git.samba.org - metze/wireshark/wip.git/log

VXLAN: hang undissected data off the top-level tree.

... rather than hiding it below the VXLAN tree.

This makes the separation between the VXLAN header and the data clear.

Change-Id: Ifd5a3e4750b68455108f1e282e34a7b2e31f4efd
Reviewed-on: https://code.wireshark.org/review/28041
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

WSUG: Update the profiles dialog image.

Change-Id: I4f96cc09d4ec6618087af29bd5119d6307dd3ccf
Reviewed-on: https://code.wireshark.org/review/28043
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Debian: Add missing symbols.

Change-Id: Ie7cc03154c6afcb6ab18b87d73c35be9f79a5f41
Reviewed-on: https://code.wireshark.org/review/28044
Reviewed-by: Gerald Combs <gerald@wireshark.org>

UDS: Add Transfer Data Block Sequence Counter

The first byte of a Transfer Data request/response is the
block sequence counter. This change will show that counter.

Change-Id: I87c240bd12f1f897e298d2fcfae8f75058aa4392
Reviewed-on: https://code.wireshark.org/review/27956
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Debian: More GNUTLS updates.

Try to make our libgnutls28-dev / libgnutls-dev dependency work across
different OS versions.

Change-Id: I673619ae81b15df5bdbe386b4354e5c01f7bba29
Reviewed-on: https://code.wireshark.org/review/28042
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Spirent Test Center Signature decoding support including FibreChannel

Change-Id: I11d5e13b041a747045d90e93f1c8e8d572a6ef67
Reviewed-on: https://code.wireshark.org/review/28001
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Diameter: Type name should be IPAddress

Change-Id: I1e7fed0532823dfe1ad48d8421813df9c43b4d6e
Reviewed-on: https://code.wireshark.org/review/28038
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Diameter: Add some protocol values to AVP Protocol enum.

Change-Id: Ib2543377c5d41bf135cdd2e9a8574a6c71cdb32f
Reviewed-on: https://code.wireshark.org/review/28037
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SYNC: make sync.length_of_packet filter usable

Change-Id: I9f72e589d8bb7f6d0fc2270082d0b5cec1d23049
Reviewed-on: https://code.wireshark.org/review/28033
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

SYNC: fix decoding of PDU type 3 format

Bug: 14823
Change-Id: I143c57d9d81ff8510d60b8a0d9f2daea78c33e0b
Reviewed-on: https://code.wireshark.org/review/28032
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

We were telling the FibreChannel dissector to decode the last 8 bytes twice

Once as CRC + EOF and once as payload. Don't pass the bytes to payload
dissection any more.

Change-Id: I21eb95a4f42dbd40ccf5910934c00f58f5564454
Reviewed-on: https://code.wireshark.org/review/28023
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

Diameter: Update with some AVPs from RFC 5777

Change-Id: I70926eef39349c486ae44adc2ee16972424f1838
Reviewed-on: https://code.wireshark.org/review/28031
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gtp, gtpv2: improve request/reply matching algorithm

GTP tunnel endpoints (MMEs, GSNs...) will eventually reuse sequence number
values. When handling long capture files this may lead to wrong request/reply
pairs: a message may be considered as a reply to an old request
sharing the same reused seq number

Add an heuristic to the matching algorithm that involves timestamps:
request/reply pair matches only if their timestamps are closer than a
configurable threshold. If such value is 0 (default), timestamps are not
used and only seq number values are evaluated (i.e. fall-back to old behavior)

Note that a wrong match might lead to wrong (gtp-)association/session

While at it, extend messagge list explicitly used by the algorithm

Change-Id: I021e6e1ce1651a64d24b0664d6e27c9ba39c735c
Reviewed-on: https://code.wireshark.org/review/27500
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

travis: fix gem command line.

Change-Id: I84bc07edad1453b2e41311f21eb37454898a8fd5
Reviewed-on: https://code.wireshark.org/review/28018
Reviewed-by: Dario Lombardo <lomato@gmail.com>

Remove a now-unused field.

