25afa
Reviewed-on: https://code.wireshark.org/review/11173
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
3 years agoTDS: fix implicit conversion shortens 64-bit value into a 32-bit value
Alexis La Goutte [Tue, 20 Oct 2015 06:40:50 +0000 (08:40 +0200)]
TDS: fix implicit conversion shortens 64-bit value into a 32-bit value

Change-Id: Ib436e5f5dab4d155cfea092a44b92abef9d46133
Reviewed-on: https://code.wireshark.org/review/11171
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
3 years agoUpdate TDS dissector to latest version of protocol.
Nathan Cole [Fri, 16 Oct 2015 16:35:22 +0000 (17:35 +0100)]
Update TDS dissector to latest version of protocol.

Dissector updated to recognise and dissect up to TDS 7.4. Most response tokens
now fully parsed and registered, allowing for much more granular filtering and
output. Virtually all TDS datatypes now parsed and presented in human readable
format.

Version dependent decisions now default to TDS 7.2 in the absence of
version information in the data, making successful dissection more likely.

Bug: 11603
Change-Id: Iabaa35c74b104d56eda7e043302d14e99cb7aa06
Reviewed-on: https://code.wireshark.org/review/11100
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoRequire libgcrypt 1.4.2, add cmake version detection
Peter Wu [Wed, 14 Oct 2015 17:40:24 +0000 (19:40 +0200)]
Require libgcrypt 1.4.2, add cmake version detection

libgcrypt 1.4.2 is required since since v1.11.0-rc1-2787-g23f9100
("Really add support for AEAD ciphers (GCM)") due to the use of
gcry_cipher_setctr. Bump the version in configure.ac too.

Add version check for gcrypt to cmake. Tested with CentOS 6 (cmake
2.8.12.2, libgcrypt 1.4.5).

Change-Id: I93c3ed902a764d9d14675779e866230d073c96d5
Reviewed-on: https://code.wireshark.org/review/11043
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoProfinet: Add Watchdog Factor data field in IOCRBlockReq.
Thomas Wiens [Mon, 19 Oct 2015 21:41:57 +0000 (23:41 +0200)]
Profinet: Add Watchdog Factor data field in IOCRBlockReq.

The Watchdog Factor was displayed as Data Hold Factor, which was wrong.
Attribute type of the Watchdog Factor is also Unsigned16.

Change-Id: Ic5f32b9b322c225361be50b1f4a3180638a0c88b
Reviewed-on: https://code.wireshark.org/review/11161
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoBugfix missing NULL elements for proto_tree_add_bitmask array values.
Michael Mann [Mon, 19 Oct 2015 20:46:19 +0000 (16:46 -0400)]
Bugfix missing NULL elements for proto_tree_add_bitmask array values.

Change-Id: Idbe7ee2750233eea3cb7c2bbef2bbb2c629a0183
Reviewed-on: https://code.wireshark.org/review/11160
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agox11: update X11 from last mesa and xcb
Alexis La Goutte [Sat, 17 Oct 2015 13:39:46 +0000 (15:39 +0200)]
x11: update X11 from last mesa and xcb

Change-Id: Ic3567b4789385a29bb420fba5c56bd5fecbb6a22
Reviewed-on: https://code.wireshark.org/review/11114
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agoDo -fPIC only if it's necessary.
Guy Harris [Fri, 16 Oct 2015 02:57:57 +0000 (19:57 -0700)]
Do -fPIC only if it's necessary.

Or, at least, undo the unconditional addition of -fPIC to
Qt5Widgets_EXECUTABLE_COMPILE_FLAGS, and add it back only if we need it
to compile a small test program that includes <QtCore>.

-fPIC still shows up for other reasons; perhaps we need to undo other
unconditional operations "helpfully" done by Qt5CoreConfigExtras.cmake.

Change-Id: I76c1b01b3dce7398e4115552bc4ff87bc775e027
Reviewed-on: https://code.wireshark.org/review/11079
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoOn UN*X, use XDG_CONFIG_HOME/wireshark for configuration files.
Guy Harris [Sun, 18 Oct 2015 22:02:52 +0000 (15:02 -0700)]
On UN*X, use XDG_CONFIG_HOME/wireshark for configuration files.

If it doesn't exist, but ~/.wireshark does, continue to use that, for
backwards compatibility.

Derived from change I7fa64d6e8bd43c6a5dec93e30a4f69a747c34256.

Bug: 6353
Change-Id: I937f94b19a371486b7ea2228e51994cc4c72b501
Reviewed-on: https://code.wireshark.org/review/11137
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoX11 (doc): now more of 200Mb for mesa git repo
Alexis La Goutte [Sat, 17 Oct 2015 13:28:12 +0000 (15:28 +0200)]
X11 (doc): now more of 200Mb for mesa git repo

Change-Id: I98e382e60868c20415a35026100e5c4e4a67e010
Reviewed-on: https://code.wireshark.org/review/11112
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agomake-version.pl: no need for git-ls-remote
Peter Wu [Wed, 14 Oct 2015 17:13:08 +0000 (19:13 +0200)]
make-version.pl: no need for git-ls-remote

In subversion, the URL was needed to find the branch. This is not needed
for git where a 'git branch' command suffices.

Remove the unused URL handling from git, this fixes a warning during
cmake on RHEL6 and avoids a fallback to SVN:

    Version configuration file version.conf not found.  Using defaults.
    usage: git ls-remote [--heads] [--tags]  [-u <exec> | --upload-pack <exec>] <repository> <refs>...
    Unable to open ./.svn/entries
    #define VCSVERSION "v2.1.0rc0-69-g2eb7e87"
    #define VCSBRANCH "master"

Print the SVN warning to stderr, this avoids a compilation failure due
to a syntax error in version.h.

Change-Id: Idb28e74b7a9bf592686b45349cf5e81f85f6c358
Reviewed-on: https://code.wireshark.org/review/11041
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agox11 generator: Support new XCB paramref
Peter Harris [Sat, 17 Oct 2015 00:15:10 +0000 (20:15 -0400)]
x11 generator: Support new XCB paramref

Change-Id: I8ae38785bd0f2f81fa2164b5bc29274bd7e940f5
Reviewed-on: https://code.wireshark.org/review/11105
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agoQt: fix time shift
Gerald Combs [Thu, 15 Oct 2015 21:14:10 +0000 (23:14 +0200)]
Qt: fix time shift

Add a timeShifted signal to TimeShiftDialog and use it to update the
packet list and model. Add drawCurrentPacket to PacketList so that we
can do a more thorough job of redrawing the current packet and tree.

