git.samba.org - metze/wireshark/wip.git/log

Enhance dissector Aruba ERM

Support type 0 (legacy), type 1 (peek), type 3 (pcap+radio) mode
via preference

type 2 (airmagnet) is no yet supported

Change-Id: I4f0d10e5d9b87bdcf5863d84e565201acaeee45b
Reviewed-on: https://code.wireshark.org/review/647
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix lrexlib.c clang static analyzer warning

This fixes a "Argument with 'nonnull' attribute passed null" warning
generated by the clang static analyzer. It's a false positive, but
easy to remedy.

Change-Id: Id737d1ac29765ed26a416c5cd13bedafee478fb6
Reviewed-on: https://code.wireshark.org/review/661
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix README.heuristic wording to Bill Meier's correction

Change-Id: Ifeb61abdcc7aa049529d584ff3fe50b6fd79fe21
Reviewed-on: https://code.wireshark.org/review/662
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Better document the offset of the MPDU in the packet data.

In the S1 FPGA code, copy the "MPDU starts at 4 or 6" comment.

Get rid of misleading comment in the S2/S3 FPGA code; we're using the
MPDU_OFF field from the private data structure, so we're not calculating
*anything* at that point. Put in comments indicating what's being done
at the point where those calculations are actually done.

Change-Id: Ifda709a6b2aa7edad964f639086012c72c0a71fe
Reviewed-on: https://code.wireshark.org/review/668
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add a #define for the record header length, and use it.

Add a comment describing (some of) the record, while we're at it, and
update another comment to reflect reality.

Change-Id: Ia7f1432402b843b96983375c0e0842c030de0cee
Reviewed-on: https://code.wireshark.org/review/667
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Some records have two statistics blocks; clarify that.

Change-Id: I139cd73f6fff84528e105f9246a4207aa48a68df
Reviewed-on: https://code.wireshark.org/review/666
Reviewed-by: Guy Harris <guy@alum.mit.edu>

More use of vwr->STATS_LEN to clarify what code is doing.

Change-Id: I9292f7b054f7b71727409deb062200a0301db5ee
Reviewed-on: https://code.wireshark.org/review/665
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Get rid of duplicate code.

Change-Id: I39515c13f667a62445e3498cf90742dc271e390c
Reviewed-on: https://code.wireshark.org/review/664
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use vwr->STATS_LEN instead of numbers, and eliminate redundant checks.

Instead of throwing in 48 and 64 as numbers, use vwr->STATS_LEN to
indicate what the lengths are. Yeah, it has to be fetched at run time,
but big deal.

That also shows that, as we've already rejected records whose size is
less than vwr->STATS_LEN, we don't have to check for that, so eliminate
those checks.

Change-Id: Id4822b3e5a02abfffb2da96a50999e36548a4279
Reviewed-on: https://code.wireshark.org/review/663
Reviewed-by: Guy Harris <guy@alum.mit.edu>

len and caplen are derived independently, so set WTAP_HAS_CAP_LEN.

Fix presumed typo while we're at it.

Change-Id: Ic8ae6e6669e5c5fc618ec2516af98ba2390487ce
Reviewed-on: https://code.wireshark.org/review/660
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Remove more now-unused stuff.

Change-Id: I8f65ed38e0b5f8923b7c273c2fca4c2b57c5af9c
Reviewed-on: https://code.wireshark.org/review/659
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Get rid of a no-longer used preference.

We no longer need a preference to determine the byte order of the T and
L in the TLVs, as libpcap and libwiretap both, when reading a file,
translate from the file's byte order to the reading host's byte order
and, in fact, currently don't use the variable in which the preference
is stored; eliminate the preference.

Change-Id: Id06a6284960c1ac77028af07f3937eb4a7b0acaa
Reviewed-on: https://code.wireshark.org/review/656
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix indent (use 4 spaces) and add Modelines

Change-Id: I50c66638d48a6579b50204769bd27210d9d6c228
Reviewed-on: https://code.wireshark.org/review/655
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix Dead Store (Dead assignement/Dead increment) warning found by Clang

Change-Id: I688509fff7d5b663f2ff54b42a80c52592613213
Reviewed-on: https://code.wireshark.org/review/654
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix -Wunused-const-variable found by Clang 3.5

Change-Id: Idf5ac9e067a647d3e1be82df352d956c87d6050c
Reviewed-on: https://code.wireshark.org/review/653
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Use try_val_to_str() in heuristics test (intead of a loop); ensure no exception during test.

