Peter Wu [Fri, 16 Nov 2018 11:53:03 +0000 (12:53 +0100)]
tshark: do not print packet information when using -w without libpcap
The test_tshark_io_direct_stdout test was failing because the command
"tshark -r test/captures/dhcp.pcap -w - > some.pcap" produced a corrupt
capture file which has the packet information appended at the end.
Change-Id: I1a79e98f1475c29d7dad3ff90d4cb689f46b0e57
Fixes: 57389a0c69 ("make tshark compile and work also when pcap is not available")
Reviewed-on: https://code.wireshark.org/review/30668
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Fri, 16 Nov 2018 13:52:39 +0000 (14:52 +0100)]
Qt: fix build with Qt 5.4 and older
Change-Id: Iabdd87128a2af8c668c0602ea677f71984e64723
Fixes: v2.9.0rc0-2556-gb894c53d5e ("Add an API to get a description of a compression type, and use it.")
Reviewed-on: https://code.wireshark.org/review/30670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Guy Harris [Fri, 16 Nov 2018 10:15:47 +0000 (02:15 -0800)]
Add an API to get a description of a compression type, and use it.
Add wtap_compression_type_description(), which returns NULL for
WTAP_UNCOMPRESSED and a descriptive string for other compression types.
Instead of checking for WTAP_GZIP_COMPRESSED and appending "(gzip
compressed)", just pass the compression type to
wtap_compression_type_description() and, if the result is non-null,
append its result, wrapped in parentheses, with a space before the left
parenthesis.
Change-Id: I79a999c7838a883953795d5cbab009966e14b65e
Reviewed-on: https://code.wireshark.org/review/30666
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Martin Boye Petersen [Fri, 16 Nov 2018 09:14:18 +0000 (10:14 +0100)]
ZigBee: Fixed incorrect field type
Fixed incorrect field type for tariff label in publish tariff information.
It is an zigbee octet string, so the first byte indicates the length of the string.
Change-Id: Ia90e47a19a3bd1ca7642f5e7ce99377618198f15
Reviewed-on: https://code.wireshark.org/review/30663
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Fri, 16 Nov 2018 08:42:26 +0000 (09:42 +0100)]
nettrace: fix var init.
Error:
../wiretap/nettrace_3gpp_32_423.c:745:47: error: missing field 'src_ip' initializer [-Werror,-Wmissing-field-initializers]
exported_pdu_info_t exported_pdu_info = { 0 };
^
1 error generated.
ninja: build stopped: subcommand failed.
Change-Id: I6c083b474854ea062f0a1c9f94e83af83574fc91
Reviewed-on: https://code.wireshark.org/review/30661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Fri, 16 Nov 2018 08:49:45 +0000 (09:49 +0100)]
gtpv2: Handle different sizes of 8.38 MM Context.
Change-Id: Iaeb795f439a1157bca6d006d2a0bf8fe44703267
Reviewed-on: https://code.wireshark.org/review/30662
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Joerg Mayer [Fri, 16 Nov 2018 09:31:01 +0000 (10:31 +0100)]
dictionary.symbol: Update to version received from vendor with minor formatting changes
Change-Id: I569e2fdb96ffc6757fffce8ddaf0086037cfa64f
Reviewed-on: https://code.wireshark.org/review/30665
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Guy Harris [Fri, 16 Nov 2018 04:06:36 +0000 (20:06 -0800)]
Use an enum for compression types in various interfaces.
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Craig Jackson [Thu, 15 Nov 2018 05:24:09 +0000 (00:24 -0500)]
TDS: Fix decoding of TDS7 password.
Fix decoding of the TDS7 password field by treating it as a byte string, not an ASCII string.
Also fix another display problem demonstrated by the sample trace.
Bug: 15274
Change-Id: I906d6e9499e2e986820e9248604e98051d877bed
Reviewed-on: https://code.wireshark.org/review/30653
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Wed, 14 Nov 2018 00:10:53 +0000 (16:10 -0800)]
Use the dump parameters structure for non-pcapng-specific stuff.
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Guy Harris [Thu, 15 Nov 2018 23:34:01 +0000 (15:34 -0800)]
Always use the input file's encapsulation for the output file.
Using WTAP_ENCAP_PER_PACKET if there's more than one interface forces a
format supporting multiple encapsulations even if all interfaces use the
same encapsulation; there's no reason to force that - you might as well
let the user specify pcap format, for example, if that's what they
really want.
(If there are multiple interfaces and they have different
encapsulations, the file encapsulation will be WTAP_ENCAP_PER_PACKET
*anyway*.)
Change-Id: I0e65c06e1ae3ff159ccd27f72cc63014e30a58f3
Reviewed-on: https://code.wireshark.org/review/30658
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Thu, 15 Nov 2018 23:25:06 +0000 (15:25 -0800)]
Just pass on a snapshot length of 0 to the dumper.
It means "snapshot length unknown".
For most file formats, the snapshot length isn't recorded (even for
formats that support slicing - all they record is the on-the-network
length, and length after slicing, for each packet), so it's ignored in
the dumper.
The one exception is pcap, which records it in the file header; if it's
unknown, the pcap-writing code picks the maximum supported snapshot
length for the file's link-layer header type.
Change-Id: Ieda5dfe34c4bac63e43fdadeff31799ac3c908de
Reviewed-on: https://code.wireshark.org/review/30657
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu [Thu, 15 Nov 2018 11:38:12 +0000 (12:38 +0100)]
test: convert suite_dfilter to use fixtures
Stop using subprocesstest, drop the (now redundant) DFTestCase base
class and use pytest-style fixtures to inject the dependency on tshark.