Bug: 11575
Change-Id: I960d8cdbf6872e3f71007cb4d2bbd5457f268257
Reviewed-on: https://code.wireshark.org/review/11068
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoAdd a margin to the main statusbar layout.
Gerald Combs [Mon, 19 Oct 2015 17:37:03 +0000 (10:37 -0700)]
Add a margin to the main statusbar layout.

Add a margin between the left edge of the window and the expert icon.
This makes it easier to distinguish between clicking on the expert icon
and resizing the window, at least on OS X.

Change-Id: Ibe20f3112862dc72f3be5d31f50656d081bbc110
Reviewed-on: https://code.wireshark.org/review/11151
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoSeparate out sname and cname in Kerberos dissector.
Michael Mann [Mon, 18 May 2015 11:40:49 +0000 (07:40 -0400)]
Separate out sname and cname in Kerberos dissector.

Bug: 4479
Change-Id: I41de06f2e3eea0c44edd659ed053f628406550c6
Reviewed-on: https://code.wireshark.org/review/11125
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years ago[OpenFlow] Fix a crash caused by the same filter name used for several
AndersBroman [Mon, 19 Oct 2015 16:15:14 +0000 (18:15 +0200)]
[OpenFlow] Fix a crash caused by the same filter name used for several
different ftypes.

Change-Id: Idf4335b2ab733af74afd23bdde066bff81d13952
Reviewed-on: https://code.wireshark.org/review/11148
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoIf it's used by dissectors, it belongs in to_str.h, not to_str-int.h.
Guy Harris [Mon, 19 Oct 2015 16:39:59 +0000 (09:39 -0700)]
If it's used by dissectors, it belongs in to_str.h, not to_str-int.h.

Assuming *any* of the routines that generate printable strings should be
thought of as "for internal use by libwireshark routines only, not by
dissectors", the ones that *are* used by dissectors obviously shouldn't
be.  The ability for dissectors to register address types certainly
expands the list of routines they would use.

Move everything used by dissectors from to_str-int.h into to_str.h, and
have dissectors not include to_str-int.h.

(Perhaps we should just get rid of to_str-int.h altogether.)

Change-Id: I3c583351f038233c9bcd8f9216188f82630267fa
Reviewed-on: https://code.wireshark.org/review/11149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoRLC LTE graph: allow switching between zoom and drag, and place limits on each
Martin Mathieson [Mon, 19 Oct 2015 13:28:51 +0000 (06:28 -0700)]
RLC LTE graph: allow switching between zoom and drag, and place limits on each

Change-Id: I9fb9fa5be25dc56810dcbf2d4d5607d79eed541e
Reviewed-on: https://code.wireshark.org/review/11146
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
3 years agox11 generator: Don't crash when a switch is in a struct
Peter Harris [Sat, 17 Oct 2015 00:57:34 +0000 (20:57 -0400)]
x11 generator: Don't crash when a switch is in a struct

The size calculation for the struct will be wrong (too small) which looks
strange in the GUI when the children elements extend past the region
marked by their parent. But it doesn't seem to cause any actual problems,
there is only one request affected by this, and correct size calculation
(by recursing the switch) would take a fair amount of work.

Change-Id: I1847f736153daf59b8dbf3299005a772ffe9673a
Reviewed-on: https://code.wireshark.org/review/11107
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agox11 generator: Fix struct size with array
Peter Harris [Sat, 17 Oct 2015 00:43:51 +0000 (20:43 -0400)]
x11 generator: Fix struct size with array

my $count here shadows my $count in the outer scope, preventing the size
of constant sized arrays from being calculated correctly.

Change-Id: I89c989ee2d288d4828871ebab650807fbde747dd
Reviewed-on: https://code.wireshark.org/review/11106
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agox11 generator: Allow perl 5.20 and newer
Peter Harris [Fri, 16 Oct 2015 22:15:43 +0000 (18:15 -0400)]
x11 generator: Allow perl 5.20 and newer

Despite promises from the Perl maintainers to remove or at least
drastically change given/when and smartmatch, that still hasn't happened
as of 5.22.

We can cross that bridge when we come to it. Until then, assume they're
never going to break given/when.

Change-Id: If9270bd6fd819d24c58f31f2dfe0d88e831b19fe
Reviewed-on: https://code.wireshark.org/review/11104
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agoExplain what it means that Wireshark can now open PCAP files (as MIME files).
Jeff Morriss [Fri, 16 Oct 2015 01:50:17 +0000 (21:50 -0400)]
Explain what it means that Wireshark can now open PCAP files (as MIME files).

The title "New File Format Support" containing a list that included PCAP and
PCAPNG caught my eye: Wireshark has supported those for years.  (Attempt to)
explain what it means.

Change-Id: I472fabcca00befee9032cd7ef11bf30257b8ff8e
Reviewed-on: https://code.wireshark.org/review/11076
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 1a434143693a7f9ce103dfcf53e60c63415c81e8)
Reviewed-on: https://code.wireshark.org/review/11147
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agox11 generator: some blacklisted structs are now used.
Jeff Morriss [Tue, 13 Oct 2015 01:23:17 +0000 (21:23 -0400)]
x11 generator: some blacklisted structs are now used.

Also, die more gracefully than:

    Can't use string ("1") as a HASH ref while "strict refs" in use at
    ../../tools/process-x11-xcb.pl line 675.
    at ../../tools/process-x11-xcb.pl line 1859
    at ../../tools/process-x11-xcb.pl line 1859

when blacklisted (previously unused) structures start being used in the
xcbproto source.

(It's still not possible to regenerate the X11 dissector but this is a step...)