Change-Id: Ib55ccca4a025fb1cbef52ffa01888fef6d72156a
Reviewed-on: https://code.wireshark.org/review/651
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Fix two bugs & do various other changes.

Bugs fixed:
- Catch exceptions during heuristics test so that the sequence of
  dissector heuristics tests is not terminated abnormally;
  (Prevents incorrect tshark "one-pass" dissection);
- Comment out registration of heuristic for TCP; TCP dissection
  requires different code than for UDP. ("XXX: ToDo" added)

Misc:
- Create/use two extended value_strings;
- "UL" is not needed as a modifier for several constants;
- Remove some unneeded initializers;
- Localize some variables;
- Remove unneeded '#include <stdlib.h>
- Do some whitespace changes.

Change-Id: Ida11cb6b26911c0032155fde7491dd2a6f136c34
Reviewed-on: https://code.wireshark.org/review/650
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Ensure there's no exception during the initial heuristics test.

Change-Id: I7d7e8bf2d1d63b34659f6de506eb4b2693780cce
Reviewed-on: https://code.wireshark.org/review/649
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Add modelines information and peekremote register for futur use...

Change-Id: I81f726cd20878770a37d9489f40d473960714425
Reviewed-on: https://code.wireshark.org/review/646
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Display framed_ipv6_prefix as an IPv6 address even when it's not the full
16 bits.

Change-Id: I6cef08e2da9467cb54b5d08526c77c87e7afe1fa
Reviewed-on: https://code.wireshark.org/review/645
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add Lua heuristic dissector support

This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.

Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Bug 9704: GSM_MAP SendRoutingInfoForSM incomplete

Added the field information for Phase 1 for the Send Routing Info
For Sm message per request of ticket 9704. Code per the suggestion of
Anders Broman. Adding Phase 1 code to GSMMAP.asn.

Did not have any data to verify that the change worked.

Change-Id: Ic387e2e12e8893abb0f453f5010909ffbfd1808c
Reviewed-on: https://code.wireshark.org/review/147
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

MBIM: fix 3GPP SMS PDU record dissection

Change-Id: I232a12eb7f7ee49464bb45c6f284ca3a3825909c
Reviewed-on: https://code.wireshark.org/review/644
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Fix dissection of RDMA WRITE ONLY IMM packets.

Change-Id: Icdc4aaa243191dc85e067a75a068c175fa09296b
Reviewed-on: https://code.wireshark.org/review/637
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Enhance ZigBee Routing Table
Make field filterable and use value_string for status

Based from capture available in bug 9855

Need to continue... lot of enhance is possible in ZigBee dissector...

Change-Id: I0ac84e05a7b8b54e9879abbb7495034318188394
Reviewed-on: https://code.wireshark.org/review/631
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

add a test for SSL/TLS decryption using the master secret

rename the existing SSL test to clarify that it uses the server's
private key for decryption

Change-Id: I13598fc4cf724b144a8f27bfa7a3316acfc78728
Reviewed-on: https://code.wireshark.org/review/640
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>

Use dissector_try_uint_new() and include diam_sub_dis_inf when calling all
AVP sub dissectors.

Change-Id: I6dcc362ea755794d3e18d8d27ed2128b46bd887b
Reviewed-on: https://code.wireshark.org/review/642
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add tfshark.rc.in to Makefile.am

Change-Id: I7d987534243a3e1575191f67d8b660c3c4c4731f
Reviewed-on: https://code.wireshark.org/review/641
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Rename and relabel some fields, as per emburey's comment.

Change-Id: I8e32672912bb202903182126613ce3394e0e1c35
Reviewed-on: https://code.wireshark.org/review/639
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix value_string checks in checkAPIs.pl.

Some strings contain semicolons, which meant g36db2df was terminating
our REs too early. Try terminating them with '}' followed by ';'.

Change-Id: I97f63351ef35c91e3123d9abd47576d47fea4b2b
Reviewed-on: https://code.wireshark.org/review/638
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Note that a dissector heuristic test *must not* cause an exception before returning FALSE.