This approach makes it easier to switch to pytest in the future.
Most substitutions were automated, so no typos should be present.
Change-Id: I3516029162f87423816937410ff63507ff82e96f
Reviewed-on: https://code.wireshark.org/review/30649
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Wed, 14 Nov 2018 18:32:10 +0000 (19:32 +0100)]
test: convert suite_nameres to use fixtures
Create a special custom profile just for the nameres tests, instead of
doing this for all tests. Other tests do not need it.
Change-Id: I41de0ece9dcf1ee310957beab2bbee0a99784753
Reviewed-on: https://code.wireshark.org/review/30633
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu [Wed, 14 Nov 2018 16:54:00 +0000 (17:54 +0100)]
test: convert suite_text2pcap to use fixtures
Inline all capture file names and use fixtures instead of the global
config object. This makes dependencies more explicit.
Change-Id: I37a6eda73822735b5a6957b44bce53bb5ecd1aa0
Reviewed-on: https://code.wireshark.org/review/30631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Guy Harris [Thu, 15 Nov 2018 17:52:02 +0000 (09:52 -0800)]
Don't set anything in *wth until we've decided it's a Peek classic file.
Change-Id: I8b6f5b46cc578a65eec3e255d468d3841f9b0197
Reviewed-on: https://code.wireshark.org/review/30652
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gerald Combs [Thu, 15 Nov 2018 16:05:17 +0000 (08:05 -0800)]
Dumpcap: Update our pipe closed logic.
Check for pipe status only when we no longer have packets. This keeps us
from flushing packets that we should have written.
Change-Id: I714f52597da792a0b228b5e1a1dd3a993dc93681
Reviewed-on: https://code.wireshark.org/review/30651
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Anders Broman [Thu, 15 Nov 2018 13:34:05 +0000 (14:34 +0100)]
nettrace: Parse IPv6 addresses.
Change-Id: Iad583c39605ed2dd7a1c64f3729500c6b8a31fd3
Reviewed-on: https://code.wireshark.org/review/30650
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Thu, 15 Nov 2018 08:36:16 +0000 (00:36 -0800)]
Simplify code.
Just directly set wth->file_encap.
Change-Id: I9fb3d34d3d46d9bef6b7206e25ba72049d9b12f1
Reviewed-on: https://code.wireshark.org/review/30648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Martin Peylo [Wed, 14 Nov 2018 21:33:49 +0000 (23:33 +0200)]
CBRS-OIDs: adding Citizens Broadband Radio Service Object Identifiers
Used within CBRS X.509 certificates, related certificate requests etc
Extracted from
- WInnForum CBRS COMSEC TS WINNF-15-S-0065-V2.0.0
https://www.wirelessinnovation.org/assets/work_products/Specifications/winnf-15-s-0065-v2.0.0%20cbrs%20communications%20security%20technical%20specification.pdf
- WInnForum CBRS Certificate Policy Document WINNF-17-S-0022
https://www.wirelessinnovation.org/assets/work_products/Specifications/winnf-17-s-0022%20v1.0.0%20cbrs%20pki%20certificate%20policy.pdf
Change-Id: I7ee5246bb15214d37cd566f8b2beadeb0a2bce01
Reviewed-on: https://code.wireshark.org/review/30642
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Thu, 15 Nov 2018 01:19:06 +0000 (17:19 -0800)]
Debian: Add missing symbols.
Change-Id: Ia8a385faad06a1221a9ab6f31e27e4be09a5590d
Reviewed-on: https://code.wireshark.org/review/30646
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Thu, 15 Nov 2018 02:29:48 +0000 (18:29 -0800)]
Always use the file header to set the encapsulation type for Peek classic.
The information given by the person who provided the change to do so for
V7 files seems to indicate that 1) V5 and V6 files have the same file
header and 2) the protoNum field shouldn't be used for this purpose.
It also provided information about the bits in the flags and status
field, so add that.
The first three of those bits appear to match the first three bits of
the flags field in Peek tagged files, so note that in the Peek tagged
reader, in case the other bits also match.
Change-Id: I492afd594676efc14b487b3030c861bf5feb2d23
Reviewed-on: https://code.wireshark.org/review/30647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gerald Combs [Wed, 14 Nov 2018 19:44:47 +0000 (11:44 -0800)]
Dumpcap: Make sure we set our pipe error status.
Make sure cap_pipe_read_data_bytes sets pcap_src->cap_pipe_err if it
encounters an error or EOF. This fixes a regression introduced in
ga51b3d1d16. Have it return -1 or the number of bytes read similar to
read(2). Explicitly treat its return value as a signed integer.
Change-Id: I3de92859eee45e8d4a24a8c8309a816ef1b7924a
Reviewed-on: https://code.wireshark.org/review/30639
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Peter Wu [Wed, 14 Nov 2018 18:05:49 +0000 (19:05 +0100)]
WSDG: update test section with pytest fixtures
Try to describe the motivation of pytest fixtures and update the
examples. Add a missing build dependency in CMake while at it.
Change-Id: I5384a86f2191835b834285b81343a7ee56f88e79
Reviewed-on: https://code.wireshark.org/review/30632
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Lorand Jakab [Wed, 14 Nov 2018 16:27:37 +0000 (17:27 +0100)]
LISP: Fix action bits decoding
Change-Id: I76f5e10fbc5ca0071d1444e31ce4c8fba639c3bc
Signed-off-by: Lorand Jakab <ljakab@ac.upc.edu>
Reviewed-on: https://code.wireshark.org/review/30630
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Mon, 12 Nov 2018 23:09:06 +0000 (15:09 -0800)]
macos-setup.sh: Update library and tool versions.
