metze/wireshark/wip.git
3 years ago[GTPv2] Fix dissection of MM Context fpr EPS
AndersBroman [Thu, 15 Dec 2016 13:49:31 +0000 (14:49 +0100)]
[GTPv2] Fix dissection of MM Context fpr EPS

Change-Id: I1ee7f4caa23834ac8bcbd56731c116a785b67d6b
Reviewed-on: https://code.wireshark.org/review/19283
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agopacket.c: add initializer.
Dario Lombardo [Tue, 13 Dec 2016 11:40:47 +0000 (12:40 +0100)]
packet.c: add initializer.

As per glib manual, GSLists need to be NULL initialized.

Change-Id: If78904b900f6ddd7a0afaf3a1c480ec7626f2027
Reviewed-on: https://code.wireshark.org/review/19281
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoMake some items that don't need to be size_t guint.
Guy Harris [Thu, 15 Dec 2016 08:29:38 +0000 (00:29 -0800)]
Make some items that don't need to be size_t guint.

Those sizes are limited by the packet sizes we support, and we only
support a maximum packet size of 2^32.

This squelches some compiler warnings.

Remove some casts that this renders unnecessary.

Change-Id: Id9a7bcf8c2ce30bbed7be6c0e28deb9cf38002e0
Reviewed-on: https://code.wireshark.org/review/19279
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoImproved parsing of sniffed homeplug-av data
Nora Sandler [Fri, 9 Dec 2016 00:54:37 +0000 (16:54 -0800)]
Improved  parsing of sniffed homeplug-av data

This patch modifies the homeplug-av dissector to better decode sniffer data according to the IEEE 1901-2010 standard.
The dissector now decodes MPDU variant fields correctly based on delimiter type, and decodes beacon MPDU payloads.
There are some variable-length fields it doesn't handle yet.
This patch should have no effect on how non-sniffer-data packets are decoded.
These changes are based on Andrew Margolis' pull request to faifa at https://github.com/ffainelli/faifa/pull/11

Change-Id: Ia60ac7affa99a68b38f04ab66373ac715c761328
Reviewed-on: https://code.wireshark.org/review/19156
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years ago802.11(ad): fix wrong dissection of Grant Frame
Alexis La Goutte [Tue, 13 Dec 2016 20:02:21 +0000 (21:02 +0100)]
802.11(ad): fix wrong dissection of Grant Frame

See 8.4a.2 from 802.11ad-2012(.pdf)

Issue reported by Hany ASSASA

Ping-Bug: 13244
Change-Id: I6e22de3009b722e61b30ce2dd93596c4f51bb2fe
Reviewed-on: https://code.wireshark.org/review/19243
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agopkixtsp: add support for dissecting CMS signature time-stamps
Роман Донченко [Wed, 14 Dec 2016 20:55:31 +0000 (23:55 +0300)]
pkixtsp: add support for dissecting CMS signature time-stamps

As per RFC 3161 Appendix A. The ASN.1 elements it defines are not
officially part of any module, so just stick them into PKIXTSP.

Change-Id: I728505cb305b924465b62eb442288edea7f916a7
Reviewed-on: https://code.wireshark.org/review/19272
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agopacket-tns.c: Oracle 12c packet length fix.
chinarulezzz [Wed, 14 Dec 2016 16:43:07 +0000 (18:43 +0200)]
packet-tns.c: Oracle 12c packet length fix.

In some messages (observed in Oracle 12c) packet length has 4 bytes
instead of 2.

Tested with oracle12-example.pcapng from SampleCaptures wiki.

Also small datatype fix.

Change-Id: I35490ade8cf0dee6392f4fa1b51d8dc7cff85400
Reviewed-on: https://code.wireshark.org/review/19264
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoVoIP Calls/Flow Sequence: Fix of showing nodes from previous call
Jiri Novak [Wed, 14 Dec 2016 18:37:04 +0000 (19:37 +0100)]
VoIP Calls/Flow Sequence: Fix of showing nodes from previous call

When VoIP Calls/Flow Sequence generates list of nodes to show (nodes above flow), it do not clear the list from last call. As consequence of it, when second call is between hosts than first call, you see nodes which are not involved in call.

Change-Id: I80f9acb09e6aa71b3a32bb6eacaeb5b4bb13b332
Reviewed-on: https://code.wireshark.org/review/19267
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSave RTP audio to file: RTP Stream Analysis dialog allows save audio for non G.711...
Jiri Novak [Tue, 13 Dec 2016 12:28:30 +0000 (13:28 +0100)]
Save RTP audio to file: RTP Stream Analysis dialog allows save audio for non G.711 codecs and mixed codecs

- spaghetti code for save was split into separate functions
- code saves G.711 only, all other codecs are saved as silence with correct duration
  - code is ready to include other codecs
  - code supports 8000 Hz sampling rate only, other rates are rejected with warning
  - bidirectional stream (forward and reverse) creates stereo .au file
- output is based on timestamps in RTP streams
  - save operation is slower than before because it is set of seek() - one per each codec sample
- code allows align of save audio:
  - as it is - each stream is saved from its beginning, no aling
  - to start of each other - later stream is prepended with silence
  - align saved audio to beginning of capture file - each stream is prepended with silence
- save to raw works correctly now - only payload is saved
  - old code was inserting G.711 silence time to time to raw data

Bug: 13242
Change-Id: I74d02a1cc1c75acf9ffe930d078c00a0555cbfb6
Reviewed-on: https://code.wireshark.org/review/19245
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoJust use strncmp() to check the prefix of the file's first line.
Guy Harris [Wed, 14 Dec 2016 23:02:33 +0000 (15:02 -0800)]
Just use strncmp() to check the prefix of the file's first line.

Bug: 13246
Change-Id: I9df35596aa8dcb937f6a03cf60b5d0fbe9dce1ec
Reviewed-on: https://code.wireshark.org/review/19276
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoDon't assume we've read a line long enough to contain a magic number.
Guy Harris [Wed, 14 Dec 2016 22:42:54 +0000 (14:42 -0800)]
Don't assume we've read a line long enough to contain a magic number.

Check the length of the line first.