Change-Id: I9f1ab000f7a2c554d1c20abf8ca4e4bab4b5ef27
Reviewed-on: https://code.wireshark.org/review/635
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Add a check for newlines in value_strings.

Update checkAPIs.pl to look for newlines in value_strings and
enum_val_t's. We now have to perform the check before we strip quoted
strings. Hopefully that won't cause a problem. Rename the check since
we do more than check for NULL termination.

Add modelines.

Fixes bug 9878.

Change-Id: I39dd910db60c7028ea4bdb58e8cfdb239c094748
Reviewed-on: https://code.wireshark.org/review/628
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ULP: add UDP transport

and fix indent (use 2 spaces)

Change-Id: I558616e3030a55a845cd4ba31ac32f08bdf8376d
Reviewed-on: https://code.wireshark.org/review/634
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Pre-Commit Hook check to check for newer version

Insert a short check to always check for newer versions
in the tool directory of the pre-commit script

So far, only a warning is being generated, allowing the
developer to decide for him/herself

Change-Id: I6fce60e3de1d051757d0ed38eae8fdc94cec7662
Reviewed-on: https://code.wireshark.org/review/633
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Assorted cleanups of field names and descriptions.

The PeekRemote headers are 802.11, so "Dot80211" is redundant.

"Wep" really means "Protected" as there's also WPA/WPA2.

"FlagsN" means "802.11n", not "802.11ac", and the "n" in "flagsn"
indicates that. Also, "Hz" stands for "Hertz", as in "Heinrich Hertz",
so the "H" is capitalized.

Change-Id: If46cc4859ae8d65a199c9ad1fd48d2f2128ccd3d
Reviewed-on: https://code.wireshark.org/review/630
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Add support for Aruba ERM Radio-Format

This adds support for a variant of the current Aruba ERM format,
a new format that provides rdio information. This addresses
enhancment bug 9880.

Change-Id: Ia38ff09d9f814193bdc544466dbd005123771262
Reviewed-on: https://code.wireshark.org/review/629
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Get rid of $Id$, add some comments.

Change-Id: I3f34484f18fba45b23b5acc924b56e5b62291114
Reviewed-on: https://code.wireshark.org/review/627
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Get rid of space-before-tab in indentation.

Change-Id: If747e7b2af34e27ca8558293140a74691a0113b4
Reviewed-on: https://code.wireshark.org/review/624
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Thou shalt not put newlines in the strings in value_string tables.

That just breaks too many things.

This catches the examples of that found in bug 9878. There might be
others that my grepping didn't find.

We should also have the checkAPIs.pl script check for this, so this
isn't a full fix for bug 9878.

Change-Id: I3bf6f1fc0fe8654d0f54a995e72f1966ae012f5e
Reviewed-on: https://code.wireshark.org/review/623
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Consistently put -lm at the end of library lists.

I'm not sure why it's associated with GLIB_LIBS in most entries - at
some point, was it the case that we didn't use libmath routines but GLib
did? - but there's no guarantee that other libraries don't use them, so
put them at the end of the lists. That also makes the lists a bit more
consistent.

(Yes, I know, the wireshark_ldadd list is followed by some other
libraries in the library lists that use it, so -lm isn't *really* at the
end everywhere.)

Change-Id: Ia2e0b295fdaae771fdee7d5eecdefaa83fae9992
Reviewed-on: https://code.wireshark.org/review/622
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix bug 9866: Qt 'Clearing filters does not seem to affect the packet list'

Clicking the "X" clear filter button now applies the clearing to the
displayed packet list. This commit also adds tooltips for the display
filter display filter box's butons.

Change-Id: I827020a7705a32a4a9204d22e94942853e25bba6
Reviewed-on: https://code.wireshark.org/review/601
Reviewed-by: Evan Huus <eapache@gmail.com>

Add dissection of flags, status, flagsN for Omnipeek/Peek Remote dissector.