Change-Id: I1dec16a7a479d5f453c5f54e561aa8238eb21280
Reviewed-on: https://code.wireshark.org/review/10972
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
3 years agoX509AF: ensure that BER dissector successfully decoded a bit string before calling...
Pascal Quantin [Mon, 19 Oct 2015 12:23:12 +0000 (14:23 +0200)]
X509AF: ensure that BER dissector successfully decoded a bit string before calling RSA Public Key dissection

Bug: 11612
Change-Id: Ia1279b5991604631241398ab19f0652e36a2114e
Reviewed-on: https://code.wireshark.org/review/11144
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoX509AF: protect against a comparison with a NULL algorithm_id string
Pascal Quantin [Mon, 19 Oct 2015 10:07:50 +0000 (12:07 +0200)]
X509AF: protect against a comparison with a NULL algorithm_id string

Bug: 11611
Change-Id: Ide8a26f74c99405b53acf394041ddf4a599da90a
Reviewed-on: https://code.wireshark.org/review/11143
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoDon't fallback to thinking we have SVN; say Git if we didn't find a VCS.
Jeff Morriss [Tue, 13 Oct 2015 19:54:14 +0000 (15:54 -0400)]
Don't fallback to thinking we have SVN; say Git if we didn't find a VCS.

The 2.0.0rc0 Gtk+ GUI, when built from a source tarball, currently puts the
version in the title bar with the string "SVN Rev Unknown".  This changes it
to say "Git Rev Unknown".

(I think there's a Better Way but that will come later.)

Change-Id: I04c903f20554cf681bac09a51a3ef46bb41696f1
Reviewed-on: https://code.wireshark.org/review/10984
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agoEliminate unused method arguments and class members.
Guy Harris [Mon, 19 Oct 2015 08:22:32 +0000 (01:22 -0700)]
Eliminate unused method arguments and class members.

(Yes, clang "Apple LLVM version 7.0.0 (clang-700.0.72)" complains about
it.)

Change-Id: I5b9ddff26664e20c1129e0b2494bd96c1903c6d9
Reviewed-on: https://code.wireshark.org/review/11141
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoAllJoyn: prevent an infinite loop
Pascal Quantin [Sun, 18 Oct 2015 20:44:09 +0000 (22:44 +0200)]
AllJoyn: prevent an infinite loop

Display an expert error when the argument is empty

Bug: 11607
Change-Id: I8682eab8fe1822f784e848220ff90de4eb5e13ff
Reviewed-on: https://code.wireshark.org/review/11132
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agoDCOM: ensure to initialize IPv4 variable put on the stack
Pascal Quantin [Sun, 18 Oct 2015 21:12:30 +0000 (23:12 +0200)]
DCOM: ensure to initialize IPv4 variable put on the stack

Bug: 11610
Change-Id: I920b88ab035ff34e7cff9eab8158aa2dabe2faac
Reviewed-on: https://code.wireshark.org/review/11134
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years ago[lmp] don't THROW() an exception from a dissector
Martin Kaiser [Sun, 18 Oct 2015 17:05:52 +0000 (19:05 +0200)]
[lmp] don't THROW() an exception from a dissector

Change-Id: I274be5700a68a7698b6a8de9bf577af548055480
Reviewed-on: https://code.wireshark.org/review/11133
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years ago[Automatic update for 2015-10-18]
Gerald Combs [Sun, 18 Oct 2015 15:18:58 +0000 (08:18 -0700)]
[Automatic update for 2015-10-18]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: I717ca04b801731df4433ed94f285b33ccb4d15c1
Reviewed-on: https://code.wireshark.org/review/11129
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoUMTS FP: fix another out of bounds access
Pascal Quantin [Sun, 18 Oct 2015 08:58:37 +0000 (10:58 +0200)]
UMTS FP: fix another out of bounds access

According to NBAP ASN.1, the maximum DCH ID value is 255

Bug: 11606
Change-Id: Ic5c85a31eb1a84d59f25baaed4afbd040a7852c5
Reviewed-on: https://code.wireshark.org/review/11126
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
4 years agox509af: dissect subjectPublicKey for RSA
Peter Wu [Tue, 15 Sep 2015 21:24:26 +0000 (23:24 +0200)]
x509af: dissect subjectPublicKey for RSA

The subjectPublicKey field of a Certificate (TBSCertificate) is defined
as type BIT STRING. The actual contents depend on the Algorithm
Identifier which is preceding the subjectPublicKey field.

This patch adds support for dissection of the public key for RSA
public keys which show up below the subjectPublicKey tree:

    subjectPublicKeyInfo
        algorithm (rsaEncryption)
            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
        subjectPublicKey: 3082010a0282010100b7c769e2d0eacaeb929fc08238a9ff...
            modulus : 0x00b7c769e2d0eacaeb929fc08238a9ffc59cab39c28a2e26...
            publicExponent: 65537

Change-Id: Ib92645433b0a0078a947ff0ac26c5e6a64877b93
Reviewed-on: https://code.wireshark.org/review/10967
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agoDon't parse services file twice, respect user settings
João Valverde [Tue, 6 Oct 2015 08:11:46 +0000 (09:11 +0100)]
Don't parse services file twice, respect user settings

Platform file '/etc/services' is the same as Wireshark's
'/usr/share/wireshark/services', only Wireshark's is more recent
(on my system, same goes for other platforms I assume).

Use only Wireshark's IANA services files.

Other benefits would be removing some platform specific #ifdefs and making
service names more consistent.

Also respect user services settings by parsing $PERSCONFIG_DIR/services
after $SYSCONFIG_DIR/services.

Change-Id: I9890473af92763e02dabd2386eaa767aed2f2899
Reviewed-on: https://code.wireshark.org/review/10941
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agoNBAP: fix indent (use 8 spaces)
Alexis La Goutte [Sat, 17 Oct 2015 12:51:50 +0000 (14:51 +0200)]
NBAP: fix indent (use 8 spaces)

Change-Id: I79c19f887cc868cb861631fe6926f0ec2b903a8c
Reviewed-on: https://code.wireshark.org/review/11111
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agoLTE RLC Graph: add support for going to packet clicked
Martin Mathieson [Sat, 17 Oct 2015 15:54:55 +0000 (08:54 -0700)]
LTE RLC Graph: add support for going to packet clicked

Change-Id: I7e1ada7508c33f7ccea5703a9ea9e2a76ecdb706
Reviewed-on: https://code.wireshark.org/review/11118
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
4 years agoqt: add missing initializer (CID 1317258)
Dario Lombardo [Mon, 12 Oct 2015 20:52:06 +0000 (22:52 +0200)]
qt: add missing initializer (CID 1317258)

Change-Id: I0a38d09d025525501173486284fa4ffba3335ce9
Reviewed-on: https://code.wireshark.org/review/10968
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years ago[giop] don't THROW() an exception from a dissector
Martin Kaiser [Sat, 17 Oct 2015 17:50:09 +0000 (19:50 +0200)]
[giop] don't THROW() an exception from a dissector

btw the exception was thrown only if tree!=NULL...