Change-Id: I5e85632bd901687b815cf76d7e25e082a9cb3657
Reviewed-on: https://code.wireshark.org/review/28028
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ZBEE-NWK-GP:add support for some ZGP commands

the new dissected commands are:
manufacturer specific attribute reporting
multicluster reporting
manufacturer specific multicluster reporting
read attribute and request attribute (have same format)
read attribute response
write attribute

Change-Id: I3125f6acbfb35a72771186f933b0db0798e409f2
Reviewed-on: https://code.wireshark.org/review/27892
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Correctly handle the PPI GPS timestamp fraction

The timestamp and timestamp fraction are processed in one step,
since this creates a proper timestamp interpretation. There are
two fixes to this code to deal with erroneous packets.
One is that when taking into account the timestamp fragment the
available data must be 8 bytes in total, not just 4.
The other is that when the mask indicates that there's only a
timestamp fraction, nothing was shown.

Change-Id: I4a0a65229f322ad56673a26ff6b3e769e994062d
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/28007
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Don't use FT_STRING fields for non-strings.

If you're reporting an error, use an expert info item.

If you're putting a structure into the protocol tree, use FT_NONE for
the structure as a whole.

Change-Id: Ie89b552576b15195acb0a9108d33430115d99f00
Reviewed-on: https://code.wireshark.org/review/28024
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Debian: Use libgnutls28-dev.

Switch Build-Depends from libgnutls-dev to libgnutls28-dev. I'm
upgrading the Ubuntu builder to 18.04 and this appears to be required in
order to fix the Debian package step.

Change-Id: Ib3ab2a1a5dcfbd9ad0c088b22fcac63d81a2a765
Reviewed-on: https://code.wireshark.org/review/28022
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Move a comment where it belongs

Minor whitespace fixes

Change-Id: I6431a04d90a5898d46bdc67a02afa6998a4ff38d
Reviewed-on: https://code.wireshark.org/review/28021
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

PDCP NR: add SDAP header presence indication and dissection

Change-Id: I8e868e7c969bcd8d57925cd51271801cdc6e2351
Reviewed-on: https://code.wireshark.org/review/28017
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>

SCTP: Adjust minTSN

Change-Id: If2ccbd983a2a31441d1e882da65971860f5bec94
Reviewed-on: https://code.wireshark.org/review/28013
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>

When using the NEW_PROTO_TREE_API, the proto_tree_add... functions are
"redefined" to handle the same way as before.

In dissectors using the new API, add all currently used proto_tree_add_xxx
functions to the list of functions that take care of NEW_PROTO_TREE_API changes.

Modify the dissectors that worked around the missing change.

Change-Id: Ib6d6ec2c225d96c98c2a8f507648d7ad4bfb6c68
Reviewed-on: https://code.wireshark.org/review/28002
Reviewed-by: Jörg Mayer <jmayer@loplof.de>

travis: don't install asciidoctor's documentation.

Change-Id: I8d70cb7e940dc527c13e60195f4fd049cdff2481
Reviewed-on: https://code.wireshark.org/review/27954
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

tools: add bsd-setup.sh.

Change-Id: I342f13b962e97fb1429472c315e1ca35b5a9ffc6
Reviewed-on: https://code.wireshark.org/review/27863
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

gtpv2: Fix timestamps in GTPv2 Secondary RAT Usage Data Report IE

Bug:14818
Change-Id: Icf6116a51c586626d6dc058e5ce5148e1f1340fd
Reviewed-on: https://code.wireshark.org/review/28012
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Allow user to override config dir for all OSes

Using an environment variable the user can override the config
directory. Keep the previous Windows-specific variable ("WIRESHARK_APPDATA")
alive for backward compatibility.

Change-Id: I2350b815e60e7dbb19f9c193d7aaaa68f94576b2
Reviewed-on: https://code.wireshark.org/review/27946
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

Added support for new proprietary fields (private extensions) for Ericsson.

Change-Id: Ie97289527dbcef7e5d18e5e152659ebb5de9bc19
Reviewed-on: https://code.wireshark.org/review/27940
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Use proper unsigned constant for bit shift

Shifting (signed) '1' 31 bits is undefined. Make it unsigned.

Change-Id: Iff300493907c53b47bb116a0282846955e0f2429
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/27981
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Send the "Command and args:" message to the right output file.

Send it to same output file that gets the output ofthetest command, so
that it shows upin the output.

(I spent entirely too much time trying to figure out why 14738 was
happening on the buildbot but not on my machine - it turns out that the
test where it was failing was the one where -V *wasn't* specified, so
the protocol tree *wasn't* being generated, so proto_tree_add_string()
*wasn't* doing some tests that should have thrown an exception. The
output didn't make it clear that the test that was failing was the one
where the arguments to tshark were -nr, not -nVxr.)