Bug: 13246
Change-Id: I906bb652594898061afb4b2cd4edb916af354161
Reviewed-on: https://code.wireshark.org/review/19273
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agonordic_ble: Add legacy version support
Stig Bjørlykke [Wed, 14 Dec 2016 19:27:54 +0000 (20:27 +0100)]
nordic_ble: Add legacy version support

Added back legacy version (<= 0.9.7) support after restructuring
for dissector completeness.

Change-Id: I5355bf8faa1b9fd8ee9056254048fe5c314b6efb
Reviewed-on: https://code.wireshark.org/review/19271
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoBluetooth profile: configure columns and layout for Bluetooth
Michal Labedzki [Sun, 3 Nov 2013 17:57:17 +0000 (18:57 +0100)]
Bluetooth profile: configure columns and layout for Bluetooth

Change-Id: Iab8e33b5a7b62eea9c1365e0e5fec84f0ccd23fe
Reviewed-on: https://code.wireshark.org/review/17080
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agocms: remove trivial differences between the ASN.1 code and RFC 5652
Роман Донченко [Wed, 14 Dec 2016 18:35:00 +0000 (21:35 +0300)]
cms: remove trivial differences between the ASN.1 code and RFC 5652

This clears up the diff between the local copy of the CMS module and
upstream, making it easier to determine what modifications were made.

Change-Id: I466cb97e6505ea8075d01663e1ede95b85468898
Reviewed-on: https://code.wireshark.org/review/19269
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoextcap: add info to extcap manpage (taken from README.extcap).
Dario Lombardo [Fri, 9 Dec 2016 10:44:11 +0000 (11:44 +0100)]
extcap: add info to extcap manpage (taken from README.extcap).

Ping-Bug: 13218
Change-Id: Ib43dc2ce8ae7991468b866aec3f03f6a5709f8b2
Reviewed-on: https://code.wireshark.org/review/19177
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
3 years agoextcap: Avoid double free of help.
Stig Bjørlykke [Wed, 14 Dec 2016 12:43:27 +0000 (13:43 +0100)]
extcap: Avoid double free of help.

Avoid double free of help when having multiple extcap interfaces.

Ping-Bug: 13218
Change-Id: I6a0d6afd645787f9814c02e84079b4e8763d05f1
Reviewed-on: https://code.wireshark.org/review/19261
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
3 years agonordic_ble: Improved dissector code
Stig Bjørlykke [Wed, 14 Dec 2016 09:17:42 +0000 (10:17 +0100)]
nordic_ble: Improved dissector code

- Added header fields in a new subtree.
- Restructured to use fewer functions and to use offset
  counting instead of offset defines.
- Removed support for legacy version 0.9.7.
- Removed unused code.

Change-Id: I9eb6c8b3b450ddb95fb0f4bdd9f9717dafa687b0
Reviewed-on: https://code.wireshark.org/review/19260
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSkip loading the Nordic BLE Sniffer dll on WIN32
Stig Bjørlykke [Tue, 13 Dec 2016 18:28:29 +0000 (19:28 +0100)]
Skip loading the Nordic BLE Sniffer dll on WIN32

The dissector for the Nordic BLE Sniffer was added as internal in
g7844a118, so ensure we don’t load this third party dll on WIN32.

Change-Id: I74c200d42793f3c1e764bc9f6c3a9a795d38a5a7
Reviewed-on: https://code.wireshark.org/review/19259
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoextcap: set help for interfaces.
Dario Lombardo [Thu, 8 Dec 2016 16:56:22 +0000 (17:56 +0100)]
extcap: set help for interfaces.

The help statement is in the first sentence, while interfaces are
in others. We need to keep state of it.

Ping-Bug: 13218
Change-Id: Iad1d403d5e8bc34e2489daaa3b14d469d5ee5b5b
Reviewed-on: https://code.wireshark.org/review/19148
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
3 years agoREADME.extcap: impagination improvement.
Dario Lombardo [Mon, 5 Dec 2016 11:33:02 +0000 (12:33 +0100)]
README.extcap: impagination improvement.

Change-Id: I1cc0dc6496bea8e42c199dff116530ccec6fb591
Reviewed-on: https://code.wireshark.org/review/19089
Reviewed-by: Roland Knall <rknall@gmail.com>
3 years agoRTP Stream Analysis: save Audio allows any filename extension
Jiri Novak [Mon, 12 Dec 2016 20:13:34 +0000 (21:13 +0100)]
RTP Stream Analysis: save Audio allows any filename extension

Format of file selected by user is derived from save dialog format selection, not from filename as before.

Bug: 13240
Change-Id: Id6e159d97e4f26c25b3d2d98d43041d8617cc737
Reviewed-on: https://code.wireshark.org/review/19240
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoRTP Stream Analysis dialog: dialog shows when forward/reverse stream starts
Jiri Novak [Mon, 12 Dec 2016 19:57:40 +0000 (20:57 +0100)]
RTP Stream Analysis dialog: dialog shows when forward/reverse stream starts

Dialog shows time (relative to capture start) and packet number when forward and reverse stream starts. It shows difference in such values on bottom of dialog too.

Bug: 13239
Change-Id: If807b8a56723df17ed131b1aac053cf8f985bb7b
Reviewed-on: https://code.wireshark.org/review/19239
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoRemove add_item_text
Michael Mann [Wed, 14 Dec 2016 02:06:49 +0000 (21:06 -0500)]
Remove add_item_text

It's a manual attempt at what proto_tree_add_bitmask can do anyway.

Change-Id: If551e8afa346a33b8e15dc441aae75ba0752ab46
Reviewed-on: https://code.wireshark.org/review/19257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-lsc.c: Use proto_tree_add_item instead of manually fetching field values.
Michael Mann [Wed, 14 Dec 2016 00:40:45 +0000 (19:40 -0500)]
packet-lsc.c: Use proto_tree_add_item instead of manually fetching field values.

Change-Id: I60740615de02bc5047eaca618973064513ac7b56
Reviewed-on: https://code.wireshark.org/review/19256
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-kerberos4.c: Use encodings instead of boolean little vs big endian.
Michael Mann [Wed, 14 Dec 2016 00:28:32 +0000 (19:28 -0500)]
packet-kerberos4.c: Use encodings instead of boolean little vs big endian.

Also use proto_tree_add_item_ret_length for string handling.