Change-Id: I3a0d46de715df6ada5fda3db126ade210a6201c1
Reviewed-on: https://code.wireshark.org/review/11122
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years agoUMTS FP: fix an out of bounds access
Pascal Quantin [Sat, 17 Oct 2015 15:12:46 +0000 (17:12 +0200)]
UMTS FP: fix an out of bounds access

Bug: 11602
Change-Id: I636a5494a0eda5895e856e80424be29f01c758bf
Reviewed-on: https://code.wireshark.org/review/11117
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
4 years ago[m2pa] remove unnecessary if (tree) checks
Martin Kaiser [Sat, 17 Oct 2015 15:59:50 +0000 (17:59 +0200)]
[m2pa] remove unnecessary if (tree) checks

Change-Id: I36e25805195f2fc873397814e0f7cbe712da3554
Reviewed-on: https://code.wireshark.org/review/11120
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years ago[m2pa] don't THROW() an exception from a dissector
Martin Kaiser [Sat, 17 Oct 2015 15:54:14 +0000 (17:54 +0200)]
[m2pa] don't THROW() an exception from a dissector

in this case, we can just return; the dissector already brings up an expert info

Change-Id: I6595a865e5250da31d6f1a411d84e7860a9dde1c
Reviewed-on: https://code.wireshark.org/review/11119
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
4 years agoNBAP: avoid dereferencing a NULL pointer
Pascal Quantin [Sat, 17 Oct 2015 11:28:19 +0000 (13:28 +0200)]
NBAP: avoid dereferencing a NULL pointer

Bug: 11602
Change-Id: I56b9db19eca416c288f36c1f3a4faa7e22b38c8f
Reviewed-on: https://code.wireshark.org/review/11109
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
4 years agoMove the static handling to a place where it is effective during package
Joerg Mayer [Sat, 17 Oct 2015 10:00:27 +0000 (12:00 +0200)]
Move the static handling to a place where it is effective during package
discovery.
  More work needed to get static really working.

v2:
  - Rebase
  - Remove accidentally added macos-setup.sh changes

Change-Id: Ic3a68d2ab7064afffbf5dcfc90925699e8729780
Reviewed-on: https://code.wireshark.org/review/11082
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
4 years agoBluetooth: ATT: Fix Heart Rate Measurement characteristic
Michal Labedzki [Wed, 7 Oct 2015 15:39:50 +0000 (17:39 +0200)]
Bluetooth: ATT: Fix Heart Rate Measurement characteristic

Hear Rate flags should be 8-bits, not 16.

Change-Id: I31e3219bcdc60f3c649ef2c4f7775c10c1391d6f
Reviewed-on: https://code.wireshark.org/review/11022
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: Make dissectors independent of passed data
Michal Labedzki [Sun, 27 Sep 2015 16:22:32 +0000 (18:22 +0200)]
Bluetooth: Make dissectors independent of passed data

If Bluetooth dissectors has additional data from previous layer - good.
But if do not... try to decode as much as possible - probably using
some "force" dissector preferences you can decode payload correctly.

Change-Id: I6427afafb987ed3b9b751fd91616e670802b3542
Reviewed-on: https://code.wireshark.org/review/11021
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: ATT: Print names assigned to handles in info column
Michal Labedzki [Tue, 6 Oct 2015 17:39:42 +0000 (19:39 +0200)]
Bluetooth: ATT: Print names assigned to handles in info column

This increase readability.

Change-Id: I033ae557316f40b292da2c9b3f99692bbe21cf4d
Reviewed-on: https://code.wireshark.org/review/11020
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: Fix expert info for undecoded data
Michal Labedzki [Fri, 25 Sep 2015 09:23:39 +0000 (11:23 +0200)]
Bluetooth: Fix expert info for undecoded data

Swap PI_* values avoid crashes (assert...) of expert info.

Change-Id: I5f5188c9358a4ac93565fc079a3a0e8ea4b7f965
Reviewed-on: https://code.wireshark.org/review/11019
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: Fix displaying and handling UUID128
Michal Labedzki [Wed, 9 Sep 2015 15:34:46 +0000 (17:34 +0200)]
Bluetooth: Fix displaying and handling UUID128

Use a standard way of displaying 128 UUIDs (like GUID).
This also change a way that UUID are handled by dissector tables.

Change-Id: Ie0f880f58480c34b40dd23c426202349e0620b12
Reviewed-on: https://code.wireshark.org/review/11018
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: ATT: Add missing "Generic" items for Appearance
Michal Labedzki [Fri, 25 Sep 2015 11:42:14 +0000 (13:42 +0200)]
Bluetooth: ATT: Add missing "Generic" items for Appearance

Each category of Appearance has "Generic" value (0x00), so show it as "Generic"
rather then "Unknown".

Change-Id: I572c8336a836a543d82975f0a27f0a06648132b8
Reviewed-on: https://code.wireshark.org/review/11017
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoBluetooth: ATT: Remove DecodeAs UUID16/128
Michal Labedzki [Fri, 25 Sep 2015 09:19:57 +0000 (11:19 +0200)]
Bluetooth: ATT: Remove DecodeAs UUID16/128

There is no good reason to keep decodingAs on ATT layer,
while it is already done for whole Bluetooth: see "BT Service UUID",
which is "always" accessible.

Change-Id: I3df60aa7e781238c5af2af25abc188e9066e1707
Reviewed-on: https://code.wireshark.org/review/11016
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoQt: Add switch between Capture and FileFormat
Michal Labedzki [Mon, 29 Jun 2015 11:05:32 +0000 (13:05 +0200)]
Qt: Add switch between Capture and FileFormat

You can switch now between Capture mode and FileFormat of it.
This works only if there is MIME FileFormat dissector of opened file.

Change-Id: I9e98e972775561cfbe731ee1a1b99300d119efc6
Reviewed-on: https://code.wireshark.org/review/10090
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoMake incomplete dissectors bytes more visible
Michal Labedzki [Fri, 25 Sep 2015 09:16:55 +0000 (11:16 +0200)]
Make incomplete dissectors bytes more visible

Skipped bytes is now visible in Bytes pane.