Change-Id: I54e4450029ac56b9ac3d6eff9baf8acc849a5e4c
Reviewed-on: https://code.wireshark.org/review/28003
Reviewed-by: Guy Harris <guy@alum.mit.edu>

MAC: Use PINFO_FD_VISITED macro

Change-Id: I08dfb457d4964a1051b87ecf458774e8a418088e
Reviewed-on: https://code.wireshark.org/review/27985
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

RLC: Use PINFO_FD_VISITED macro

Change-Id: I0db66647876cc57a4c88957ebc00dffde0a18177
Reviewed-on: https://code.wireshark.org/review/27984
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

RRC: Use PINFO_FD_VISITED macro

Change-Id: Ica32ffc5f150451dba42a531d1661df4325b5c02
Reviewed-on: https://code.wireshark.org/review/27983
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

NBAP: Use PINFO_FD_VISITED macro

Change-Id: I1436a8840f5b771583876b988f94e43363f7984a
Reviewed-on: https://code.wireshark.org/review/27982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

RSL: Fix bug in dissector for RELEASE REQUEST

The RSL RELEASE MODE IE is two bytes long, so we cannot call
proto_tree_add_subtree() with a length of 4.

Change-Id: I7ee3cfd7a7d64d14704b1f6b11ab7631ff9b0939
Reviewed-on: https://code.wireshark.org/review/27993
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Free dynamic header fields on exit

Put routine to free all dynamically registered header fields in the
UAT reset callback to avoid ASAN report for memory leaks on exit.

Handle duplicated entries without leaking memory.

Call proto_free_deregistered_fields() in proto_cleanup() and move
this after prefs_cleanup() to free the memory used in UATs.

Change-Id: I96545177b5b23b9c20ad8e7751a0d5621c9ca10f
Reviewed-on: https://code.wireshark.org/review/27907
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Fix handling of guintvars.

1) A value that fits in a 32-bit unsigned integer may take more than 4
octets - the uppermost bit of the octet is a "more octets follows" flag,
so 4 octets contain only 7*4 - 28 bits of value, so a fifth octet
preceding that with the upper 3 bits zero could result in a value that
fits in 32 bits, and further octets of 0x80 just add further leading
zeroes.

We should, instead, check for *overflow*, meaning that if we add more
bits at the bottom, the result is *less* than the previous value.

2) When the result overflows, we should clamp it a UINT_MAX, rather than
setting it to zero, and should keep accumulating octets, so that we
return the correct octet count. That prevents infinite loops where the
item's length, and the item itself, are considered zero-length.

This should fix bug 14738.

Bug: 14738
Change-Id: I1d1b60e22f169959c1573b1fcb7e010e027b5132
Reviewed-on: https://code.wireshark.org/review/27986
Reviewed-by: Guy Harris <guy@alum.mit.edu>

[Automatic update for 2018-06-03]

Update manuf, services enterprise numbers, translations, and other items.

Change-Id: Ie1c560eb53d3791443f1798b32ba819816896523
Reviewed-on: https://code.wireshark.org/review/27977
Reviewed-by: Gerald Combs <gerald@wireshark.org>

CIP: Remove extra tree level from path segments

There was an extra level of indentation in the tree structure that didn't
add any value.
This tree node just displayed the same text that it's parent tree did.

Just remove this to make things easier to navigate.

See feature_cip_all_segments.pcap from
Bug: 12049

Change-Id: Ia51f0f66b1ea0aefaa4d016335c0d5e8515a2c30
Reviewed-on: https://code.wireshark.org/review/27958
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sharkd_session.c: fix a size_t to int conversion warning emitted by MSVC2017 x64

Change-Id: I156e28359bd347e580966ea706884ab04e56d7f1
Reviewed-on: https://code.wireshark.org/review/27961
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Name update.

With the name change from Ethereal to Wireshark, asn2eth was renamed
asn2wrs.

Change-Id: I5bdfa2362ca7de81b0bda6ec9faa78cdb0ba10b4
Reviewed-on: https://code.wireshark.org/review/27968
Reviewed-by: Guy Harris <guy@alum.mit.edu>

FP: Use PINFO_FD_VISITED macro

Change-Id: I50b073083702f95101ca50909c76d7e81e9a50cc
Reviewed-on: https://code.wireshark.org/review/27953
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>

scte35: fix uninitialized variable.