Update the following versions:
CMake: 3.7.2 to 3.12.4
Qt: 5.9.5 to 5.9.7 (Current LTS)
libxml2: 2.9.4 to 2.9.7 (2.9.4 has security issues)
c-ares: 1.12.0 to 1.15.0 (1.12.0 has security issues)
libssh: 0.7.4 to 0.8.5 (0.7.4 has security issues)
Change-Id: Ia97b436981705a4d99c0b0a2f238738e18394d45
Reviewed-on: https://code.wireshark.org/review/30589
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Anders Broman [Wed, 14 Nov 2018 15:02:19 +0000 (16:02 +0100)]
nas5gs: Update AMF in 5GS mobile identity.
Change-Id: I6e2f2c259b9aed3073b322b8a3301ce8acfd79c6
Reviewed-on: https://code.wireshark.org/review/30629
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bruno Verstuyft [Wed, 14 Nov 2018 14:14:03 +0000 (15:14 +0100)]
DOCSIS: both TLV 43 and 44 need VSIF encodings
Change-Id: Ide8fe96de05423fed135797988dd620b92e9cddc
Reviewed-on: https://code.wireshark.org/review/30628
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Wed, 14 Nov 2018 13:24:22 +0000 (14:24 +0100)]
nettrace_3gpp_32_423: Don't crash on error and improve error output.
Change-Id: I4ea7ccf51321d6ce316456bde24aa37880ea52ed
Reviewed-on: https://code.wireshark.org/review/30627
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Wed, 14 Nov 2018 11:48:06 +0000 (12:48 +0100)]
blip: fix memory safety issues and a build failure without zlib
Fix use-after-free of decompress_streams when reloading a capture file.
Cleanup the z_stream on capture file closure and simplify the hash key.
Fix build in case zlib is not available, remove unnecessary headers and
fix the indentation information (tabs instead of spaces).
Change-Id: I08268db1b9714cdddfc7f47b496f3e9da518139a
Fixes: v2.9.0rc0-2492-ga8c40412d8 ("Added support for the Couchbase BLIP protocol")
Reviewed-on: https://code.wireshark.org/review/30626
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jim Borden <jim.borden@couchbase.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Fri, 2 Nov 2018 19:58:32 +0000 (20:58 +0100)]
QUIC: Add RETIRE_CONNECTION_ID frame type (draft -15)
Change-Id: If181e89a70044db6d429e2066db6bd8869968ef3
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/30492
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Alexis La Goutte [Sun, 28 Oct 2018 16:07:56 +0000 (17:07 +0100)]
QUIC: Renumbering ACK and ACK_ECN frame (draft -15)
* create a draft14 (and older) frame type
* on ACK_ECN, ECN (ect0, ect1, ecn-ce) are after ACK block
Change-Id: I810e32865a00abebbc29611cae5972d51268f476
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/30491
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Derick Rethans [Tue, 13 Nov 2018 12:03:54 +0000 (12:03 +0000)]
Update MongoDB ObjectID dissector element
The MongoDB ObjectID spec traditionally included a "host hash" and "PID" field.
These have for a while been treated as random data for the server, and the
MongoDB drivers have recently addopted a specification that says the same:
https://github.com/mongodb/specifications/blob/master/source/objectid.rst#random-value
This patch reorganises the original Host Hash and PID fields under a new
"Machine ID" field, to be able to show both the current interpretation of the
field, as well as the historical one.
Change-Id: Ib25b5552935781bc512fcdadb870ed20838d8808
Reviewed-on: https://code.wireshark.org/review/30604
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dario Lombardo [Wed, 14 Nov 2018 08:40:30 +0000 (09:40 +0100)]
ui: add missing break.
Error:
../ui/alert_box.c: In function ‘cfile_write_failure_alert_box’:
../ui/alert_box.c:359:13: error: this statement may fall through [-Werror=implicit-fallthrough=]
simple_error_message_box(
^~~~~~~~~~~~~~~~~~~~~~~~~
"Frame %u%s has a network type that differs from the network type of earlier packets, which isn't supported in a \"%s\" file.",
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
framenum, in_file_string,
~~~~~~~~~~~~~~~~~~~~~~~~~
wtap_file_type_subtype_string(file_type_subtype));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../ui/alert_box.c:364:9: note: here
case WTAP_ERR_PACKET_TOO_LARGE:
^~~~
Change-Id: I55464afff5625ae8c587470e417234560c7e606c
Reviewed-on: https://code.wireshark.org/review/30623
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Guy Harris [Wed, 14 Nov 2018 07:01:34 +0000 (23:01 -0800)]
All Veriwave files and packets use WTAP_ENCAP_IXVERIWAVE.
We set the file encapsulation to WTAP_ENCAP_IXVERIWAVE when we open the
file; we don't need to update it when we read packets. and we don't need
to set the per-packet encapsulation because it's set to the file
encapsulation for us by wtap_read() and wtap_seek_read().
Change-Id: I2f123e3fb0d505334f3451685290bdbae77a598b
Reviewed-on: https://code.wireshark.org/review/30622
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 14 Nov 2018 05:29:07 +0000 (21:29 -0800)]
Fix whitespace.
Change-Id: I4e1ca2bcefbaf8bb04e26bed0c668c43b1a6f788
Reviewed-on: https://code.wireshark.org/review/30621
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Wed, 14 Nov 2018 05:27:38 +0000 (21:27 -0800)]
Fail more cleanly if the file has no records.
If we have no records, we can't determine the link-layer type.
Also:
Use more signed values, and do more sanity checks on the file header and
TLVs to make sure we don't run into the first packet.