Change-Id: I17f62caf183d9f871f969869363d9831d810f4d5
Reviewed-on: https://code.wireshark.org/review/11027
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoFix a Qt 5.3 + MSVC 2013 + 64-bit warning.
Gerald Combs [Sat, 17 Oct 2015 02:02:29 +0000 (19:02 -0700)]
Fix a Qt 5.3 + MSVC 2013 + 64-bit warning.

Change-Id: I60837ce9e9a65f6bf318cab5bbacf9e3f4be5553
Reviewed-on: https://code.wireshark.org/review/11108
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoAdd DEGREE SIGN character to utf8_entities.h and use it.
Guy Harris [Fri, 16 Oct 2015 23:24:32 +0000 (16:24 -0700)]
Add DEGREE SIGN character to utf8_entities.h and use it.

Add a #define giving the UTF-8 sequence for DEGREE SIGN, and use it in
packet-synphasor.c rather than having it define its own version.  Use it
in some other places rather than a string of two octal values.

Change-Id: Ic0f3b23ae0165c9824d89304d683f45bce31dced
Reviewed-on: https://code.wireshark.org/review/11102
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoCMake: Add /WX
Gerald Combs [Tue, 15 Sep 2015 00:19:02 +0000 (17:19 -0700)]
CMake: Add /WX

Add "/WX" to the Visual C++ compiler flags if DISABLE_WERROR is off,
similar to config.nmake.

We haven't compiled C++ code with -Wshorten-64-to-32 for quite
some time so there's no need to add -Wno-shorten-64-to-32 in
ui/qt/CMakeLists.txt.

Additionally, squelch

----
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3050) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
        C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3065) : see reference to function template instantiation 'void std::_Median<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_RanIt,_Pr)' being compiled
        with
        [
            _RanIt=QList<QString>::iterator
,            _Pr=bool (__cdecl *)(const QString &,const QString &)
        ]
        C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3127) : see reference to function template instantiation 'std::pair<_RanIt,_RanIt> std::_Unguarded_partition<_RanIt,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
        with
        [
            _RanIt=QList<QString>::iterator
,            _Pr=bool (__cdecl *)(const QString &,const QString &)
        ]
        C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3157) : see reference to function template instantiation 'void std::_Sort<_Iter,int,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Diff,_Pr)' being compiled
        with
        [
            _Iter=QList<QString>::iterator
,            _RanIt=QList<QString>::iterator
,            _Diff=int
,            _Pr=bool (__cdecl *)(const QString &,const QString &)
        ]
        .\rpc_service_response_time_dialog.cpp(130) : see reference to function template instantiation 'void std::sort<QList<QString>::iterator,bool(__cdecl *)(const QString &,const QString &)>(_RanIt,_RanIt,_Pr)' being compiled
        with
        [
            _RanIt=QList<QString>::iterator
,            _Pr=bool (__cdecl *)(const QString &,const QString &)
        ]
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3051) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3052) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\INCLUDE\algorithm(3053) : warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data (.\rpc_service_response_time_dialog.cpp)
----

in both rpc_service_response_time_dialog.cpp and wireshark_application.cpp
so that we'll compile successfully.

Change-Id: I457bcede99dcb1f3c1001f1f559c4901bb000357
Reviewed-on: https://code.wireshark.org/review/10533
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agortp_player(.h): fix empty paragraph passed to '@param' command [-Wdocumentation]
Alexis La Goutte [Fri, 16 Oct 2015 15:09:09 +0000 (17:09 +0200)]
rtp_player(.h): fix empty paragraph passed to '@param' command [-Wdocumentation]

Change-Id: Ifba307673e61be104a3cd9bcc6219c439063d2de
Reviewed-on: https://code.wireshark.org/review/11095
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoKeep CMake from finding Cygwin's Python.
Gerald Combs [Thu, 15 Oct 2015 21:45:45 +0000 (14:45 -0700)]
Keep CMake from finding Cygwin's Python.

Try to find Python and set PYTHON_EXECUTABLE on Windows via the registry
prior to calling FindPythonInterp. This works around a bug in CMake that
prefers Cygwin's Python, which is a symlink, which by default is a text
file that contains a Cygwin-specific cookie, which is therefore useless
outside of Cygwin.

This is avoids the need to pass -DPYTHON_EXECUTABLE=... to CMake.

Change-Id: Ife37221b61d920682c20357b6d139a93067a5ad1
Reviewed-on: https://code.wireshark.org/review/11071
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoAdd OUI-28 to make-manuf.
Gerald Combs [Thu, 15 Oct 2015 19:04:34 +0000 (12:04 -0700)]
Add OUI-28 to make-manuf.

Change-Id: I95b9a4422dab6efbc2d94be49aba5f42784ff3e8
Reviewed-on: https://code.wireshark.org/review/11064
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoFix dist.
Gerald Combs [Fri, 16 Oct 2015 16:01:02 +0000 (09:01 -0700)]
Fix dist.

Fixup the name of the SVG file that contains all of the expert
indicators.

Change-Id: Ia45038fcf965973cc7585cc7c68dc24807e59168
Reviewed-on: https://code.wireshark.org/review/11099
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoGSM: fix dissection of additional access technology type
Pascal Quantin [Fri, 16 Oct 2015 14:22:07 +0000 (16:22 +0200)]
GSM: fix dissection of additional access technology type

Bug: 11599
Change-Id: I80e92eefd233ad7939f8fdf684727164bd89abf4
Reviewed-on: https://code.wireshark.org/review/11094
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
4 years agoQt: fix crash when using Telephony -> VOIP Calls -> Flow Sequence
Pascal Quantin [Fri, 16 Oct 2015 13:00:24 +0000 (15:00 +0200)]
Qt: fix crash when using Telephony -> VOIP Calls -> Flow Sequence

Bug: 11600
Change-Id: I1baa02b3d57ded5602c3c16466e7a9eb87459f61
Reviewed-on: https://code.wireshark.org/review/11091
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
4 years agoImprovements to LTE RLC stats: controls for filtering, and control source of frames...
Martin Mathieson [Fri, 16 Oct 2015 11:58:51 +0000 (04:58 -0700)]
Improvements to LTE RLC stats: controls for filtering, and control source of frames to use

Change-Id: I8af7e168fca2ed1eb5b7ee13e54b3eb4142c1208
Reviewed-on: https://code.wireshark.org/review/11090
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
4 years agoprint.c: use utf8_entities.h
Pascal Quantin [Fri, 16 Oct 2015 09:03:08 +0000 (11:03 +0200)]
print.c: use utf8_entities.h