../epan/dissectors/packet-scte35.c: In function ‘dissect_scte35_splice_insert’:
../epan/dissectors/packet-scte35.c:487:12: error: ‘tsf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
         if (tsf) {
            ^
../epan/dissectors/packet-scte35.c:451:27: note: ‘tsf’ was declared here
     guint8 component_tag, tsf;
                           ^
cc1: all warnings being treated as errors

Change-Id: I9445c76bd1d3447ce5d9ce3df5970840a1605175
Reviewed-on: https://code.wireshark.org/review/27957
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DCT2000: call lte rrc dissector for later releases

Change-Id: I3c21c5c0654856edd31191062018a988f9e50ed1
Reviewed-on: https://code.wireshark.org/review/27952
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>

Make make-{taps,dissectors}.c shared code shared.

Change-Id: I1cacd88ee26d9b21b67d38daf3d8ec8dcaf2e69e
Reviewed-on: https://code.wireshark.org/review/27948
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>

Qt: Rename MainWelcome

Currently exist two main pages within Wireshark. The first being
the main welcome page and the second the packet capture page. The
first is called "main_welcome.?" and the second is actually the
master_split_ object defined in main_window.h. The first being a
QFrame, the second not.

In preparation for future developments (dockable windows, multiple capture
files), this is being corrected, with the main welcome being renamed
as welcome_page as a first step

Change-Id: I40703e6ed15ff6f6b62b2a3cf31f5636ac6da9ec
Reviewed-on: https://code.wireshark.org/review/27949
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

SCCP: fix performance drop in reassembler code

Commit 46dc5f75, while fixing sccp reassembler in the generic case, introduced
a huge performance drop in some scenarios.
The bottleneck is the sccp_reassembly_id_map hash table and, more precisely,
the combination of the key layout and the hash function g_int64_hash()
The key is defined as:
guint64 key = ((guint64)frame << 32) | offset;
Since the hash function uses only the lowest 32 bits of the key, all fragments
at the same offset are saved in the same bucket

If the sccp fragments are always in different packets and at the same offset
(because, for example, there are only 1 chunk in every sctp packet) the hash
table degenerates in exactly one linked list.

Changing the key definition seems to restore the original performance

Since there are usually hardly more than ~10/20 sctp chunks in a packet,
this change shouldn't significantly affect performance when (all) fragments
are in the same frame

Change-Id: I2867a72819c2d91e1e0ae2cb97d63b5684d35bcc
Reviewed-on: https://code.wireshark.org/review/27944
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Qt: Move Layout and clear master_split use

master_split_ must be moved to a more prominent widget, as it is in actuality
the main widget of the application.

Change-Id: Id45b60f5f57c982c1890318eec9fa87ab61a9e19
Reviewed-on: https://code.wireshark.org/review/27942
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>

gsm_a_bssmap: Add LCLS specific PDU dissection

LCLS information element decoding had been added to the gsm_a_bssmap
dissector before. Hoewver, they were only parsed in the existing
PDU types such as ASSIGNMENT REQ / COMPLETE.

LCLS introduced the three new LCLS specific PDUs, which we must also
handle from the dissector. Let's do that.

Change-Id: I6a57b1eaf326fa12438639418f1255b733c10d36
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Reviewed-on: https://code.wireshark.org/review/27941
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

pfcp: decode Network Instance as string

Network Instance is a field which will be either
a Domain name or APN address

Change-Id: I2cd832fcc5c44a348d575835254b8f1cae91f10c
Reviewed-on: https://code.wireshark.org/review/27317
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CIP: Minor updates

1. Time Sync Port Physical Address Info: Finish parsing this
2. Connection Manager: Add more service names
3. Add more Device Type enumerations
4. Unconnected Send Unsuccessful Response: Add the reserved byte
5. Vendor ID -> Originator Vendor ID
6. Add some BASE_UNIT_STRING

Change-Id: I112c44330cc4051d2eea8d149e3cbbf8eaef1247
Reviewed-on: https://code.wireshark.org/review/27937
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Remove tabs around manuf names as shown for BASE_OUI

And handle comments in manuf file entries correctly.

There are entries in the manuf file where columns are
separated by two or more tab characters. These extra
tab characters are not being trimmed from the manuf name.

OUI: 00:40:96 ( Cisco Systems, Inc.)
->
OUI: 00:40:96 (Cisco Systems, Inc.)