When writing the file header, accumulate the header length/first packet
offset in a 32-bit variable, and stuff it into the
offset-to-first-packet fields (plural) once we're done.
Change-Id: I3aeb5258bc16ddd8cf0ec86ef379287d0c4b351a
Reviewed-on: https://code.wireshark.org/review/30620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Mikael Kanstrup [Sat, 10 Nov 2018 19:54:07 +0000 (20:54 +0100)]
ieee80211: Avoid decrypting packets two times
Encrypted packets were decrypted two times. One time to scan for
new keys. If no keys were found the decrypted data was simply
discarded. Then later on the packet was decrypted again for
dissection.
Avoid decrypting packets two times by storing the result from first
decryption if no key was found. Skip the second attempt.
Note though that in the special case where a key was actually found
inside an encrypted packet the decryption will still be performed
twice. First time decrypt, discover the key, and return the EAPOL
keydata. Second time decrypt and return the decrypted frame.
Change-Id: I1acd0060d4e1f351fb15070f8d7aa78c0035ce39
Reviewed-on: https://code.wireshark.org/review/30568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mikael Kanstrup [Fri, 9 Nov 2018 10:46:39 +0000 (11:46 +0100)]
ieee80211: Decrypt and dissect EAPOL keydata
Decrypt EAPOL keydata information and have it dissected with the
ieee80211 dissector.
This is achieved by letting the Dot11Decrypt engine retrieve the EAPOL
keydata decrypted while extracting the GTK during 4-way handshake.
The ieee80211 dissector then stores the decrypted data in packet proto
data so that the wlan_rsna_eapol subdissector can retrieve it for
dissection.
Change-Id: I2145f47396cf3261b40e623fddc9ed06b3d7e72b
Reviewed-on: https://code.wireshark.org/review/30530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Tue, 13 Nov 2018 22:52:14 +0000 (14:52 -0800)]
Dumpcap: Don't let individual pipes stop our capture.
If a capture source is a pipe and it reaches the end of its input, don't
stop capturing globally since we might have other active interfaces. We
do need to stop capturing if all of our interfaces are pipes and none of
them are open, so add a check to do so.
Change-Id: Id7f950349e72113c9b4bfeee4f0a9c8a97aefe8c
Reviewed-on: https://code.wireshark.org/review/30615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Tue, 13 Nov 2018 01:17:33 +0000 (02:17 +0100)]
test: convert some more tests to use fixtures
Continue the conversion from use of globals (the config module) to
fixtures. If a program (like wmem_test or tshark) is unavailable, it
will be skipped now rather than failing the test.
The general conversion pattern is:
- Decorate each class with `@fixtures.uses_fixtures` and (for tests that
run tshark) `@fixtures.mark_usefixtures('test_env')`.
- Convert all `config.cmd_*` to `cmd_*` and add an argument.
- Convert all `config.*_dir` to `dirs.*_dir` and add an argument.
- Convert users of `os.path.join(dirs.capture_file, ...)` to use a new
'capture_file' fixture to reduce boilerplate code. Inline variables if
possible (this conversion was done in an automated way using regexes).
Some other changes: tests that do not require a test environment (like
wmem_test) will use 'base_env' which avoids copying config files,
`env=config.test_env` got removed since this is the default. Some test
classes in suite_clopts were combined. Removed unused imports.
Change-Id: Id5480ffaee7d8d56cf2cb3189a38ae9afa7605a1
Reviewed-on: https://code.wireshark.org/review/30591
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Tue, 13 Nov 2018 18:40:55 +0000 (10:40 -0800)]
Dumpcap: Move packet dequeueing code to a common routine.
Dequeue and write packets in capture_loop_dequeue_packet. This ensures
that we properly handle pcapng packets both inside our capture loop and
after it's finished.
Change-Id: Iacc980c90481b1378761eac83d8044aaddabfdc2
Reviewed-on: https://code.wireshark.org/review/30609
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Sat, 10 Nov 2018 20:15:58 +0000 (21:15 +0100)]
extcap: save debug flag and use it to activate ssh debug.
Change-Id: Ida32834f8c0838f1d815f7e33116b6a6161acf34
Reviewed-on: https://code.wireshark.org/review/30572
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Fri, 9 Nov 2018 22:10:46 +0000 (23:10 +0100)]
ssh-base: define a struct for storing ssh parameters.
Update sshdump and ciscodump to use it.
Change-Id: I5fbb9e3a870ec8baa0f326ad34733743cbb981f3
Reviewed-on: https://code.wireshark.org/review/30571
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Fri, 9 Nov 2018 16:41:36 +0000 (17:41 +0100)]
ssh-base: support libssh config file.
It's operating system dependent, but the library takes care of it
on different operating systems.
Options are set with this precedence:
- if user-provided, use it
- if not, take the one from config file
- (username only) if none in the config file, take the current user from OS
Change-Id: I00dcc1c9a8613e6d1250b6404bf2100f6ccff7b7
Reviewed-on: https://code.wireshark.org/review/30558
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Wed, 14 Nov 2018 03:38:12 +0000 (19:38 -0800)]
Catch attempts to write multiple encapsulation types if unsupported.
If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.
If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.
Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.
Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.
Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Tue, 13 Nov 2018 23:05:33 +0000 (15:05 -0800)]
Give an error if an output file isn't specified.
Just silently not bothering to do any work isn't all that useful in that
case; giving the usage message indicates that you need both input and
output files.