Change-Id: Id1eae2e51460a3b7f4c3385b9b1fd7f12398a227
Reviewed-on: https://code.wireshark.org/review/19255
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-nbt.c: General cleanup
Michael Mann [Wed, 14 Dec 2016 00:08:40 +0000 (19:08 -0500)]
packet-nbt.c: General cleanup

1. Remove functionality that was replaced by a proto_tree_add_bitmask
2. Remove use of nbdgm_header structure which is just a useless placeholder
3. Remove some if (tree) over single fields.

Change-Id: I0879043685686eb5b861cf77ec38bbf25ed6044e
Reviewed-on: https://code.wireshark.org/review/19254
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agofile-jpeg.c - Pacify pre-commit hooks by removing macro
Michael Mann [Tue, 13 Dec 2016 23:11:02 +0000 (18:11 -0500)]
file-jpeg.c - Pacify pre-commit hooks by removing macro

IMG_JFIF was trying to be a macro for all display and expert info filters.
This messed with the pre-commit scripts ability to ensure protocol
filter name was being used as the prefix for display and expert info
filters.  So replaced IMG_JFIF with the proper prefix - "image-jfif"

Change-Id: I1fe3dc8797529c9d17f75c511bc279824e7e69b0
Reviewed-on: https://code.wireshark.org/review/19253
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agocmake: add semicolon to file list.
Dario Lombardo [Tue, 13 Dec 2016 11:27:04 +0000 (12:27 +0100)]
cmake: add semicolon to file list.

The file list contains semicolon-separated list of files to check.
When merging the lists we need to separate them properly.

Error:

No such file: "packet-ncp2222.cpacket-coseventcomm.c" at wireshark/tools/checkAPIs.pl line 2050.

Change-Id: I19702ab85408caf69ed922732fce74c3058be640
Reviewed-on: https://code.wireshark.org/review/19237
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoAdjust proto_tree_add_uint_format_value calls to use unit string
Michael Mann [Tue, 13 Dec 2016 19:26:27 +0000 (14:26 -0500)]
Adjust proto_tree_add_uint_format_value calls to use unit string

Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.  There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.

Added a few more "common" unit string values to unit_strings.[ch]

Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoAdjust proto_tree_add_[float|double]_format_value calls to use unit string
Michael Mann [Mon, 12 Dec 2016 18:22:05 +0000 (13:22 -0500)]
Adjust proto_tree_add_[float|double]_format_value calls to use unit string

Several calls to proto_tree_add_[float|double]_xxx could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field.

Added a few more "common" unit string values to unit_strings.[ch]

Change-Id: Id0da7b579403898d20c2667d6c4abcd59d5a48d4
Reviewed-on: https://code.wireshark.org/review/19241
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoQt: Optionally restore our selected packet when thawing.
Gerald Combs [Mon, 12 Dec 2016 19:34:03 +0000 (11:34 -0800)]
Qt: Optionally restore our selected packet when thawing.

Stash the current row when we freeze the packet list. Make it possible
to restore it when thawing. Do so when the layout changes and when we
move a column.

Change-Id: I44cfb8bafcd4d49a46e1c89bf47aecf5ac139773
Reviewed-on: https://code.wireshark.org/review/19222
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agowin-setup.ps1: add missing zlib-1.2.8-ws folder
Pascal Quantin [Tue, 13 Dec 2016 21:15:28 +0000 (22:15 +0100)]
win-setup.ps1: add missing zlib-1.2.8-ws folder

Change-Id: Ie32a231146365c11fe80e9e4f414ef7c464a8249
Reviewed-on: https://code.wireshark.org/review/19247
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoimf: fix no newline at end of file [-Wnewline-eof]
Alexis La Goutte [Tue, 13 Dec 2016 10:39:16 +0000 (11:39 +0100)]
imf: fix no newline at end of file [-Wnewline-eof]

Change-Id: Ibddfbb049fdf8510ffc14fbadba7484300821888
Reviewed-on: https://code.wireshark.org/review/19236
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agortp_analysis_dialog.cpp: RTP Stream Analysis dialog shows same SSRC for forward and...
Jiri Novak [Mon, 12 Dec 2016 19:30:29 +0000 (20:30 +0100)]
rtp_analysis_dialog.cpp: RTP Stream Analysis dialog shows same SSRC for forward and reverse stream

Same SSRC is shown because of typo in variable name for reverse stream.

Bug: 13236
Change-Id: Idcba4d83c7b4358cd8ebf1ee5c5b5bde2fc2e48b
Reviewed-on: https://code.wireshark.org/review/19238
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoAdd support for adding unit names to hf_ fields.
Michael Mann [Mon, 12 Dec 2016 00:16:52 +0000 (19:16 -0500)]
Add support for adding unit names to hf_ fields.

This was inspired by the https://www.wireshark.org/lists/wireshark-dev/201505/msg00029.html thread.

Used TCP and NTP dissectors as the guinea pig with sample use.

Documentation updates includes some unrelated cleanup just because it was noticed.

Change-Id: I59b26e1ca3b95e3473e4757f1759d7ad82976965
Reviewed-on: https://code.wireshark.org/review/19211
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years ago[RTP Analysis] calculate BW correctly whem IPv6 is used.
AndersBroman [Tue, 13 Dec 2016 08:52:31 +0000 (09:52 +0100)]
[RTP Analysis] calculate BW correctly whem IPv6 is used.

Change-Id: Ia53efa57042d199673a77c59491215c0e99c9e84
Reviewed-on: https://code.wireshark.org/review/19235
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
3 years agobthci_acl: Set src/dst addresses before reassembly.
Stig Bjørlykke [Sun, 11 Dec 2016 13:18:55 +0000 (14:18 +0100)]
bthci_acl: Set src/dst addresses before reassembly.

Set all addresses before we do reassembly because sub-dissectors may set
their own addresses, and we don't want to override them again.

This fixes "Follow TCP Stream" and shows the correct IP addresses in the
Source and Destination columns when transporting IP packets.

Allocate the addresses in pinfo pool to avoid possible stack buffer overflow.

Bug: 13230
Change-Id: I3b81ccb02b38331add4773d9bb3d5e0f6dcf025e
Reviewed-on: https://code.wireshark.org/review/19201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
3 years agossh: add dissection for Elliptic Curve Diffie-Hellman KEX
Роман Донченко [Thu, 8 Dec 2016 21:19:25 +0000 (00:19 +0300)]
ssh: add dissection for Elliptic Curve Diffie-Hellman KEX

The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.

Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoAdd BGP dissector support for draft-ietf-idr-shutdown-01
Arjen Zonneveld [Fri, 2 Dec 2016 12:20:18 +0000 (13:20 +0100)]
Add BGP dissector support for draft-ietf-idr-shutdown-01

Parse the communication bits of a BGP Cease NOTIFICATION:

Border Gateway Protocol - NOTIFICATION Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 146
    Type: NOTIFICATION Message (3)
    Major error Code: Cease (6)
    Minor error Code (Cease): Administratively Shutdown (2)
    BGP Shutdown Communication Length: 124
    Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.

Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap

Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoBluetooth: BTLE: Add new commands parsing
Jakub Pawlowski [Tue, 13 Dec 2016 03:27:58 +0000 (19:27 -0800)]
Bluetooth: BTLE: Add new commands parsing

Add "LE Set Extended Advertising Parameters" and
"LE Set Extended Advertising Parameters" commands parsing.

Change-Id: Ibcc9f145694e54710da3a11ade237f7132674366
Reviewed-on: https://code.wireshark.org/review/19234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoBuild TRANSUM plugin
Pascal Quantin [Mon, 12 Dec 2016 20:42:14 +0000 (21:42 +0100)]
Build TRANSUM plugin

Add plugin to autofoo and CMake build systems and fix errors found
Add plugin to Windows installer (optional component activated by default)

Change-Id: Id1b777bdee04e53076b3291f6fb68d5abad6985d
Reviewed-on: https://code.wireshark.org/review/19228
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
3 years agoChange spaces to tab for recent wka entries
David Barrera [Mon, 12 Dec 2016 10:06:42 +0000 (11:06 +0100)]
Change spaces to tab for recent wka entries

Commit 66549a9cacb29abdbb2c6fdaaf8235c4f34f6a13 added 3 new entries to
wka.tmpl, but used spaces instead of the default tab separator. This
inconsistency causes external tools that expect tabs in the manuf file
to behave unexpectedly.

The manuf file was re-generated after the fix to wka.tmpl.

Change-Id: I79bceac649e0fc29b3502fc2e074dcd513f29ff5
Reviewed-on: https://code.wireshark.org/review/19217
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoBluetooth: BTLE: Add BT5.0 command and event name parsing
Jakub Pawlowski [Tue, 13 Dec 2016 01:56:32 +0000 (17:56 -0800)]
Bluetooth: BTLE: Add BT5.0 command and event name parsing

Change-Id: I830551959965896451ddc08f3e843b61f22eed67
Reviewed-on: https://code.wireshark.org/review/19233
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agopacket-infiniband: Update conversation src port for exact lookup
Parav Pandit [Sat, 10 Dec 2016 08:00:09 +0000 (03:00 -0500)]
packet-infiniband: Update conversation src port for exact lookup

Dissectors above infiniband (such as RPC dissector)
performs exact lookup on saddr, daddr, sport, dport. They are unaware
that underlying transport is infiniband which doesn't have src_qp in
packets. Due to which srcport remains uninitialized and exact lookup
fails.
In order to get them work seemlessly, this fix updates the sport
to src_qp (similar to destport to dest_qp). With this upper level
dissectors can perform direct lookup similar to TCP. Those which need to
access private data of unidirectional CM messages, can still continue to
perform unidirectional lookup as before.

It also fixes the issue where req_qp and resp_qp were swapped during
bidirectional conversation creation. This was caught during testing with
packet-rpc.c by Chuck Lever.

Tested protocols:
1. nfs-rdma over Infiniband with trace of Bug 13213
2. ICMP packets over Infiniband
3. NVMe fabrics over RDMA
Tested with trace of Bug 13201 for Nvme.

Bug: 13202
Bug: 13213
Change-Id: Ica1b6aae3ccaa6642dc3b3edfa9a5a4c335cc5da
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoUpdate to WinSparkle 0.5.3.
Gerald Combs [Thu, 8 Dec 2016 17:41:47 +0000 (09:41 -0800)]
Update to WinSparkle 0.5.3.

Update our WinSparkle package to 0.5.3. This fixes a file deletion bug.
Note that WinSparkle now supports application shutdown callbacks, which
should let us fix bugs 9687 and 12989.

Bug: 13217
Change-Id: I4b5f325c6dc251ce167f7bd344bbf3ca5ad3fe14
Reviewed-on: https://code.wireshark.org/review/19230
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoRemove some GtkCList comments and code.
Gerald Combs [Mon, 12 Dec 2016 22:03:25 +0000 (14:03 -0800)]
Remove some GtkCList comments and code.

Remove some comments and hopefully-no-longer-necessary code specific to
GtkCList.

Change-Id: Ib62387f87e662798afba282cf95cbd215d60075e
Reviewed-on: https://code.wireshark.org/review/19227
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agortp_player_dialog.cpp: fix usage of unsupported method QComboBox::setCurrentText...
Jiri Novak [Mon, 12 Dec 2016 12:26:53 +0000 (13:26 +0100)]
rtp_player_dialog.cpp: fix usage of unsupported method QComboBox::setCurrentText with Qt4.x

QComboBox::setCurrentText() method is available in Qt5.x.
Older versions code won't compile with it.

Bug: 13235
Change-Id: Ia2e2713fefe0f2be01a0b77ff1ac39c9162fd0d1
Reviewed-on: https://code.wireshark.org/review/19219
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
3 years agoMove the declaration of packet_list_select_last_row() to ui/gtk/packet_list.h.
Guy Harris [Mon, 12 Dec 2016 21:12:26 +0000 (13:12 -0800)]
Move the declaration of packet_list_select_last_row() to ui/gtk/packet_list.h.

It's GTK+-only, so it shouldn't be in ui/ui_util.h.  Get rid of the
unused Qt packet list implementation of it.

Change-Id: Ia9f8fe2209939dff5244e6948c36f29509340f68
Reviewed-on: https://code.wireshark.org/review/19226
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoGet rid of some GTK+-only routines in file.c.
Guy Harris [Mon, 12 Dec 2016 20:57:12 +0000 (12:57 -0800)]
Get rid of some GTK+-only routines in file.c.

Just directly call the packet_list_select_ routine from the GTK+ code.