Change-Id: Ie6545480848bb84c20bea6566a3ccf11c7ed9233
Reviewed-on: https://code.wireshark.org/review/27759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

CIP: Use a struct for connection triad

1. Connection Serial Number, Vendor ID, and Device Serial Number are always
used as a group. Group these as a struct to make them easier to manage.
2. Pull out common code into dissect_connection_triad()

No functional changes.

Change-Id: Ide126f8d0ea6ab8e2de5abf20e12643d5a35924d
Reviewed-on: https://code.wireshark.org/review/27926
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Don't assume an HTTP header doesn't contain a NUL.

wmem_ascii_strdown() stops when it sees a NUL, so there's no guarantee
that the resulting string is as long as the length passed in. This is
probably the cause of bug 14779 - the check that tests whether the
header name is valid scans the result of wmem_ascii_strdown(), assuming
it has the same length as the supplied header length, but if there's a
NUL in the header, it will be shorter than the supplied header length.

Check the raw line text in the check for a valid header name; fail if we
see a NUL (as that's not a valid character in an HTTP header).
is_token_char() handles both upper-case and lower-case letters, so we
don't need to wmem_ascii_strdown() the header first.

Once that succeeds, we can safely use wmem_ascii_strdown() to make a
null-terminated all-lower-case string for the header name.

Bug: 14779
Change-Id: Id3fa046dd0b1a8bd73fc9ff582e5e1fae535c2e9
Reviewed-on: https://code.wireshark.org/review/27936
Reviewed-by: Guy Harris <guy@alum.mit.edu>

CIP Security: Fix Preshared Key parsing

Minor bug fixes:
1. Preshared Keys: Minimum size can be 1, not 3. This shows malformed packets for valid data.
2. Preshared Keys: Display PSK based on PSK size, not ID size.
3. Correct name of some hf types.

Change-Id: Ib412cd109929a1f4a1e5b67b47cb4c9f0eab6512
Reviewed-on: https://code.wireshark.org/review/27929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sharkd: add support for io graph.

Change-Id: I8d23a2b55024e2ef8c644dcef9176c7e3050a703
Reviewed-on: https://code.wireshark.org/review/27376
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Docs: Add a live preview section to the docbook README.

Change-Id: I92462073a65f1673a9b5e036ec72ade90558eb1c
Reviewed-on: https://code.wireshark.org/review/27935
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Docs: Fix a couple of Asciidoctor warnings.

Change-Id: I2ad46c19f056edc65be9c6d2c5909c1f3c9d10d4
Reviewed-on: https://code.wireshark.org/review/27934
Reviewed-by: Gerald Combs <gerald@wireshark.org>

Don't check the CRC if the message isn't big enough to have a CRC.

We should really do a better length check. This also suggests that we
might be going past the length if it's too short - should we create a
new tvbuff, with tvb_subset_length(), and dissect based on that?

Bug: 14780
Change-Id: Iaaab529f34b0168ad74c7b4f3e1b4255504c1b57
Reviewed-on: https://code.wireshark.org/review/27930
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Move make-taps and make-dissectors to tools/

make-taps and make dissectors are build tools so that is the natural
location for them.

See also 99ec2b58eb68ab8530245dd13485612695ba064a and bug 14622.

Change-Id: I754848ea1c614bfa7121c44d89136ac3cba8a734
Reviewed-on: https://code.wireshark.org/review/27928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>

PCP: implement label support introduced in PCP 4.0.0

Includes support for a bug in the endian encoding in PCP v4.0.0 - v4.0.1
which was fixed in v4.0.2.

Bug: 14630
Change-Id: I6861bfa07e6d359d32412fa874a67a9c6fcba086
Reviewed-on: https://code.wireshark.org/review/27159
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Thread dissecting for Coap payload: fix to token index

Would previously search for subdissector by second part of URI.
Subdissectors in hash table are indexed by first part and search
would return NULL.

Change-Id: I0af1c4800dd69eae78d51d752c3ac299d248ddf4
Reviewed-on: https://code.wireshark.org/review/27908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mysql: fix packet length calculation

Instead of relying on heuristics (single TCP segment contains a whole
MySQL packet) use the compression state from the greeting. This fixes
bad dissection when a single TCP segment contains multiple MySQL packets
with three other bytes at the end.

Tested with the capture from the linked report as well as bug 10342.