Change-Id: I92791ec51978be59944628b7eaccd2784dd72be1
Reviewed-on: https://code.wireshark.org/review/11089
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
4 years agoUSB COM: revert ga618f1c change now that g5e8c629 is merged
Pascal Quantin [Fri, 16 Oct 2015 09:01:38 +0000 (11:01 +0200)]
USB COM: revert ga618f1c change now that g5e8c629 is merged

Change-Id: I8a71173b88368f791e9476c2b059d36c57a3b935
Reviewed-on: https://code.wireshark.org/review/11088
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
4 years agossl-utils: allow gcrypt without GnuTLS, improve structure
Peter Wu [Thu, 15 Oct 2015 00:00:47 +0000 (02:00 +0200)]
ssl-utils: allow gcrypt without GnuTLS, improve structure

Fix distinction between HAVE_LIBGNUTLS and HAVE_LIBGCRYPT. If GnuTLS is
unavailable, then the only missing feature is decryption using an RSA
private key file. Regardless of GnuTLS, allow SSL decryption (e.g. using
a SSL key log file or a PSK configured via preferences).

This change has no functional effect when GnuTLS and gcrypt are both
available (or not). Additionally, decryption is possible if only
libgcrypt is available.

Further changes to make ssl-utils more maintainable and documented:
 - Group related functions, add markers and documentation. The following
   functions are moved (with no further modifications):
   - ssl_data_realloc, ssl_data_copy: related to StringInfo.
   - ssl_change_cipher, ssl_create_flow: related to the decryption of a
     session.
   - ssl_decompress_record: related to Record Decompression.
   - ssl_lib_init: moved to an arbitrary place.
   - ssl_set_server: moved closer to ssl_packet_from_server.
   - ssl_is_valid_content_type, ssl_is_valid_handshake_type: move closer
     to dissection code.
   - ssl_dissect_hnd_hello_ext_status_request,
     ssl_dissect_hnd_hello_ext_status_request_v2,
     ssl_dissect_hnd_hello_ext_elliptic_curves,
     ssl_dissect_hnd_hello_ext_ec_point_formats: move to TLS extensions.
 - Remove unused forward declaration of _gcry_rsa_decrypt.
 - ssl-packet-utils.h:
   - Remove ssl_equal, ssl_hash. These are only used in
     packet-ssl-utils.c.
   - ssl_private_key_equal, ssl_private_key_hash,
     ssl_common_register_options: inline when decryption is not
     possible.
   - Remove ws_symbol_export.h, enable SSL debug log when libgcrypt is
     compiled in (instead of depending on GnuTLS).
 - Move/merge stub code when GnuTLS or libgcrypt are not available:
   - ssl_find_cipher: move.
   - ssl_cipher_setiv: move.
   - ssl_generate_pre_master_secret, ssl_generate_keyring_material: move.

Compile-tested all combinations:
 - no GnuTLS, no libgcrypt: CentOS 6.
 - no GnuTLS, has libgcrypt: CentOS 6. Passes all decryption tests
   except for the ones that need a RSA private key file.
 - has GnuTLS, no libgcrypt: Arch Linux.
 - has GnuTLS, has libgcrypt: Arch Linux. The decryption tests pass.
(GnuTLS support is useless without gcrypt, but included for completeness.)

Change-Id: I727248937331f8788de8ed78248bb33296206096
Reviewed-on: https://code.wireshark.org/review/11052
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
4 years agoRLC statistics window can now launch UL or DL graphs
Martin Mathieson [Thu, 15 Oct 2015 12:19:33 +0000 (05:19 -0700)]
RLC statistics window can now launch UL or DL graphs

Change-Id: I9eb1ceacaee6aab510c5a005d40334867cafc8a4
Reviewed-on: https://code.wireshark.org/review/11059
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
4 years agoCorrectly convert clfow.sysuptime to seconds
Bradford Boyle [Fri, 16 Oct 2015 04:15:55 +0000 (00:15 -0400)]
Correctly convert clfow.sysuptime to seconds

Change-Id: I4f2f90ab87eafda954f6161a319976b56c7c3cf1
Reviewed-on: https://code.wireshark.org/review/11081
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoqt: remove dead code
Dario Lombardo [Thu, 15 Oct 2015 15:01:02 +0000 (17:01 +0200)]
qt: remove dead code

Change-Id: I45c2863d77858e488aa415708d77033787e45aee
Reviewed-on: https://code.wireshark.org/review/11060
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoInterpret DHCPv6 DUID-UUID type
Adrian-Ken Rueegsegger [Mon, 12 Oct 2015 19:36:48 +0000 (21:36 +0200)]
Interpret DHCPv6 DUID-UUID type

Dissect DUID type 4 as DUID-UUID type specified in RFC 6355.

Note: The previously implemented interpretation of DUID type 4 as
      link-layer address (old) was according to DHCPv6 draft version 24
      which was removed again in revision 26 of the document, see [1][2].

[1] - http://www.ietf.org/rfcdiff?url1=draft-ietf-dhc-dhcpv6-23&url2=draft-ietf-dhc-dhcpv6-24
[2] - http://www.ietf.org/rfcdiff?url1=draft-ietf-dhc-dhcpv6-25&url2=draft-ietf-dhc-dhcpv6-26

Change-Id: Iaa2c083b7b1fd9f5fed959d436cbe0df71b98c0b
Reviewed-on: https://code.wireshark.org/review/11030
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoBluetooth: GATT: Add support for Nordic's vendor UUIDs
Michal Labedzki [Wed, 16 Sep 2015 13:25:13 +0000 (15:25 +0200)]
Bluetooth: GATT: Add support for Nordic's vendor UUIDs

Add DFU and UART services support.

Change-Id: I028fab3aa826c1d944ccfa0624cf33ce566a5099
Reviewed-on: https://code.wireshark.org/review/11015
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoUSB: Fix bytes highlighting on setup part
Michal Labedzki [Fri, 25 Sep 2015 14:09:53 +0000 (16:09 +0200)]
USB: Fix bytes highlighting on setup part

In a case that Setup part is used as payload within rest of data
(setup and remaining data merged), no bytes are highlighted
on bytes pane. Also move next dissector tree under root tree.