Change-Id: I9146fb968c407d6186b146a86aa34678765f7352
Reviewed-on: https://code.wireshark.org/review/19225
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoMark routines GTK+ only.
Gerald Combs [Mon, 12 Dec 2016 20:34:26 +0000 (12:34 -0800)]
Mark routines GTK+ only.

Mark packet_list_select_last_row and cf_goto_bottom_frame GTK+ only.

Change-Id: I158814c2fa8c5fa8021b7156dded0945535c978a
Reviewed-on: https://code.wireshark.org/review/19223
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoDo not set Qt Window focus when highlighting rows
D. Ulis [Sun, 11 Dec 2016 23:52:26 +0000 (18:52 -0500)]
Do not set Qt Window focus when highlighting rows

Bug: 11890
Change-Id: I372f096c1ac0e483bf49cf95831e3df43621a642
Reviewed-on: https://code.wireshark.org/review/19209
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years ago[RTP] In case no conversation is found, check if we have a dissecor for
AndersBroman [Mon, 12 Dec 2016 13:21:03 +0000 (14:21 +0100)]
[RTP] In case no conversation is found, check if we have a dissecor for
the dynamic payload type defined. If so set the dynamic
payload_type_string to that dissectors name.

This is for RTP analysis to work if there is no setup information in the
file.

Change-Id: I7ae7b957cfa9eb6013f7d32d50563e2034210af6
Reviewed-on: https://code.wireshark.org/review/19220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoRename non-EBCDIC-specific routines.
Guy Harris [Mon, 12 Dec 2016 08:19:44 +0000 (00:19 -0800)]
Rename non-EBCDIC-specific routines.

Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".

Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoUpdate for library changes.
Guy Harris [Mon, 12 Dec 2016 08:06:35 +0000 (00:06 -0800)]
Update for library changes.

Change-Id: Ibe63e79a2865c53be0aafbf1b53103267a502b7a
Reviewed-on: https://code.wireshark.org/review/19213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoFix handling of EBCDIC string fields.
Guy Harris [Mon, 12 Dec 2016 05:49:14 +0000 (21:49 -0800)]
Fix handling of EBCDIC string fields.

Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode.  Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037.  Add ENC_EBCDIC_CP037 for code page 037.

Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agossh: correct inaccurate field names/abbrevs/id variable names
Роман Донченко [Sun, 11 Dec 2016 00:21:52 +0000 (03:21 +0300)]
ssh: correct inaccurate field names/abbrevs/id variable names

* kex_first_packet_follows -> first_kex_packet_follows
  That's the name the spec (RFC 4253) uses.

* DH H signature -> H signature, DH host key -> host key
  Neither the host key nor the H signature have much to do
  with Diffie-Hellman. They're used in the same way in
  every key exchange method that I know of, so their names
  should be more generic.

* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
  This is to make all key exchange method-specific fields follow
  a consistent pattern with all names/abbrevs being prepended
  by the method name.

Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agosmb/tftp: fix no previous prototype for ‘tftp/smb_eo_cleanup’ [-Wmissing-prototypes]
Alexis La Goutte [Sun, 11 Dec 2016 20:00:06 +0000 (21:00 +0100)]
smb/tftp: fix no previous prototype for ‘tftp/smb_eo_cleanup’ [-Wmissing-prototypes]

Change-Id: I22ce7c49eab9232d38ace51a39fee098786f981d
Reviewed-on: https://code.wireshark.org/review/19206
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years ago[Automatic update for 2016-12-11]
Gerald Combs [Sun, 11 Dec 2016 16:12:37 +0000 (08:12 -0800)]
[Automatic update for 2016-12-11]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: Ie1a890ea3d5cfab844bc486806303e0ea4417ec3
Reviewed-on: https://code.wireshark.org/review/19203
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoCleanup dissection of endpoint addresses.
Guy Harris [Sun, 11 Dec 2016 04:18:26 +0000 (20:18 -0800)]
Cleanup dissection of endpoint addresses.

All the pseudo-headers encode the endpoint as per a bEndpointAddress in
sections 9.6.6 "Endpoint" of the USB 2.0 spec and the USB 3.1 spec, with
a 4-bit endpoint number at the bottom and a 1-bit direction at the top
with 0 = OUT and 1 = IN.

Show the FreeBSD endpoint address the same way the other endpoint
addresses are shown; the FreeBSD one is shown as a 4-byte little-endian
value, but only the low-order (first) byte is used, so just show that
byte.

Call that field the "endpoint address", with the lower 4 bits being the
"endpoint number" and the uppermost bit the "endpoint direction".

Change-Id: Ic7358c7fb6b6df2502315b590eb5178cecb321d9
Reviewed-on: https://code.wireshark.org/review/19200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agossh: remove uninformative blurbs
Роман Донченко [Sat, 10 Dec 2016 23:40:27 +0000 (02:40 +0300)]
ssh: remove uninformative blurbs

For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.

Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoAdd a preference to control whether string and byte lengths appear in protocol tree
Martin Mathieson [Fri, 9 Dec 2016 22:40:59 +0000 (14:40 -0800)]
Add a preference to control whether string and byte lengths appear in protocol tree

Change-Id: I6be13d9adb8871cbbf4604155e8e7175a74ddaa3
Reviewed-on: https://code.wireshark.org/review/19188
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dmitry Lazurkin <dilaz03@gmail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
3 years agogsmtap: Introduce a new packet-gsmtap.h header file
Harald Welte [Fri, 9 Dec 2016 18:21:13 +0000 (13:21 -0500)]
gsmtap: Introduce a new packet-gsmtap.h header file

Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.

Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoInitialize fd_head->frame in all cases where we allocate fd_head.
Guy Harris [Sat, 10 Dec 2016 18:37:07 +0000 (10:37 -0800)]
Initialize fd_head->frame in all cases where we allocate fd_head.

Also, sort the initializations of structure members by the order in the
structure, to make it easier to check that we've initialized them all.

Bug: 13231
Change-Id: Id2819940d916a5fd5a3f1bf2fc20bd3ee34a75f4
Reviewed-on: https://code.wireshark.org/review/19195
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoQt: Avoid infinite recursion in ExtcapArgument::loadValues
Stig Bjørlykke [Sat, 10 Dec 2016 12:07:06 +0000 (13:07 +0100)]
Qt: Avoid infinite recursion in ExtcapArgument::loadValues

If configuring a extcap "value" sentence with {value=} then loadValues()
must not run in a infinite recursion trying to find it's children.