Bug: 13754
Change-Id: I9d9573f4705265d78ec3d75a195df70718de77b3
Reviewed-on: https://code.wireshark.org/review/27916
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

CMake: clarify that perl is mandatory

Perl is required for generating version.h. It is therefore a mandatory
requirement for building on both Windows and Unix.

Bug: 14764
Change-Id: I0bc86f5c463148b8070166b677d2ec349c461488
Reviewed-on: https://code.wireshark.org/review/27915
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

DCT2000: call NR RRC dissector for protocol payloads.

N.B. as the primitive headers are (so far) identical to LTE,
re-use that code and remote 'lte' from primitive header fields.

Change-Id: I53ece508608fc9108f218ee2933e1b13cc9777bb
Reviewed-on: https://code.wireshark.org/review/27921
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Fix problem building on NetBSD 7.1.

The version of Berkeley YACC that comes with NetBSD 7.1 puts a
declaration of ascendlval into ascend.h, even when we're building a
reentrant parser. That causes a shadowing warning.

Suppress some diagnostics before we include ascend.h.

Change-Id: I190f0439c36b48c7dfb19a2fe6cef0eb1e96f198
Reviewed-on: https://code.wireshark.org/review/27917
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Test: Add UTF-8 filter tests.

Change-Id: Ic1e961802e716b5c446428efa068a6205faab954
Reviewed-on: https://code.wireshark.org/review/27912
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

ifaddrs.h may require sys/types.h to be included first.

That's the case on DragonFly BSD 5.2.1, at least.

Change-Id: I8bbd51462d74380004c611183f4b9229f4d20ff6
Reviewed-on: https://code.wireshark.org/review/27913
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Diameter: Remove make file.

Change-Id: Ia5171fb445fc1fd66ad6f5b304ef0dd0b223ad34
Reviewed-on: https://code.wireshark.org/review/27910
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt:Fix ProtoTree Copy

There was an issue, where siblings where not copied correctly.

Bug:14355
Change-Id: I31611a6731f3f4de6b204c7ee708e42f0b7b170c
Reviewed-on: https://code.wireshark.org/review/27802
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>

ZBEE-NWK-GP: Correct the number of leading 0s in display

Change-Id: Ib5004d5fb96c6ea6116a89a09d38478af6f5ce4f
Reviewed-on: https://code.wireshark.org/review/27893
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: use data() instead of constData() in pcap_compile().

In different versions of libpcap, pcap_compile() has a 3rd parameter
with or without const. Using a non-const variable, allow the auto
promotion to const possible, but not the vice-versa.

Fixes compilation on OpenBSD.

Change-Id: I72162a4ea419668b6222e84bf5525a6c48fddd52
Reviewed-on: https://code.wireshark.org/review/27896
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add valgrind support to randpkt-test.sh.

There's already valgrind support in fuzz-test.sh; This change simply clones the
relevant fragments of script into randpkt-test.sh, making very minor tweaks as
needed.  Valgrind support in randpkt-test.sh is enabled through the "-g"
command-line option, just like with fuzz-test.sh.

In my testing here, it seems MAX_LEAK could be reduced somewhat, but I don't
think that that belongs as part of this change; I've simply kept the MAX_LEAK
value from fuzz-test.sh.

While we're here, the last line of valgrind-wireshark.sh launches a subprocess,
and that shell then simply returns its exit code, so there is no need for the
shell to stick around.  So, let's use "exec" here to replace the shell with the
new process.

Testing Done: On Linux amd64, ran several iterations of randpkt-test.sh and
   fuzz-test.sh, both with and without the "-g" option.

Change-Id: I87cc63559dc2e66c42c905f46657ce40cabf0104
Reviewed-on: https://code.wireshark.org/review/27741
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleaks on opening a context menu

FrameInformation was never deallocated, leaking the whole pinfo scope.
Fix a dealloc-alloc-mismatch (packet_data_ was g_memdup'd). Attach the
DataPrinter menu actions to the action group instead of the singleton
DataPrinter instance, this enables freeing the actions when the submenu
is gone rather than clearing this at program exit.

Reported by ASAN.

Change-Id: If13af94a60b07b0e52973ccc5c437ef987bfb394
Fixes: v2.5.0rc0-1627-g8a6ea0e454 ("Qt: Further cleanup ByteView")
Reviewed-on: https://code.wireshark.org/review/27844
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleaks in protocol preferences menu

Reported by ASAN.