Change-Id: I9512d3e45e1e9a9d4bccb28b49aeea8c12ad0100
Reviewed-on: https://code.wireshark.org/review/30614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Vasil Velichkov [Wed, 7 Nov 2018 19:33:41 +0000 (21:33 +0200)]
tshark: Print the packets' comments in the expert info
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ismaelrti [Tue, 13 Nov 2018 16:06:37 +0000 (17:06 +0100)]
RTPS: APP_ACK_CONF submessage dissection fixed.
Count field of APP_ACK_CONF submessage was dissected using a signed
integer rather than unsigned. That avoids the dissection to be concluded
due to a wrong type error.
Change-Id: Ie5f85ce5b3d745d74e1b50d96a77560fb854034b
Reviewed-on: https://code.wireshark.org/review/30605
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke [Tue, 13 Nov 2018 18:05:50 +0000 (19:05 +0100)]
extcap: Allow ASCII '0' in preference name
Update another regex to also allow '0' in the preference name.
Change-Id: I61e39a160d86195c989ab53623bc5887a10dcaad
Reviewed-on: https://code.wireshark.org/review/30606
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Martin Peylo [Mon, 12 Nov 2018 17:56:11 +0000 (19:56 +0200)]
PKIX1EXPLICIT: Fixing Attribute and AttributeTypeAndValue ASN.1 cnf
EXPERIMENTAL, this has not been widely validated yet. It is not clear whether
there is any deeper sense in how the prior ASN.1 cnf was done.
If this is used, it might also be beneficial to rename the double-overloaded
"type".
Removing pre-existing empty line at the end of packet-pkix1explicit-template.c
to comply with coding style requirements.
Change-Id: Iaddeb62f8abb8605b182091ea9c64b8f2172a884
Reviewed-on: https://code.wireshark.org/review/30599
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Peylo [Mon, 12 Nov 2018 18:12:12 +0000 (20:12 +0200)]
PKCS10/pkix1explict: adding PKCS#9 OIDs
Attribute types for use in PKCS #10 certificate requests as specified
in PKCS#9 / RFC 2985
A CSR including one of the PKCS#9 OIDs, SubjectAltNames within an
pkcs-9-at-extensionRequest, can be generated with the following OpenSSL command
line on most Linux systems:
openssl req -new -sha256 -nodes -keyout domain.key \
-subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" \
-reqexts SAN -config \
<(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) \
-out attr_with_san.csr
Change-Id: I5ae4bd782003c65286bbebf41b96d142e4e99a60
Reviewed-on: https://code.wireshark.org/review/30600
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke [Tue, 13 Nov 2018 11:40:45 +0000 (12:40 +0100)]
extcap: Allow ASCII '0' in preference name
Update the regex to also allow '0' in the preference name.
Change-Id: I881079b579b9193dd31dda2150d9a50c000c0dd3
Reviewed-on: https://code.wireshark.org/review/30602
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Tue, 13 Nov 2018 12:16:31 +0000 (13:16 +0100)]
RTCP: Fix RTCP Floor Control message Sub-type "Floor taken" is displayed
as "Unknown"
Bug: 15276
Change-Id: I313f9d98d0c305a1508f465ec99ae98a91d3d9e9
Reviewed-on: https://code.wireshark.org/review/30603
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Peylo [Mon, 12 Nov 2018 17:46:09 +0000 (19:46 +0200)]
PKCS10: Enabling own dissection function for Attributes
The one in pkix1explicit might be broken, while it might have unexpected
side-effects to mess with that. Anyway, RFC 2986 defines the Attribute
sequence for PKCS10 directly.
Change-Id: I854b5b5fb83322a1302d011c9cd6f2d5c9fc2b78
Reviewed-on: https://code.wireshark.org/review/30585
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Tue, 13 Nov 2018 07:26:48 +0000 (23:26 -0800)]
Fix function name in comment.
Change-Id: Ice41094e6cc91df7e1f8286f35d49e1a20a89cc7
Reviewed-on: https://code.wireshark.org/review/30598
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Tue, 13 Nov 2018 06:17:49 +0000 (22:17 -0800)]
Move the Linux ARPHRD_ types to epan/arptypes.h.
Change-Id: I6fa9593af64e8af1ade4f049ea949989adfd00c7
Reviewed-on: https://code.wireshark.org/review/30595
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Tue, 13 Nov 2018 03:38:12 +0000 (19:38 -0800)]
Fix dissection of 802.11+radiotap frames in Linux "cooked" captures.
Those frames *don't* have their link-layer headers stripped, even on
PF_PACKET/SOCK_DGRAM captures (hopefully, nobody will consider that a
bug and "fix" it).
The "hatype" field is the ARPHRD_ value for the adapter, as returned by
SIOCGIFHWADDR; in monitor mode, those frames will have an hatype of
ARPHRD_IEEE80211_RADIOTAP. Add an "sll.hatype" dissector table, which
we check before checking the "sll.ltype" dissector table, and have the
radiotap dissector register in that table.
We still use the special hack for an hatype of ARPHRD_NETLINK, because,
for *those* frames, the "protocol" field of the nominal SLL header is
the netlink family, not an Ethertype or anything else that the SLL
dissector would handle.
Change-Id: If503a7daa9133adf1b8c330ec28c4c824d4f551d
Reviewed-on: https://code.wireshark.org/review/30592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Mon, 12 Nov 2018 23:43:10 +0000 (15:43 -0800)]
Don't have _ng versions of the dumper open routines.
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Guy Harris [Mon, 12 Nov 2018 23:14:33 +0000 (15:14 -0800)]
Use the Wayback Machine for a page that currently isn't working.
It loads, but displays nothing (either in Safari 12, or a presumably
recent Chrome, on my Mac).