Change-Id: Ic2577b31d9312e8f6a099c4fe7c0672e801dbc89
Reviewed-on: https://code.wireshark.org/review/19192
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
3 years agossh: organize header field IDs
Роман Донченко [Thu, 8 Dec 2016 22:04:39 +0000 (01:04 +0300)]
ssh: organize header field IDs

The header field ID variables are listed in a somewhat chaotic order,
making the list hard to comprehend and update. Group them according
to the part of the protocol the corresponding fields occur in, and
order the groups and the IDs within groups to roughly match
the protocol flow and message formats.

Change-Id: I915f508fd78ff89819c96d246c79d335de6a172e
Reviewed-on: https://code.wireshark.org/review/19154
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoBoost the max CPU time.
Guy Harris [Sat, 10 Dec 2016 03:27:58 +0000 (19:27 -0800)]
Boost the max CPU time.

See if that lets the big file from bug 13226 pass the test under
Valgrind.

Change-Id: I76eb0c18809289e3b14ff8071402c31f70d93d42
Ping-Bug: 13226
Reviewed-on: https://code.wireshark.org/review/19189
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years ago[ICMP] use abs() in detecting timestamp heuristics
Michael Mann [Fri, 9 Dec 2016 02:41:58 +0000 (21:41 -0500)]
[ICMP] use abs() in detecting timestamp heuristics

The code was making the assumption that the ICMP data time will always
be greater than or equal to the frame time, but not earlier, but that
is not always the case and the heuristics can fail.

Bug: 13161
Change-Id: I4bc7bd8d22d717d3b1f08afdd651f8a70cb7aef2
Reviewed-on: https://code.wireshark.org/review/19157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years ago[RTP] Don't call p_get_proto_data() twice
AndersBroman [Fri, 9 Dec 2016 14:43:30 +0000 (15:43 +0100)]
[RTP] Don't call p_get_proto_data() twice

Change-Id: Ie13e23232e183818b813e391274d75415b3fee83
Reviewed-on: https://code.wireshark.org/review/19181
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-windows-common.h: Fix "Warning: this decimal constant is unsigned only in...
Thomas Dreibholz [Fri, 9 Dec 2016 15:34:42 +0000 (10:34 -0500)]
packet-windows-common.h: Fix "Warning: this decimal constant is unsigned only in ISO C90"

Bug: 12824
Change-Id: I4b857f3cc488867d8ee7487c1f978edf639988f8
Reviewed-on: https://code.wireshark.org/review/19182
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoui: move filesystem code to wsutil/filesystem.c
Dario Lombardo [Fri, 9 Dec 2016 10:46:20 +0000 (11:46 +0100)]
ui: move filesystem code to wsutil/filesystem.c

This function can be used by code outside ui (eg. extcap).

Ping-Bug: 13218
Change-Id: Ic11f7acebefeaf777692df044ebff9b1bc387aa3
Reviewed-on: https://code.wireshark.org/review/19178
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years ago[RTP]Rearrange the logic in process_rtp_payload() to make it a bit clearer
AndersBroman [Fri, 9 Dec 2016 12:04:28 +0000 (13:04 +0100)]
[RTP]Rearrange the logic in process_rtp_payload() to make it a bit clearer
what happens.

Change-Id: Ib64c127ef5e2ba3fe57301c7ac7c75fd1d0e0d27
Reviewed-on: https://code.wireshark.org/review/19176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoSet a Libgcrypt log handler on Windows.
Gerald Combs [Thu, 8 Dec 2016 23:16:00 +0000 (15:16 -0800)]
Set a Libgcrypt log handler on Windows.

Libgcrypt prints all log messages to stderr by default. On Windows the
slow_gatherer routine logs

    NOTE: you should run 'diskperf -y' to enable the disk statistics

if DeviceIoControl(..., IOCTL_DISK_PERFORMANCE, ...) fails. We don't
depend on cryptographically secure random numbers and the message is
needlessly confusing. Add a log handler that ignores less-severe messages.

Change-Id: If40a691ea380364457dfdf126b9bf33ac2672d3a
Reviewed-on: https://code.wireshark.org/review/19155
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoextcap: add new option type (timestamp).
Dario Lombardo [Wed, 9 Nov 2016 12:56:12 +0000 (13:56 +0100)]
extcap: add new option type (timestamp).

Bug: 12787
Change-Id: I941833c55fb607c8af2ef832082af58d7b94e965
Reviewed-on: https://code.wireshark.org/review/18721
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agotransum: plugin code
Paul Offord [Mon, 3 Oct 2016 08:09:18 +0000 (09:09 +0100)]
transum: plugin code

A plugin to calculate response, service and spread time values based on
the RTE model.

Bug: 12892
Change-Id: I47d7e5354fc269916851a318fef10b826897eaf8
Reviewed-on: https://code.wireshark.org/review/17750
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years ago.mailmap: Update (of november)
Alexis La Goutte [Sun, 13 Nov 2016 17:47:28 +0000 (18:47 +0100)]
.mailmap: Update (of november)

Change-Id: I643825baa09bf1b6b54515dc109669c0cb1e2cd7
Reviewed-on: https://code.wireshark.org/review/18800
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoextcap: Whitespace cleanup.
Stig Bjørlykke [Wed, 7 Dec 2016 18:59:53 +0000 (19:59 +0100)]
extcap: Whitespace cleanup.

Cleanup code to use uniform whitespace to make it more readable.
Also added brackets to unbracketed one line conditional statements.

This was done using "astyle -A1cHjk3pU".

Change-Id: Iebe96c488c843ce1d790ede0016eb9df025e98a5
Reviewed-on: https://code.wireshark.org/review/19133
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoFix a mis-merging.
Guy Harris [Thu, 8 Dec 2016 20:34:59 +0000 (12:34 -0800)]
Fix a mis-merging.

Also, remove the "make sure we're not fetching a bogus structure" tests.

Add a comment explaining how a compiler bug where it's overly optimizing
a combination of tests could cause the valgrind errors we were seeing,
so we're zeroing the entire structure, padding included, to avoid that.

Change-Id: I24f94b2cbceec5234c1da82b891f609648075839
Reviewed-on: https://code.wireshark.org/review/19149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agotns: reduce variable scope.
Dario Lombardo [Thu, 8 Dec 2016 14:46:59 +0000 (15:46 +0100)]
tns: reduce variable scope.