Change-Id: I0e7578d6583dc11312d95108331b6a743d7d5514
Reviewed-on: https://code.wireshark.org/review/27832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleak in PacketList::contextMenuEvent

Change-Id: I925d2e1529a70aaf403896a4d7df3f491265916d
Fixes: v1.99.7rc0-225-g26dacfc8c3 ("Qt: Add protocol preferences menus.")
Reviewed-on: https://code.wireshark.org/review/27831
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: fix memleak from cf_get_display_name

Free the memory as documented.

Change-Id: I8a8842160be676bb08f5b93e795b9ed8edef2ede
Reviewed-on: https://code.wireshark.org/review/27829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Add PROXY(v2) protocol

Bug: 14506
Change-Id: I399f3a94583985a5d036ac26438e0c5bc5a70c85
Reviewed-on: https://code.wireshark.org/review/10626
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

.mailmap: update of May (2018)

Change-Id: Id7ea1cde7d08f17a55f7426e1fced00445bd07e8
Reviewed-on: https://code.wireshark.org/review/27852
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>
Reviewed-by: Dirk Roemmen <dro@cslab.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

http: continue parsing in spite of illegal header name

While HTTP header names are restricted to a limited set, many
implementations basically read whole lines and then look for a colon.
Actual validation happens after that. Follow that approach to avoid
early termination of request/response headers and diagnose the issue.

This may break HTTP/0.9 response parsing, but nobody should be using
that now.

Bug: 10123
Change-Id: If435aa832effc83095f9b6b822a76cb46451e7de
Reviewed-on: https://code.wireshark.org/review/27605
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

mstp: fix buffer overflow in COBS decoding

Fix a crash (denial of service) resulting from a large buffer overrun
(read) when the "MS/TP Length" is smaller than 3. If that is the case,
then an integer overflow will result in a large unsigned number.

Fix a buffer overflow (write) when the "code" (length) octet is 0. This
is illegal and would result in an integer overflow. With a specially
crafted encoded CRC-32K value, this could result in writing 255 bytes
past the end of buffer (xoring the octets with 0x55).

Make the meaning of the "length" parameter more obvious (include two
bytes such that it reflects the input and output buffer size).

Corrected based on the description in Section 9.10 of
http://www.bacnet.org/Addenda/Add-135-2012an-PPR2-draft-rc4_chair_approved.pdf
(note that its reference code also has this overflow issue).

Bug: 14771
Change-Id: Iac27e1151f02add4e54abb0fcae6afc94460ae23
Fixes: v2.9.0rc0-734-g0e517232a8 ("Added support for extended length BACnet MS/TP data frames.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8580
Reviewed-on: https://code.wireshark.org/review/27897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dirk Roemmen <dro@cslab.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wiretap: camins: add support for timestamps

A CAM inspector file maintains a global time counter in units of
1us. Set the correct resolution for the packet timestamps.

Keep track of the time counter when the file is loaded and we walk
through the file from start to end. Process timestamp blocks in the
file. Each of those blocks updates a part of the overall time counter.

Change-Id: I138cd8fb287e591b078babc2403a599287df1397
Reviewed-on: https://code.wireshark.org/review/27904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Boost the maximum frame size.

Lemon gets this error on its Parse() function, at least on FreeBSD 11.1
with its version of Clang.

Change-Id: I4fc1674373af5c0016ee953b61066bf6b24b7ad6
Reviewed-on: https://code.wireshark.org/review/27905
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Use rel_time_to_secs_str() to format a time delta.

Change-Id: Iba90a9f38c61ea361f990ed1d5cb8859b93a32ba
Reviewed-on: https://code.wireshark.org/review/27902
Reviewed-by: Guy Harris <guy@alum.mit.edu>

RPC-over-RDMA: fix infinite loop

When there are two segments, but zero requests, "i=1" will be reset to
"i=0" and an infinite loop occurs.

Change-Id: I32cb387ce0724936bcb5d5832b1c90d2bc585998
Fixes: v2.5.2rc0-100-g8f0f691312 ("RPC-over-RDMA: add reassembly for reply, read and write chunks")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7138
Reviewed-on: https://code.wireshark.org/review/27891
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

Add the MATE documentation chapter to the User Guide

With MATE being an integral part of Wireshark for a long time now and its
documentation being part of the Wiki for a while it is time to move it
into the Wireshark Users Guide.