Information about value of flags from Emburey

Change-Id: Iba79fba8e95cd2fc80f6fba5fa937d5485fbb381
Closed-bugs: 9586
Reviewed-on: https://code.wireshark.org/review/595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>

Fix bug 9021: 'RTP not decoded inside the conversation in v.1.10.1'

The behavior for SIP/SDP handling of RTP conversation tracking
changed in v1.10, with some unintended consequences. The bugs did not
show up at the time because wireshark makes 2 passes of the packet list,
and so the problems auto-corrected themselves in most cases. Unfortunately,
a change in r53641 modified how UDP behaves, making it always create
conversations for UDP packets, and that exposed the bugs inherent in the
SIP/SDP code changes.

This commit reverts the behavior of SIP/SDP to its pre-1.10 model, but
creates a new preference setting for "Delay SDP changes for tracking media",
which if enabled, will turn on the new (but buggy) model introduced in 1.10.
This preference is *disabled* by default, since for a majority of cases the
new behavior is worse than the previous behavior.

The preference, and this commit's fix, is not intended to last long. I intend
to re-write the SIP/SDP/RTP interaction model for release 1.11 - I think it's
too big a change for 1.10, however, which is why I submitted this commit.

Change-Id: Ic5601749d6c2344e952ced8206dd9296bfdc4b90
Reviewed-on: https://code.wireshark.org/review/543
Reviewed-by: Evan Huus <eapache@gmail.com>

MAC LTE: fix a typo in Buffer Size value_string

Change-Id: Ie38726fb51a74bbcdc630550e61fa0e934ffdd1e
Reviewed-on: https://code.wireshark.org/review/618
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Fix whitespace tabs to spaces, indent by 4, modelines

Change-Id: I8bb64a879d1aa779c9ac85db306cbd34d1188243
Reviewed-on: https://code.wireshark.org/review/617
Reviewed-by: Evan Huus <eapache@gmail.com>

Fix indent (Remove space and use tabs)

Change-Id: I9cc33a43e0f06dfad3f9fb53ad0df636f2ea7020
Reviewed-on: https://code.wireshark.org/review/615
Reviewed-by: Evan Huus <eapache@gmail.com>

Fix Bug 9873: 'Qt: right-clicking on toolbars only shows checkmarks'

Add the text descriptions for the two toolbars: "Main Toolbar" and
"Display Filter", so the right-click context menu shows what you're
removing/adding. And add a View->Toolbar sub-menu, with checkable
"Main Toolbar" and "Display Filter" entries, which enable you to
show/hide the toolbars via the menu.

If someone has/prefers better names for these things, I'm all ears.

Change-Id: I55b9fbaed2ef6dca3260fa9dfdddd7dad95d05c4
Reviewed-on: https://code.wireshark.org/review/608
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix a trivial typo

Change-Id: Ibb2609b865ebaca14572c480d06ecc6ae7ef73f5
Reviewed-on: https://code.wireshark.org/review/614
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Fix Bug 9872: 'SIP status line in 200 OK for de-registration is misleading'

The status line of the 200 OK during a deregistration is (1 bindings), but it
should be (0 bindings). Wireshark should check the "expires=0" in the contact
header not just count the number of the contact lines. But since it's not
truly valid to have expires=o contacts in responses, this commit adds expert
info warning of such.

Also, the REGISTER request itself already says "(remove all bindings)"
in the Info column currently if the Contact was a '*', but it didn't
say something similar if only de-registering one or more explicit
contacts. This has been fixed as well.

Lastly, this fixes three other bugs I found while reading the code and testing:
(1) comma-separated Contact headers will be displayed as a single one if
the first one(s) don't have header params but a subsequent one does; and
(2) the last Contact header param is displayed with the trailing '\r\n'
header separator; and (3) the SIP REGISTER response code displayed contact
binding info for responses other than 2xx, which isn't logical.

Since all of these are in the same area and not critical, I'm lumping these
all together.

A test capture file used for testing is attached to the bug.

As an aside, the SIP header parsing code needs to be refactored. Most SIP
headers follow a common ABNF pattern, and should be parsed using a common
function(s) so these issues don't crop up for specific headers.