Change-Id: If127f6f2061c60795f2b9940c3a6cb6034cdbdf7
Reviewed-on: https://code.wireshark.org/review/11026
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoQt: add ability to save raw output to follow window
Pascal Quantin [Wed, 14 Oct 2015 21:33:27 +0000 (23:33 +0200)]
Qt: add ability to save raw output to follow window

Bug: 11118
Change-Id: Idd383c16453c06d95bd9cec3f8e9be8daee49f5e
Reviewed-on: https://code.wireshark.org/review/11047
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoQt: various fixes to UAT dialog
Pascal Quantin [Wed, 14 Oct 2015 15:33:23 +0000 (17:33 +0200)]
Qt: various fixes to UAT dialog

- call set callback even when no check callback is available
- convert an ascii string containing hex to an hex string for PT_TXTMOD_HEXBYTES entries
- move update_cb call to the end of stringPrefEditingFinished() (to avoid calling it each time a character is typed in the edit line)
- when a new row is created, ensure that UAT record is configured with the default enum value selected by the GUI

Bug: 11396
Change-Id: I9d1094629b4a014fed1704b35cd795cd7f2f136a
Reviewed-on: https://code.wireshark.org/review/11032
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoTCP(.h): fix comma at end of enumerator list [-Wpedantic]
Alexis La Goutte [Thu, 15 Oct 2015 05:56:50 +0000 (07:56 +0200)]
TCP(.h): fix comma at end of enumerator list [-Wpedantic]

Change-Id: Ib08036ce72bf84c4cca0b30f53d7f953aea379e1
Reviewed-on: https://code.wireshark.org/review/11054
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Matthieu Coudron <matthieu.coudron@lip6.fr>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoUse buttons to display the main status bar icons.
Gerald Combs [Wed, 14 Oct 2015 22:29:04 +0000 (15:29 -0700)]
Use buttons to display the main status bar icons.

Use QToolButtons to display the expert indicator and comment icons in
the main status bar. Use the same style sheet hack we use in
ProgressFrame to un-style the buttons.

Make sure we specify the @2x comment icon in our .qrc file so that it's
loaded and used on retina displays. Move the comment and expert .pngs to
the stock icon directory and use StockIcon to load them. Remove
status.qrc since it's no longer used.

Change-Id: I84485b22656f8f9af29ad3c02446ffefb6657ed5
Reviewed-on: https://code.wireshark.org/review/11048
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoRevert "Remove -fPIC with more than just MSVC."
Guy Harris [Fri, 16 Oct 2015 02:31:22 +0000 (02:31 +0000)]
Revert "Remove -fPIC with more than just MSVC."

This reverts commit 222de975c487977eafce9c6706da2221b6aa2f68.

I realized how to do it with a compile test.

Change-Id: I9468c50777e387c572f60411ca39ea86ba6ce520
Reviewed-on: https://code.wireshark.org/review/11078
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoRevert "+ OR OR OR OR OR"
Guy Harris [Fri, 16 Oct 2015 02:30:45 +0000 (02:30 +0000)]
Revert "+ OR OR OR OR OR"

This reverts commit 6bdfa95a1e6ecd1b82732e7ac8513d1bba54996b.

Next I'll revert my change, as I realized how I *can* do it with a compile test, instead.

Change-Id: I75335ef4522af23340fdc9e5d68634cb5a5835d8
Reviewed-on: https://code.wireshark.org/review/11077
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoMake it possible to not build the Qt RPM (again).
Jeff Morriss [Thu, 15 Oct 2015 18:07:47 +0000 (14:07 -0400)]
Make it possible to not build the Qt RPM (again).

The spec file will build with Qt5 unless told not to; ./configure has to tell
it not to (if the user doesn't have/want Qt).

Change-Id: Ib75462d20c841e75e425b5b07117f10e5573ad58
Reviewed-on: https://code.wireshark.org/review/11061
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
4 years ago+ OR OR OR OR OR
Joerg Mayer [Thu, 15 Oct 2015 22:36:40 +0000 (00:36 +0200)]
+ OR OR OR OR OR

Change-Id: I2e6480a519bd01a924a7145bc1e4e899e3fa1c1c
Reviewed-on: https://code.wireshark.org/review/11073
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
4 years agoRemove -fPIC with more than just MSVC.
Guy Harris [Thu, 15 Oct 2015 22:03:12 +0000 (15:03 -0700)]
Remove -fPIC with more than just MSVC.

There are other compilers that won't like it or even that may not like
it.

Change-Id: I0d50e4217994bc930914c0fbcf1c5d2fc18a0e3a
Reviewed-on: https://code.wireshark.org/review/11072
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoFix pathname (they're relative to the directory containing Makefile.am).
Guy Harris [Thu, 15 Oct 2015 21:44:48 +0000 (14:44 -0700)]
Fix pathname (they're relative to the directory containing Makefile.am).

Change-Id: Ib3d5aae5f813c4fa5fbad420cd96c0daa3e935dc
Reviewed-on: https://code.wireshark.org/review/11069
Reviewed-by: Guy Harris <guy@alum.mit.edu>
4 years agoSwitch ports separator from long to short arrow
Pascal Quantin [Thu, 15 Oct 2015 18:37:06 +0000 (20:37 +0200)]
Switch ports separator from long to short arrow

Not all systems support this glyph

Change-Id: I99784101b4d462991351554e44a5618bfea42a84
Reviewed-on: https://code.wireshark.org/review/11063
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
4 years agoRemove ability to make dissectors "private"
Michael Mann [Wed, 14 Oct 2015 00:34:43 +0000 (20:34 -0400)]
Remove ability to make dissectors "private"

Change-Id: If5897e8137f729503edf2cafb49b2ebeab4716ad
Reviewed-on: https://code.wireshark.org/review/10997
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoAdd missing CMake files to the tarball.
Gerald Combs [Thu, 15 Oct 2015 20:55:47 +0000 (13:55 -0700)]
Add missing CMake files to the tarball.

Make sure we can build from the tarball using CMake. Tested on Windows.

Change-Id: Iffc1ac964279e573aa2a8280b9bb4e799f10a974
Reviewed-on: https://code.wireshark.org/review/11066
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoTry to fix a Qt 5.5.0 + Visual Studio 2013 warning.
Gerald Combs [Wed, 14 Oct 2015 23:50:22 +0000 (16:50 -0700)]
Try to fix a Qt 5.5.0 + Visual Studio 2013 warning.