Change-Id: I4a5530007ddf3c14a5fd349998318d5868da5d5c
Reviewed-on: https://code.wireshark.org/review/30588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu [Sun, 11 Nov 2018 14:49:12 +0000 (15:49 +0100)]
wiretap: refactor common parameters for pcapng dump routines
Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).
Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).
No functional change intended.
Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Anders Broman [Mon, 12 Nov 2018 13:08:41 +0000 (14:08 +0100)]
Remove obsolete files.
Change-Id: Ibc2f20a895f7aaf4fc5988eb8814124a68dd886e
Reviewed-on: https://code.wireshark.org/review/30583
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
João Valverde [Sun, 11 Nov 2018 21:25:21 +0000 (21:25 +0000)]
IPv6: Fix payload root tree for IPv6 Routing Hdr
We need to pass the original proto_tree pointer to sub-dissectors,
not the p_ipv6_pinfo_select_root() return value. Rename the "_tree"
argument to follow the existing style and make the code more readable.
Bug: 15270
Change-Id: I0322f015abc0d6426d6f05c16c48e928c253c2eb
Reviewed-on: https://code.wireshark.org/review/30579
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Anders Broman [Mon, 12 Nov 2018 12:47:57 +0000 (13:47 +0100)]
gtpv2: Update RAT types.
Change-Id: Ifb134ce340d847af65bad4dd20d5c453af85d4e1
Reviewed-on: https://code.wireshark.org/review/30582
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dario Lombardo [Mon, 12 Nov 2018 09:44:32 +0000 (10:44 +0100)]
fix documentation and tests for cmake run directory.
Change-Id: If33a39c26714ebe699463d1c8c67469025767efb
Reviewed-on: https://code.wireshark.org/review/30581
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Stig Bjørlykke [Mon, 12 Nov 2018 07:34:47 +0000 (08:34 +0100)]
blip: Use correct guint64 printf modifier
Change-Id: I6e326cc5396467a0f65edbde1148414a10e22df2
Reviewed-on: https://code.wireshark.org/review/30580
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Jim Borden [Wed, 17 Oct 2018 01:39:35 +0000 (10:39 +0900)]
Added support for the Couchbase BLIP protocol
Documentation for the protocol is available at https://github.com/couchbaselabs/BLIP-Cpp/blob/master/docs/BLIP%20Protocol.md
Bug: 15212
Change-Id: I2fe947c3af10c53d68c740241466e2de6c4be551
Reviewed-on: https://code.wireshark.org/review/30229
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Martin Mathieson [Sat, 10 Nov 2018 21:53:16 +0000 (21:53 +0000)]
PDCP-NR: Show some config highlights in config root and Info column.
Also add convenience functions for getting/setting the PDCP-NR struct.
Change-Id: Id30d380ecb2910e5f32e08b791657696bb513910
Reviewed-on: https://code.wireshark.org/review/30569
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Dario Lombardo [Fri, 9 Nov 2018 16:09:37 +0000 (17:09 +0100)]
sshdump: fix generation of error message from remote side.
Change-Id: I15f5989f08b7e3851a7c4b949d63434fbc750020
Reviewed-on: https://code.wireshark.org/review/30557
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Gerald Combs [Sun, 11 Nov 2018 08:25:37 +0000 (08:25 +0000)]
[Automatic update for 2018-11-11]
Update manuf, services enterprise numbers, translations, and other items.
Change-Id: I49c9b5a86e33811c59c7e70d5f548d103f7bc35c
Reviewed-on: https://code.wireshark.org/review/30573
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dario Lombardo [Sat, 10 Nov 2018 13:25:36 +0000 (14:25 +0100)]
cmake: Add CMakeGraphVizOptions.cmake to improve the generated layout.
Adjust the CMake configuration to generate grapvhiz files with an
improved layout.
Documentation: https://cmake.org/cmake/help/latest/module/CMakeGraphVizOptions.html
To generate a dependency graph from the build directory (example):
cmake . --graphviz=wireshark.dot
fdp wireshark.dot -Tpdf -o wireshark.pdf
Change-Id: Icf238668004224b9d373d8080e549b9b583f676c
Reviewed-on: https://code.wireshark.org/review/30564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Peter Wu [Sat, 10 Nov 2018 22:03:16 +0000 (23:03 +0100)]
wiretap: fix truncated reads while reading compressed file formats
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Richard Sharpe [Sat, 10 Nov 2018 19:24:37 +0000 (11:24 -0800)]
ieee80211: Fix Vendor Specific Fixed Field dissection.
Prevent malformed packet exceptions.
Bug: 15273
Change-Id: I88c8fe4bf19d1c8ef478068dde8c220afdd33589
Reviewed-on: https://code.wireshark.org/review/30565
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dario Lombardo [Fri, 9 Nov 2018 15:44:50 +0000 (16:44 +0100)]
sshdump: fix some debug messages.
Change-Id: I92d157367efc36d4c1d1a53a201ed652d701894e
Reviewed-on: https://code.wireshark.org/review/30556
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Dario Lombardo [Fri, 9 Nov 2018 15:43:53 +0000 (16:43 +0100)]
ssh-base: fix wrong type for ssh port.
According to documentation:
http://api.libssh.org/master/group__libssh__session.html#ga82371e723260c7572ea061edecc2e9f1
Change-Id: I788f909efdb263d645bf402ad5a293a4b3e8d089
Reviewed-on: https://code.wireshark.org/review/30555
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Jeff Morriss [Fri, 9 Nov 2018 20:16:35 +0000 (15:16 -0500)]
MMSE: catch length overflows to avoid infinite loop.
After fetching a length from the packet ensure those bytes exist to
avoid integer overflows by callers (while avoiding having to ensure
every caller checks for overflows).