Change-Id: Ie187692143b5866bb52b7daf1def2e36ce202a86
Reviewed-on: https://code.wireshark.org/review/19146
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years ago[GTP] Add dissection of Extended Common Flags II IE
AndersBroman [Thu, 8 Dec 2016 12:50:42 +0000 (13:50 +0100)]
[GTP] Add dissection of Extended Common Flags II IE
while at it extend IE value_strings.

Change-Id: Iea592aca088384c381843be7255922db2ade393a
Reviewed-on: https://code.wireshark.org/review/19145
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agosdp: decode pt for more RTP transport protocols
Peter Wu [Wed, 7 Dec 2016 23:24:05 +0000 (00:24 +0100)]
sdp: decode pt for more RTP transport protocols

Do not just decode the payload type for RTP/AVP, but also all RTP
transport types.

Add RTP/AVPF (same as normal RTP/AVP, but with additional RTCP formats).
Similarly, add RTP/SAVPF and the two DTLS variants. Add references to
the relevant specifications and order per IANA registry.

Tested with dtls-srtp-ws-sip.pcapng, now the payload types under the
"m=" tree have names and frames that were previously reported as RTP
show up as SRTP. Frame 442 now shows "Encrypted RTCP Payload" warning
instead of decoding it as garbage.

Change-Id: I06893f385ec270391f8891e72a364d08d2354a0a
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/19139
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoQt: Fix currentOutputDeviceName() without QtMultimedia
Michal Labedzki [Thu, 8 Dec 2016 07:14:14 +0000 (08:14 +0100)]
Qt: Fix currentOutputDeviceName() without QtMultimedia

Fix build error:
ui/qt/moc_rtp_player_dialog.cxx:87:76: error: ‘currentOutputDeviceName’ was not declared in this scope
         case 0: *reinterpret_cast< QString*>(_v) = currentOutputDeviceName(); break;

Change-Id: I065862540e775c3e965cb5d3ae4c53bd8d505bdd
Reviewed-on: https://code.wireshark.org/review/19142
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoRevert "Revert "Don't use a local variable's address in set_address().""
Guy Harris [Thu, 8 Dec 2016 09:07:13 +0000 (09:07 +0000)]
Revert "Revert "Don't use a local variable's address in set_address().""

This reverts commit 92a2c184b09ce41a1ab717963750bb5543099742.

Actually, that address *is* attached to a pinfo structure.

Change-Id: I183135f9cf10a6714045091d2ae02d2799093bae
Reviewed-on: https://code.wireshark.org/review/19143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agopacket-rpcrdma: Select correct size of transport header
Chuck Lever [Sat, 12 Nov 2016 19:40:31 +0000 (14:40 -0500)]
packet-rpcrdma: Select correct size of transport header

Nit: Make it easier to see the transition between the end of the
RPC-over-RDMA transport header and the start of the RPC header.
Calculate the selection size of the RPC-over-RDMA header
properly, including the size of the chunk lists.

Change-Id: I84bc7d970a95e8f50a21a45ded386322711b6512
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19034
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoFix ZigBee End Device Timeout enumeration
Chris Brandson [Wed, 7 Dec 2016 22:36:17 +0000 (14:36 -0800)]
Fix ZigBee End Device Timeout enumeration

Value 1 incorrect. Remaining enumerations correct

Change-Id: I31939fabded6c4eab13c5b61bbdd4f61b962f0e0
Reviewed-on: https://code.wireshark.org/review/19137
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoRevert "Don't use a local variable's address in set_address()."
Guy Harris [Wed, 7 Dec 2016 22:50:49 +0000 (22:50 +0000)]
Revert "Don't use a local variable's address in set_address()."

This reverts commit e2c26ff90c6aee381c3af0c33253dcfa5631bb43.

*That* address isn't attached to a pinfo structure, it's used to create a conversation, and a copy is made of it, using file scope.  So that's not the cause of this problem.

Change-Id: I07ce091e678c42c30080cd00fd17cd1584f473ad
Reviewed-on: https://code.wireshark.org/review/19138
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoDon't use a local variable's address in set_address().
Guy Harris [Wed, 7 Dec 2016 22:21:09 +0000 (14:21 -0800)]
Don't use a local variable's address in set_address().

The address data is supposed to outlive the current routine's scope, so
you can't pass it a pointer to an argument to the routine; you have to
allocate pinfo-scoped memory and copy the variable to that.

Bug: 13219
Change-Id: Id3fdb52b614036d4d24d0676e798a2524fbe916c
Reviewed-on: https://code.wireshark.org/review/19136
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoRevert "Temporarily break up complicated expression into a bunch of separate ifs."
Peter Wu [Tue, 6 Dec 2016 16:31:32 +0000 (16:31 +0000)]
Revert "Temporarily break up complicated expression into a bunch of separate ifs."

This reverts commit db7c6286169015a727024e86eb270722127125bb.

As pointed out in bug 13044, the warning is really coming from checking
"cops_call->solicited", no need to expand the whole expression.

Ping-Bug: 13044
Change-Id: Ib376ce6d0ec9fcf896e6081adae7664f19d9f759
Reviewed-on: https://code.wireshark.org/review/19115
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoQt: don't append a second extension to save file names
Роман Донченко [Tue, 6 Dec 2016 22:14:39 +0000 (01:14 +0300)]
Qt: don't append a second extension to save file names

When checking if the file already has one of the possible extensions,
MainWindow::fileAddExtension reuses file_suffix between iterations and
appends to it each time, so it ends up checking for the wrong suffix for all
extensions except the first one. Scope file_suffix to the for loop to
fix that.

Change-Id: Idbc5a619a4793d8c477bfd88305cdb44ea844e13
Reviewed-on: https://code.wireshark.org/review/19123
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
3 years agoThe version lists are sequences of 1-byte integers, not strings.
Guy Harris [Wed, 7 Dec 2016 19:50:10 +0000 (11:50 -0800)]
The version lists are sequences of 1-byte integers, not strings.

Show each version in the list independently as an item.

Perhaps the Set Protocol response version lists seen have only one
version, but the presence of a version-0 terminator suggests that it
could contain multiple versions, so dissect it as such.

For FT_STRINGZ values, let proto_tree_add_item() determine the length -
pass a length of -1.  If we need the length, use
proto_tree_add_item_ret_length().