Change-Id: I16c531fcb244dc121fc0e8046908e475b41489f9
Reviewed-on: https://code.wireshark.org/review/612
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Enhance VXLAN dissector

* Fix modelines (no CR after modelines)
* Add UDP Port (Attributed in draft 04 Port 4789)
* Update link to last draft (no specify change)

Change-Id: I4cd89719ae00eb64ce4c234c39b9e18cdc1b8b93
Reviewed-on: https://code.wireshark.org/review/613
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>

Add Export PDU Dialog (Wireshark Qt)

Rebase with last change and add Logcat export

Change-Id: Idc9b444b1bf14b95ff60e8466e94f7eecd875b47
Reviewed-on: https://code.wireshark.org/review/14
Reviewed-by: Anders Broman <a.broman58@gmail.com>

fix the SSL decryption using the master secret
this was broken in 21aa7168c7565445ee544ee78fb6c836a63cd4ed

to be on the safe side, we assue that return value >= 0 means success,
< 0 means failure

Change-Id: I1d03000e6b6d70fac6bef8766d28990d953c8e27
Reviewed-on: https://code.wireshark.org/review/609
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

GTK_STOCK_PRINT_ERROR was missing in GTK+ < 2.14, too

Change-Id: I1be141c58252b8bb0db2ffff2edbb80f92c69cd6
Reviewed-on: https://code.wireshark.org/review/606
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Tested-by: Balint Reczey <balint@balintreczey.hu>

Don't use some stock icons missing in old (< 2.16) versions in GTK+

Change-Id: I2716a8a25627de9c3945fbf5117edcb4859aa95f
Reviewed-on: https://code.wireshark.org/review/605
Reviewed-by: Anders Broman <a.broman58@gmail.com>

EPL: Support SyncReq and SyncResp Frames

  - For PollResponse-Chaining SyncReq and SyncResp frames were introduced.
    Those frame-types are not recognized by Wireshark yet.

  - Currently only the FeatureFlags 0-13 where interpreted by Wireshark.
    Flags 14-15 and all extended flags where missing.

    14 = SDO Read/Write All by Index
    15 = SDO Read/Write Multiple Parameter by Index
    16 = Multiple-ASend Support (TRUE = Device supports Multiple-ASend; FALSE = Device doesn’t support Multiple-ASend)
    17 = Ring Redundancy (TRUE = MN supports ring redundancy; FALSE = MN does not support ring redundancy)
    18 = PResChaining (TRUE = Device supports PResChaining; FALSE = Device does not support PResChaining)
    19 = Multiple PReq/PRes (TRUE = Device supports Multiple PReq/PRes; FALSE = Device does not support Multiple PReq/PRes)
    20 = Dynamic Node Allocation (TRUE = Device supports DNA; FALSE = Device does not support DNA)

Signed-off-by: Lukas Emersberger <lukas.emersberger@gmail.com>
Change-Id: I9ac19f8b71b1be1094f410141c0f806996b1cb25
Reviewed-on: https://code.wireshark.org/review/589
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Migrate GTK icon handling to GTK 3.10 API

GtkStockItem usage is deprecated with all the GTK_STOCK_.* stock ids.
We keep a stock id based approach but without relying on GTK's
GtkStockItem system.

We create our own internal stock ids for {icon, label} tuples and keep
the original GTK stock id #define-s and values to preserve backward
compatibility.

Change-Id: Ia0b35a5903f079e92c8026e3df21bbf0be2d06b0
Reviewed-on: https://code.wireshark.org/review/302
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Replace (int)sizeof(guint*) by value
guint8 => 1
guint16 => 2
guint32 => 4
guint64 => 8

Change-Id: I23ae863115522779d99cfadeb698ed43ca626667
Reviewed-on: https://code.wireshark.org/review/597
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add value string (type and data rate) from omnipeek

Change-Id: I1ed387f1cb8d207c32c5202b578bd452cef4401c
Reviewed-on: https://code.wireshark.org/review/594
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix incorrect file in epan/Makefile.am when build with ENABLE_STATIC

Change-Id: I7f76e3e3d2d6f3edd2a658fccd5953393ef74ed7
Closed-bug: 9871
Reviewed-on: https://code.wireshark.org/review/596
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix Bug 9870 'Lua: trying to call/get an invalid name results in a get-loop error'

Due to the change I made previously for how methods are accessed, if you try
to access one that doesn't exist (for example mistype it or whatever), you get
an internal Lua error about a loop in table get, as opposed to the right error
message about the field not existing.