Also add a check to ensure the loop in question is progressing through
the TVB; report a dissector bug if it doesn't.
Bug: 15250
Change-Id: I9434bfe9d530942fd45342690383df2decacdba1
Reviewed-on: https://code.wireshark.org/review/30560
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 9 Nov 2018 17:04:05 +0000 (18:04 +0100)]
UI: Remove Win32 file dialog stuff specific to GTK
Remove "Export SSL Session Keys", "Import/Export Color Filters" and
"Export Raw Bytes" dialogs. These were only used by GTK+ as Qt has its
own implementation.
Change-Id: I0520a0f6e35d0f8a55c58e77f89c5229393c2b23
Reviewed-on: https://code.wireshark.org/review/30559
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris [Sat, 10 Nov 2018 03:03:07 +0000 (19:03 -0800)]
capture_loop_write_pcapng_cb() shouldn't be called if use_pcapng is false.
If it *is* called when global_capture_opts.use_pcapng is false, don't
just silently drop the packet on the floor, abort.
Change-Id: Idb8f8e4c4ba231cfe674a81da34bf46e00f8247c
Reviewed-on: https://code.wireshark.org/review/30562
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Gerald Combs [Fri, 9 Nov 2018 20:58:03 +0000 (13:58 -0700)]
Dumpcap: Move the "just wrote one packet" logic to one place.
Add capture_loop_wrote_one_packet, which increments the appropriate
counters and checks for autostop and ring buffer conditions. Call it
when we write a pcap or pcapng packet. This fixes `-b packets:NUM` for
pcapng output.
Change-Id: Ie2bdd725fbee59c1ae10b05be84ae9a3a6d80111
Reviewed-on: https://code.wireshark.org/review/30561
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Anders Broman [Fri, 9 Nov 2018 13:02:24 +0000 (14:02 +0100)]
Diameter-3gpp: Dissect the SMS inside AVP 3301 SM-RP-UI.
Change-Id: I0f293ea529dce5147eef5bfb9d8d4b39640fd0aa
Reviewed-on: https://code.wireshark.org/review/30554
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Fri, 9 Nov 2018 11:08:01 +0000 (12:08 +0100)]
CMake: fix parallel build by not copying ws.css repeatedly
A race condition exists with msbuild where building some targets
(generate_{developer,user}-guide.xml, {developer,user}_guide_pdf) will
result in parallel, repeated execution of the commands to copy 'ws.css'.
Synchronize those executions using a single target to avoid this.
Change-Id: Ie93d07e504bc18fa4e4e8aac5b611fba329ff188
Reviewed-on: https://code.wireshark.org/review/30553
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Uli Heilmeier [Thu, 8 Nov 2018 21:10:24 +0000 (22:10 +0100)]
ICMP: Add Extended Echo (Probe) RFC8335
Implementing ICMP extended echo (RFC8335) for IPv4.
Ping-Bug: 14457
Change-Id: Id7ae6fce88ef43f8b6a62b06285257416acd0a77
Reviewed-on: https://code.wireshark.org/review/30552
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mikael Kanstrup [Thu, 8 Nov 2018 15:12:09 +0000 (16:12 +0100)]
ieee80211: Dissect RSN GTK and IGTK IE
Change-Id: Ifda4defeb2db72d9f65dce89d6f97bfe09f7f5ad
Reviewed-on: https://code.wireshark.org/review/30547
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Wed, 31 Oct 2018 09:03:04 +0000 (10:03 +0100)]
Dumpcap+Qt: Add support for `-a packets:NUM` and `-b packets:NUM`.
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Vasil Velichkov [Tue, 6 Nov 2018 19:54:24 +0000 (21:54 +0200)]
isakmp: Free the UAT tables' records using a free callback
Change-Id: Ife44b225337e5c583c722ac62f711ed3ec9cf808
Reviewed-on: https://code.wireshark.org/review/30535
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Mikael Kanstrup [Thu, 8 Nov 2018 13:30:40 +0000 (14:30 +0100)]
dot11decrypt: Create RC4 decryption and key copy helper functions
In preparation for decrypting and dissecting EAPOL keydata in
ieee80211 dissector move the RC4 decryption and key copy into
separate helper functions.
Change-Id: I13f3e981038f48526032e263b6eb3c9e3496abbe
Reviewed-on: https://code.wireshark.org/review/30546
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Gerald Combs [Thu, 8 Nov 2018 17:07:52 +0000 (09:07 -0800)]
macos-setup.sh: Remove unused variables and code.
Remove unused variables found by shellcheck. Remove a dead check for
10.5 (which we no longer support) which enables 32-bit builds (which we
no longer support).
Change-Id: I8f987f31025c74d27e46c7f74f514857ec8cdd3b
Reviewed-on: https://code.wireshark.org/review/30549
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Mon, 15 Oct 2018 14:07:30 +0000 (16:07 +0200)]
test: make it possible to use pytest-style test fixtures
Currently all binaries must be available or no tests will be executed.
This is inconvenient if you just want to test a single binary (e.g.
text2pcap) without having to build epan. The problem is essentially that
tests lack dependency annotations.
To solve this problem, add the required dependencies as parameters to
each test (so-called 'fixtures' in pytest). Skip a test if a binary
(such as tshark) is unavailable. As a demonstration, suite_dissection.py
is converted. Over time, tests should no longer depend on config.py due
to explicit dependencies fixtures (listed in fixtures_ws.py).
Since the unittest module does not support such dependency injections,
create a small glue for use with pytest and an (incomplete) emulation
layer for use with test.py.