Change-Id: I5954ccac34f9e462c6d43e9a213974cf818f4d0d
Reviewed-on: https://code.wireshark.org/review/19134
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agoQt: Fixup the currentOutputDeviceName Q_PROPERTY.
Gerald Combs [Wed, 7 Dec 2016 17:58:28 +0000 (09:58 -0800)]
Qt: Fixup the currentOutputDeviceName Q_PROPERTY.

The CONSTANT attribute indicates that the same value will be returned
every time. That isn't the case here so remove it.

Change-Id: Ie7451e6aabcb4fa1a6960762d96ad190f32b3d7a
Reviewed-on: https://code.wireshark.org/review/19130
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoextcap: Separate dirname and file with G_DIR_SEPARATOR_S.
Stig Bjørlykke [Wed, 7 Dec 2016 18:02:06 +0000 (19:02 +0100)]
extcap: Separate dirname and file with G_DIR_SEPARATOR_S.

Change-Id: I9e1e9b1a10a15ca95519392a7a19ba77f460141e
Reviewed-on: https://code.wireshark.org/review/19131
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-tns: add Set Protocol dissection.
Alexandr Savca [Sat, 3 Dec 2016 14:42:23 +0000 (16:42 +0200)]
packet-tns: add Set Protocol dissection.

Set Protocol is a SQLNET (NET8) message of Data packet type. At the
moment, request message is fully implemented, response partly.

Also, remove unused href entry(s).

Change-Id: I1814ce867cf4f03fa70f05552bfe870ed8f7737c
Reviewed-on: https://code.wireshark.org/review/19051
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoBluetooth: SMP: Use bitmask fields
Michal Labedzki [Tue, 6 Dec 2016 08:10:52 +0000 (09:10 +0100)]
Bluetooth: SMP: Use bitmask fields

And try to improve column output readability by using
separators.

Change-Id: I274f47275519c2a87def483f8f857a98edc341d1
Reviewed-on: https://code.wireshark.org/review/19109
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agoFix: Allocate new string for export object entry to prevent crash when memory is...
bwhitn [Wed, 7 Dec 2016 15:32:31 +0000 (07:32 -0800)]
Fix: Allocate new string for export object entry to prevent crash when memory is freed

Change-Id: Ied9f267b28144ea6069388d2d739d07955642863
Reviewed-on: https://code.wireshark.org/review/19129
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-rpcrdma: Fix selection size in chunk list dissectors
Chuck Lever [Tue, 6 Dec 2016 16:25:59 +0000 (11:25 -0500)]
packet-rpcrdma: Fix selection size in chunk list dissectors

Use proto_item_set_len instead of walking the packet ahead of time
trying to compute the size.

Change-Id: I5eb3da1fef45895853cb5b6b198d0310394e4176
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19120
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoRTCP: Bugfix MS Video Source Request dissection
Michael Mann [Wed, 7 Dec 2016 02:19:01 +0000 (21:19 -0500)]
RTCP: Bugfix MS Video Source Request dissection

Bug: 13212
Change-Id: I249d38e843f737bbd0773828f24980d148fbaa00
Reviewed-on: https://code.wireshark.org/review/19126
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agosdp: replace bitmask by enum for transport protocol
Peter Wu [Tue, 6 Dec 2016 23:06:23 +0000 (00:06 +0100)]
sdp: replace bitmask by enum for transport protocol

Previously the bitmask also stored whether the type of media (video) and
address type (IPv4/IPv6). Now that these are gone, it makes more sense
to use enums.

There is no functional change (only debugging output is different).

Change-Id: Idc9659cd21e36489a3f5720bbf13640c4beecc02
Reviewed-on: https://code.wireshark.org/review/19124
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
3 years agoThrow in another tweak to check for uninitialized cops_call_t structures.
Guy Harris [Tue, 6 Dec 2016 21:37:45 +0000 (13:37 -0800)]
Throw in another tweak to check for uninitialized cops_call_t structures.

Temporariy add a "magic" field, initialize it when we allocate it, and
whenever we fetch a structure from the array, make sure the "magic"
field has the right value.

(If this all turns out to be a valgrind bug, I'm not going to be very
happy.)

Change-Id: I29becc715367fdc305504b38d48be05dc516132a
Reviewed-on: https://code.wireshark.org/review/19128
Reviewed-by: Guy Harris <guy@alum.mit.edu>
3 years agopacket-rpcrdma: Prepare dissector for RPC-over-RDMA on iWARP or RoCE
Chuck Lever [Fri, 11 Nov 2016 22:35:58 +0000 (17:35 -0500)]
packet-rpcrdma: Prepare dissector for RPC-over-RDMA on iWARP or RoCE

Remove the Infiniband-centric QP filtering. This filtering attempted
to create conversations to allow the heuristic dissector to be
bypassed once it was established that a QP was carrying
RPC-over-RDMA traffic.

However, it was preventing proper identification of RPC-over-RDMA
traffic when a CM connection establishment exchange doesn't appear
in the capture (which is frequently the case for captures of NFS
traffic).

Also, without this conversation logic, loading a capture file
appears to be significantly faster, at least for capture files
I have on hand.

Later, some form of conversation management will be needed in
order to associate RPC-over-RDMA transport headers with
RDMA Read and Write operations that go along with them. But it
will need to be agnostic about the underlying link layer.

Bug: 13199
Bug: 13202
Change-Id: Ie6b7a4c65979dac036306f7367ce18836713ab4d
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19032
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
3 years agopacket-tns: add TNS_TYPE_DATA functions dissection.
Alexandr Savca [Sat, 3 Dec 2016 13:36:51 +0000 (15:36 +0200)]
packet-tns: add TNS_TYPE_DATA functions dissection.

Those functions also known as NET8 commands or SQLNET layer of TNS protocol.
Also added a lot of sub-functions for one NET8 command, also known as OCI
(Oracle Call Interface).

Do other cleanup while in the neighbor hood including:
1. Use proto_tree_add_bitmask where applicable
2. Remove individual "hidden" command fields. Filtering should use "tns.type"
3. Remove unnecessary if (tree)s

Change-Id: Ib7cc5cf307179d5d252c334949a4e77d9d396ba4
Reviewed-on: https://code.wireshark.org/review/19050
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>