That's because I had set the class' metatable __index metamethod to point to
the class table, which of course has the metatable with the __index
metamethod, causing a lookup loop. Blech.

Change-Id: I20d3717feadd45f652c2640e1671846184e7082d
Reviewed-on: https://code.wireshark.org/review/593
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet-scsi.c minor changes - add WWN dissection and fix a typo
Change-Id: I0ef84e088988f1a40863ab54b722faace8bacc31
Reviewed-on: https://code.wireshark.org/review/592
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Try to fix -Wparentheses-equality errors.

Clang in XCode 5.0 currently fails with

error: equality comparison with extraneous parentheses
[-Werror,-Wparentheses-equality]

Change-Id: I7ca2e81959e777f923bdff1273aca6c56b100f6c
Reviewed-on: https://code.wireshark.org/review/600
Reviewed-by: Gerald Combs <gerald@wireshark.org>

dissect the CertificateVerify handshake message

Change-Id: I0f6887c86afeb5b4ae8b9910688863c7dc866a99
Reviewed-on: https://code.wireshark.org/review/599
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>

SSL/TLS payload decryption:
don't make private key and keylog file mutually exclusive

if we find a private key that does not match or is not usable for
getting the pre-master secret (e.g. because we're using an ephemeral
cipher suite), don't give up and exit with an error

continue reading the keylog file and search for our master secret there

Change-Id: I59fb460339e3e606a077b3a902fa1f9777b5e118
Reviewed-on: https://code.wireshark.org/review/590
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Replace "see copyright notice in" message with full license

Should make the licensecheck buildbot happy.

Also add "Public domain MIT/X11 (BSD like)" to the list of permitted licenses,
since it is a combination of two permitted licenses.

Change-Id: Ibc4ead09af89e9225c4e0589a2b7d06dcee6a44e
Reviewed-on: https://code.wireshark.org/review/581
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Evan Huus <eapache@gmail.com>

Remove 1 duplicate #include and several unneeded #include's.

Change-Id: Iab434edd114082586cc13f05b38e6a9d256a74c5
Reviewed-on: https://code.wireshark.org/review/588
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Fix a typo in a comment; use consistent indentation matching that specified by the editor modelines.

Change-Id: I6d4ad3675ec9099913c8a32ad1f2758316158f68
Reviewed-on: https://code.wireshark.org/review/587
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Use tvb_length() instead of tvb_reported_length_remaining() for a heuristics length check.

Change-Id: I197fe3d401ffb2d5894c823690a11f4a68fb7268
Reviewed-on: https://code.wireshark.org/review/585
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

Do various minor changes

- Remove _U_from a function param;
document usage of the param;
add a DISSECTOR_ASSERT for the param;
- Remove a few unneeded variable initalizers;
- Use -1 iso tvb_length() in proto_tree_add_protocol_format(..);
- Add editor modelines.

Change-Id: I7d7a8ea1176a26ea319d9fc0dab5d3a51050edd5
Reviewed-on: https://code.wireshark.org/review/584
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

PDCP LTE: various fixes related to security handling

- fixes the wrap multiplier (for COUNT) for 12-bit sequence numbers
- fixes dissection of non-ciphered IP payloads
- adds a way for private protocols to set keys. The ueid->key lookup is now broken out into a separate function, and these settings are used in preference to the UAT ones

Change-Id: I723307df3ee20425897b82beb9b431a0860075cf
Reviewed-on: https://code.wireshark.org/review/583
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Add two more casts to satisfy OSX10.6 buildbot

Change-Id: Ia9d289d241d6117fdeb89db122b1813eed537631
Reviewed-on: https://code.wireshark.org/review/582
Reviewed-by: Evan Huus <eapache@gmail.com>

Fix Windows x64 build failure

Change-Id: I7b71ead00b09e583e51fe45cf6b0bdfe75c3da98
Reviewed-on: https://code.wireshark.org/review/580
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