All credits go to Luis Ontanon for creating MATE and the Wiki pages,
the various contributors to those pages and especially Pavel Sindelka for
the creation of the graphics.

This change merely incorporates the contents of the Wiki pages into an
asciidoc file for processing into documentation output. It is in no way a
claim to knowledge of or deep insight in the workings of MATE on my part.

Change-Id: Id9c60fd3ba4a52aafb988370ea7d658907970ccd
Reviewed-on: https://code.wireshark.org/review/27894
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ua3g: added setup of rtp/rtcp converstations from record-rtp message

Change-Id: I167756da6cba0734cd0280528f9b5a303675d5b9
Reviewed-on: https://code.wireshark.org/review/27872
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

gtp: added "response in/to" for GPRS Data record

According to TS 29.060, ch6.

Change-Id: I7945b483f73265a7eb5432094054c5d4683fd6f8
Reviewed-on: https://code.wireshark.org/review/27875
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GTP: fix dissection of GGSN addresses in PDP Context ie

Change-Id: I468d253016118887ef90e57f179e3413cca14e40
Reviewed-on: https://code.wireshark.org/review/27889
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

GTPv2: improve visualization of PDN addresses

Change-Id: I45df36c70bfcd5826de9c15b006570e2c7a36154
Reviewed-on: https://code.wireshark.org/review/27888
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ESP: fix a memory leak in UAT management

When updating a SA, ensure to free the previous key before
allocating a new one.

Change-Id: I9e5486c8214d7ce2ea60dd52f9a10f9cfe2a1d20
Reviewed-on: https://code.wireshark.org/review/27870
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

tools: rename rpm_setup.sh to reflect other similar scripts.

Change-Id: Ie686d7c5b808d9b89ff47cd65830ae441de8f8a2
Reviewed-on: https://code.wireshark.org/review/27862
Reviewed-by: Anders Broman <a.broman58@gmail.com>

wsutil: fix compilation on freebsd.

Change-Id: Iadb3f3daa1095ac9cc971f79ba4d288e8d835a44
Reviewed-on: https://code.wireshark.org/review/27864
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Indicate *which* field would go past the MAX_TREE_ITEMS limit.

That could help find the problem if all we have is the error message, as
it'd at least indicate where the problem is occurring.

Change-Id: I01154ff62088a4b710c131cb153e8e4593ebc3b2
Reviewed-on: https://code.wireshark.org/review/27878
Reviewed-by: Guy Harris <guy@alum.mit.edu>

Fix test for early exit from MMSE dissector.

We don't need to dissect the body if 1) we're *not* building a protocol
tree (tree == NULL) *and* 2) the PDU doesn't have content that can be
handed off to subdissectors.

(Fix which vs. that issue in a comment while we're at it.)

Change-Id: I90890975c05e72cc9ebc776a21683905828f57b5
Reviewed-on: https://code.wireshark.org/review/27876
Reviewed-by: Guy Harris <guy@alum.mit.edu>

ua3g: updated decoding of set-skin-id message

Change-Id: Id7c06ac8d25b4a2523604178389a2369b4f85d4c
Reviewed-on: https://code.wireshark.org/review/27871
Reviewed-by: Anders Broman <a.broman58@gmail.com>

ua3g: fixed decoding of start-tone message

Change-Id: I6ec9742b26daaa63d11c1fa47ec70fb5e6276848
Reviewed-on: https://code.wireshark.org/review/27868
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

sctp-analysis: Use g_list_free_full() in a couple of places.

Change-Id: Ifd9517c562660ddee59feac1a7c234b9cdbbdf98
Reviewed-on: https://code.wireshark.org/review/27867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

Qt: select a better default Decode As table

USB has three possible tables, usb.device, usb.product and usb.protocol
(shown in that order in the Decode As dialog). For single packets with
no prior device descriptors, the last two tables have no valid selector
(integer zero). In such cases it seems more reasonable to use tables for
which a valid selector exists (for example, "usb.device").

Bug: 14717
Change-Id: I2319817fa11318a97519d8cfc912343b16224c12
Reviewed-on: https://code.wireshark.org/review/27820
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

SCTPAllAssocsDialog: fix memleak of "sctp_assocs"

"fillTable()" overwrites "sctp_assocs" with an external address.

Change-Id: I415d424f16a2306b1b79fde7b5f836458da14b16
Reviewed-on: https://code.wireshark.org/review/27833
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>