Tested with pytest 3.8.2 + Python 3.7.0 and pytest 3.0.3 + Python 3.4.3.
Python 2.7 is not supported and will fail. Test commands:
~/wireshark/test/test.py -p ~/build/run
WS_BIN_PATH=~/build/run pytest ~/wireshark/test -ra
Change-Id: I6dc8c28f5c8b7bbc8f4c04838e9bf085cd22eb0b
Ping-Bug: 14949
Reviewed-on: https://code.wireshark.org/review/30220
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prerit Jain [Thu, 8 Nov 2018 10:54:10 +0000 (16:24 +0530)]
GTP: fix NR user plane DL data delivery status
Change-Id: Ie947ebe5c0a43e4d621203fca13b8af783458cf5
Reviewed-on: https://code.wireshark.org/review/30541
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Pascal Quantin [Thu, 8 Nov 2018 22:04:54 +0000 (23:04 +0100)]
proto.c: increase the number of pre allocated fields
Change-Id: I5b2cb3ae6a9e6ab507f18e6eb5f89a37b2983129
Reviewed-on: https://code.wireshark.org/review/30551
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Pascal Quantin [Thu, 8 Nov 2018 21:07:01 +0000 (22:07 +0100)]
SMPP: prevent triggering an exception in the heuristic checks
Change-Id: Ic69b31914d2c5c1eaa1c30d34f946d66bbfdf6a3
Reviewed-on: https://code.wireshark.org/review/30550
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Alan Birtles [Thu, 8 Nov 2018 15:06:34 +0000 (15:06 +0000)]
SRT: clear the state after displaying it
Bug: 15264
Change-Id: If75e6af2de1cecc09cb1c4c559bc64b9cb4aad83
Reviewed-on: https://code.wireshark.org/review/30544
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Peter Wu [Thu, 8 Nov 2018 16:39:53 +0000 (17:39 +0100)]
macos-setup.sh: fix Python 3 installation for OS X 10.8 and older
Change-Id: I3c5b7fa272fbef770b06430edadb8abfc688e951
Fixes: v2.9.0rc0-2460-ge9f7bb5127 ("Require Python 3, drop Python 2 support")
Reviewed-on: https://code.wireshark.org/review/30548
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Michael Tüxen <tuexen@wireshark.org>
Peter Wu [Sat, 13 Oct 2018 16:08:43 +0000 (18:08 +0200)]
test: drop Python 2 compatibility, use more Python 3 features
Reduces maintenance costs and makes it possible to simplify code.
pytest supports Python 2.7 and Python 3.4 (or newer), so that is more or
less the minimum target for now.
Change-Id: I0347b6c334bf2fc6c9480ff56e9ccfcd48886dde
Reviewed-on: https://code.wireshark.org/review/30193
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dario Lombardo [Thu, 8 Nov 2018 08:09:19 +0000 (09:09 +0100)]
rpm: update all rpm files for using python3.
This includes:
- tools/rpm-setup.sh
- packaging/rpm/wireshark.spec.in
Fixes: v2.9.0rc0-2460-ge9f7bb5127 ("Require Python 3, drop Python 2 support")
Change-Id: I9fb92be936dec5fdb819a54e132e64521fa95bbb
Reviewed-on: https://code.wireshark.org/review/30543
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Anders Broman [Thu, 8 Nov 2018 09:37:53 +0000 (10:37 +0100)]
Diameter: Add AVPs for 3GPP S6c
Change-Id: I8ad0f2d0fa2919b459e65c2241b1e6fa14a9c44a
Reviewed-on: https://code.wireshark.org/review/30540
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pascal Quantin [Thu, 8 Nov 2018 08:53:02 +0000 (09:53 +0100)]
NAS EPS: update ciphering heuristic check for 15 EPS bearers contexts
Change-Id: I8c413420f231a65121cf13df7bd28fe066b606a6
Reviewed-on: https://code.wireshark.org/review/30539
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Andrii Vladyka [Thu, 8 Nov 2018 06:58:14 +0000 (08:58 +0200)]
docsis: Changed vendor-specific TLV to 44 to conform CM-SP-MULPIv3.1-115-180509
Change-Id: Idf48e55214cc59a00cecde14f577bfd4bfad9aa1
Reviewed-on: https://code.wireshark.org/review/30538
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu [Sat, 13 Oct 2018 13:56:02 +0000 (15:56 +0200)]
Require Python 3, drop Python 2 support
Python 3 is widely available. All major Linux distributions support it.
RHEL is covered via EPEL (which is already required for cmake3). Drop
support for Python 2 in order to reduce maintenance costs. The main
motivation is being able to simplify the tests.
CMake is updated to search for Python >= 3.4 and will fail if
unavailable (generating dissectors.c requires Python, so it is quite an
important piece to have).
The documentation is updated to reflect the Python 3.7 paths used by
Chocolatey. Tested the git-review installation instructions in Windows 7
x64 without a previous Chocolatey installation.
macOS brew now installs Python 3 (its dependencies are already installed
by python@2 for libxml2). The macOS (non-brew variant) is updated to use
the official 64-bit installer to install Python 3.
Change-Id: I80b1e36957f338e0dad1bfcc173b6418682cddba
Reviewed-on: https://code.wireshark.org/review/30192
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Pau Espin Pedrol [Wed, 7 Nov 2018 17:27:18 +0000 (18:27 +0100)]
gsm_abis_oml: Decode Primary OML IP Address as big endian
Related: Osmocom #3624
Change-Id: Ie0ca3ff0b0ce0aedeeae8a3e439e54e8f34ca94d
Reviewed-on: https://code.wireshark.org/review/30533
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>