MBIM: add sanity checks to bulk packets

Change-Id: I425f4ecd03f5ae0ec27b77b1437366d66107342f
Reviewed-on: https://code.wireshark.org/review/579
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

remove $Id$
add newline at the end of the file

Change-Id: I9a10751977260bd24497734f3788b5e794a3dd8d
Reviewed-on: https://code.wireshark.org/review/578
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

add explicit casts to fix compilation on Linux

Change-Id: I3b87e156ab35e14e3c6e3800ee2058b1a6be57d6
Reviewed-on: https://code.wireshark.org/review/577
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Add PDC dissector

Change-Id: I6eee13cda755b1f1d1a61288a6314fcebb681efb
Reviewed-on: https://code.wireshark.org/review/180
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add GLib's regex library into Lua

While Lua's built-in pattern support is ok for simple things, many people end
up wanting a real regex engine. Since Wireshark already includes the GLib
Regex library (a wrapper for PCRE), it makes sense to expose that library to
Lua scripts. This has been done using Lrexlib, one of the most popular regex
bindings for Lua. Lrexlib didn't support binding GLib's Regex in particular -
it does for PCRE but GLib is a different API - so I've done that. A fairly
thorough testsuite came along with that, which has been incorporated into the
wireshark wslua testuites as well in this commit.

Change-Id: I05811d1edf7af8d7c9f4f081de6850f31c0717c7
Reviewed-on: https://code.wireshark.org/review/332
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Try to improve the "Kerberos requested but not OpenSSL" message.

At least one person didn't realize that it meant that you have to
specify --with-ssl when configuring, so try saying that a bit more
explicitly.

Change-Id: If15a9cfaeaf7d4aca2c570602fc09ff3ae489d35
Reviewed-on: https://code.wireshark.org/review/575
Reviewed-by: Guy Harris <guy@alum.mit.edu>

add the CLIENT_RANDOM format to the tooltip

Change-Id: I8fe6ceb148ec8145a1e71002d42bbdace58edbb6
Reviewed-on: https://code.wireshark.org/review/574
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Remove a warning, add a comment guessing the intent

Discovered investigating bug #9833, not the cause of that bug.

Change-Id: I53ee5c792eba8429d2c203c03e2f359a433ca262
Reviewed-on: https://code.wireshark.org/review/562
Reviewed-by: Evan Huus <eapache@gmail.com>

[Automatic manuf, services and enterprise-numbers update for 2014-03-09]

Change-Id: Iadbd9fb43228b9723195bfc6e7326d64e9a92412
Reviewed-on: https://code.wireshark.org/review/569
Reviewed-by: Evan Huus <eapache@gmail.com>

add the CC protocol name to the info column

Change-Id: Ic57c2a36c88a7528c4e37681bc5db4309174019d
Reviewed-on: https://code.wireshark.org/review/463
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>

Update documentation about p_[add|get]_proto_data (new argument: scope)

Change-Id: Ic27b0e601967c90567fac58447d28b10c02a3888
Reviewed-on: https://code.wireshark.org/review/564
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

IE chosen channel on Lb interface decoded incorrectly

IE "chosen channel" in message "perform location request" on Lb interface (BSC <-> SMLC) is decoded incorrectly. IE "chosen channel" on Lb interface is decoded as 2 octets data.
It should be 3 octet IE on Lb interface (IEI, length and data).

Change-Id: Ic815a7b4ac08a035c5b292985c64d14e986fe8d7
Closed-bug: 9531
Reviewed-on: https://code.wireshark.org/review/565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix Bug 9853: 'Lua: trying to get/access a Preference before its registered causes a segfault'

Accessing a pref before it's registered causes a segfault, because prefs_p->next
is not being checked for NULL in wslua_proto.c:Prefs__index().

Change-Id: I270978ddb9238a9e8d2c533a96fc01ee0df385c7
Reviewed-on: https://code.wireshark.org/review/563
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Add pkg-config file

Change-Id: Ia55a2e560aef8d2f9a3cede18af4555507656047
Reviewed-on: https://code.wireshark.org/review/500
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>

Ensure that the input to strtoul ends with a null.

Otherwise it runs past the end of the array into stack memory. Should fix the
intermittent DVB-CI decryption test suite failures.

Change-Id: Ice17497e661c8579baf3a546efcb5529beda6b49
Reviewed-on: https://code.wireshark.org/review/559
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

Tight array index guard in packet-umts_fp.c

Fixes bug #9828.