Try to work around QTBUG-47948:

     1>C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include\xutility(
       2798): warning C4996: 'std::_Equal1': Function call with parameters that
        may be unsafe - this call relies on the caller to check that the passed
        values are correct. To disable this warning, use -D_SCL_SECURE_NO_WARNI
       NGS. See documentation on how to use Visual C++ 'Checked Iterators' [c:\
       Development\wireshark\cmbuild\ui\qt\qtui.vcxproj]
                 C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\include
         \xutility(2783) : see declaration of 'std::_Equal1'
                 C:\Qt\5.5\msvc2013_64\include\QtCore/qvector.h(728) : see refe
         rence to function template instantiation 'bool std::equal<const T*,con
         st T*>(_InIt1,_InIt1,_InIt2)' being compiled
                 with
                 [
                     T=uint
         ,            _InIt1=const uint *
         ,            _InIt2=const uint *
                 ]
                 C:\Qt\5.5\msvc2013_64\include\QtCore/qvector.h(720) : while co
         mpiling class template member function 'bool QVector<uint>::operator =
         =(const QVector<uint> &) const'
                 C:\Development\wireshark\ui\qt\main_window_slots.cpp(314) : se
         e reference to function template instantiation 'bool QVector<uint>::op
         erator ==(const QVector<uint> &) const' being compiled
                 c:\development\wireshark\ui\qt\main_window.h(125) : see refere
         nce to class template instantiation 'QVector<uint>' being compiled

Change-Id: Id6d4554c1b82370d175052e76c1104cd0db0462d
Reviewed-on: https://code.wireshark.org/review/11051
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agoCMake: Don't feed -fPIC to Visual C++, second try.
Gerald Combs [Wed, 14 Oct 2015 23:07:28 +0000 (16:07 -0700)]
CMake: Don't feed -fPIC to Visual C++, second try.

Qt5CoreConfigExtras.cmake in Qt 5.5.0 sets -fPIC unconditionally.

Change-Id: Idf88b0f34b7cec40530702350b417ce1924db9f1
Reviewed-on: https://code.wireshark.org/review/11050
Reviewed-by: Gerald Combs <gerald@wireshark.org>
4 years agotext2pcap: Add test suite
Vasil Velichckov [Thu, 1 Oct 2015 03:43:39 +0000 (06:43 +0300)]
text2pcap: Add test suite

Use the pcap captures from test/captures/ and
- Get information for the input pcap file with capinfos
- Generate an ASCII hexdump with text2pcap
- Convert the ASCII hexdump back to pcap using text2pcap
- Get information for the output pcap file with capinfs
- Check that file type, encapsulation type, number of packets and data size
  in the output file are the same as in the input file

Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e
Reviewed-on: https://code.wireshark.org/review/11042
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
4 years agossl: detect very small heartbeat size
Peter Wu [Mon, 14 Apr 2014 13:03:21 +0000 (15:03 +0200)]
ssl: detect very small heartbeat size

Heartbeat requests with large payload sizes would not be detected
because the record length is smaller than the type, length and MAC,
resulting in an integer overflow. This patch corrects that issue by
moving the term to payload_length which is at most 0xffff.

While a record length smaller than 19 should be considered as
unencrypted, this was not obvious from the integer overflow in
`payload_length <= record_length - 16 - 3`. Explicitly check for that
condition although it makes no difference in the end.

When the payload + padding does not fit in the record, assume malicious
intent (Heartbleed) and do not display a padding. Instead display an
export info item. Remove if(tree) due to the addition of expert info.
Tested with small-hb.pcap from the linked bugreport.

Bug: 9983
Change-Id: I26b164632ecd6bdb49e78bbcb9b163f635c94628
Reviewed-on: https://code.wireshark.org/review/1105
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
4 years agoQt: Add another missing #include <algorithm>
Michal Labedzki [Tue, 6 Oct 2015 17:35:12 +0000 (19:35 +0200)]
Qt: Add another missing #include <algorithm>

It seems that sme (for example: my...) configurations need it to
build Wireshark.

Change-Id: I3d4c8c84d705fd0b99b100b1e2173819f62936d9
Reviewed-on: https://code.wireshark.org/review/11024
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoRemove unused offset variables.
Martin Mathieson [Thu, 15 Oct 2015 09:00:55 +0000 (02:00 -0700)]
Remove unused offset variables.

Fixes CID 1327340.

Change-Id: I1914e21ca7c0e911534a850fe2a8210b28650bee
Reviewed-on: https://code.wireshark.org/review/11055
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
4 years agoBluetooth: ATT: Support two request at once
Michal Labedzki [Tue, 22 Sep 2015 08:11:10 +0000 (10:11 +0200)]
Bluetooth: ATT: Support two request at once

There is possible that request will be send from two devices
in the same time. Fix request-response tracking to support this case.

Change-Id: Iaacf910d952f8dff96073e7155ea4947f9b8cbc3
Reviewed-on: https://code.wireshark.org/review/11014
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
4 years agoQt: Add "Bluetooth" prefix for Bluetooth item in Wireless menu
Michal Labedzki [Mon, 7 Sep 2015 13:46:45 +0000 (15:46 +0200)]
Qt: Add "Bluetooth" prefix for Bluetooth item in Wireless menu

Now Bluetooth menu is named Wireless, so add Bluetooth prefix to distinguish them.

Change-Id: I7a3d1b73e0e5fd5e3cc9b1b13d0cb9a32868a8be
Reviewed-on: https://code.wireshark.org/review/10525
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoQt/Bluetooth: Disable go to packet for closed files
Michal Labedzki [Tue, 22 Sep 2015 08:30:42 +0000 (10:30 +0200)]
Qt/Bluetooth: Disable go to packet for closed files

Go to packet on close files is not valid (for currently open one).
Disable it.

Change-Id: Ib7b65c9ea7e94857692c8ac5ddd3971c52ac717f
Reviewed-on: https://code.wireshark.org/review/11023
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 years agoUbertooth: Add Jam and Ego command support
Michal Labedzki [Thu, 20 Aug 2015 17:11:56 +0000 (19:11 +0200)]
Ubertooth: Add Jam and Ego command support

Jam and Ego commands have been added at end of July 2015.
Ego seems to be sniffer for skateboard
wireless communication and control.

Change-Id: I676cdd3513d3124994ef35dce8d1d99e1c6f943a
Reviewed-on: https://code.wireshark.org/review/10521
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>