Change-Id: I69b02a0d51921bae77850b599144f35a4fe9ee33
Reviewed-on: https://code.wireshark.org/review/560
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ssl: add more ciphers for decryption

This patch adds some more ciphers to the list of ciphers that can be
decrypted by wireshark. Most of them are PSK based ciphers. To do the a
actually decryption in most cases the TLS pre master secret or the
master secret is needed.

In the changed lines just a comment with the name of the cipher was
added.

This was generated with the help of Peter Wu's generate-wireshark-cs
script from https://git.lekensteyn.nl/peter/wireshark-notes.git .

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change-Id: I347dc5a530380a04cc00418640f00bbda0db8de8
Reviewed-on: https://code.wireshark.org/review/558
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add BTLE RF dissector to release notes

Change-Id: Idccb6b0e6bf8ae603377dce43c9d266d4c101374
Reviewed-on: https://code.wireshark.org/review/557
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Omitting SubscriberData makes CONTENT OF fail and InsertSubscriberDataArg will not get all its tags

Change-Id: I2ace2271d9ce5650e5239c12e64080463aae9367
Reviewed-on: https://code.wireshark.org/review/556
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

Do not try to use unknown/non-existent webbrowser

Some systems do not have webbrowser or have strange browser.
Do not try to use it and dislayed URL for user information.

Change-Id: I3f5bcca6701b20cafa942629cbee78aa1fc689b1
Reviewed-on: https://code.wireshark.org/review/516
Reviewed-by: Evan Huus <eapache@gmail.com>

Remove trailing (tab)whitespace...

Change-Id: I26325e40d6100dcd4f3e72080476a82e93edf28d
Reviewed-on: https://code.wireshark.org/review/550
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix indent (use tabs) and modelines info

(Need to continue on other packet-dcerpc-* file...)

Change-Id: I536d52017940cac9c810693045649a67e77a336a
Reviewed-on: https://code.wireshark.org/review/549
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix bytes view pane showing non-ASCII chars

The bytes view pane in Qt is showing non-ASCII characters in the right-hand
side. That's because the code is using isprint(), which is locale specific
and frequently includes non-ascii charscters such as the copyright symbol and
such. I wouldn't care, except some of those non-ASCII characters affects
the font height and makes it looks sloppy (the display output is set to a
fixed *width* font, but not fixed height font apparently).

Change-Id: Idd471c5fb769d3d67aa08bc507d168e686d48098
Reviewed-on: https://code.wireshark.org/review/548
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Make buildbot happy : packet-btle.c:275:16: error: declaration of 'index' shadows a global declaration [-Werror=shadow]

Change-Id: I94e1da9f12c257fa4e2c597f29a200d35e2d5d0d
Reviewed-on: https://code.wireshark.org/review/546
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

Fix DNP3 Dissector DNP3 Read Requests and Direct Op No ACKs

This corrects a couple issues with the DNP3 Dissector:
- Refactored Read Object String lookups to use value_string
- Corrected issue with multiple object types in a single read not being processed
- Added processing for Direct Operate No ACK Messages

Fixes issues noted in Bug 9839

Change-Id: I9895e509a8d3931c805ce53b718a4951f8f8039e
Reviewed-on: https://code.wireshark.org/review/538
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet-smb2: setup decryption keys for kerberos session setups

Change-Id: I1a641da6f85e047984631c4dec158718fd7d011d
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/365
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

packet-smb-direct.c: add support for reassembling of fragments

Change-Id: I6b66867774f369fa49c9ee45a6792a6ad4d4c6e2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/59
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Introduces two new Bluetooth DLTs for RF-based captures.

Adds support for BLUETOOTH_LE_LL_WITH_PHDR, dissector integrates with existing
BTLE dissector.

Fixes BTLE dissector to correctly extract packet CRC.

Adds CRC checking to BTLE dissector.

Provides optional context to BTLE dissector that allows RF captures to provide
link-layer hints for dissection details. Significantly, parameters for
determining CRC correctness are provided, as well as Access Address validity
information.

Change-Id: I7d4936b053353a7f9c524021c01f67f5828253fb
Reviewed-on: https://code.wireshark.org/review/310
Reviewed-by: Anders Broman <a.broman58@gmail.com>