metze/wireshark/wip.git
2 years agoGTK: Wrap static preference labels.
Gerald Combs [Mon, 6 Feb 2017 18:50:22 +0000 (10:50 -0800)]
GTK: Wrap static preference labels.

In the GTK+ prefrences dialog, enable wrapping and set a maximum width.
This should keep labels from making the dialog unusably wide.

Make a couple of enum preferences drop-downs instead of radio buttons.
Note that we might want to make the drop-down vs radio button behavior
automatic.

Change-Id: Ib72a2c8d5cfb99324be86f2218b6d57a395fa22c
Reviewed-on: https://code.wireshark.org/review/19980
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agossl-utils: add length validation for SNI extension
Peter Wu [Fri, 3 Feb 2017 17:44:36 +0000 (18:44 +0100)]
ssl-utils: add length validation for SNI extension

Add copy of the definition in a comment, remove check for empty
extension such that export info can be added if the extension is empty.
Remove check for empty HostName, this cannot happen (and is caught by
ssl_add_vector).

Change-Id: Ie63b97e89dc7254f159abb338b52f5f894a8564d
Reviewed-on: https://code.wireshark.org/review/19939
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: add length validation for Cookie extension
Peter Wu [Fri, 3 Feb 2017 16:19:32 +0000 (17:19 +0100)]
ssl-utils: add length validation for Cookie extension

Also adds the definition from TLS 1.3 draft 18 spec.

Change-Id: Ic7910874507e76dcbe7ae15aff99c91496a2b590
Reviewed-on: https://code.wireshark.org/review/19938
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: add length validation for renegotiation_info extension
Peter Wu [Fri, 3 Feb 2017 16:14:52 +0000 (17:14 +0100)]
ssl-utils: add length validation for renegotiation_info extension

Add description from spec, remove zero-length extension check since it
is not allowed by specification.

Change-Id: I4bf85b36d933db3658f7788768fd794b6199187e
Reviewed-on: https://code.wireshark.org/review/19937
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: add length validation to NPN extension
Peter Wu [Fri, 3 Feb 2017 16:06:40 +0000 (17:06 +0100)]
ssl-utils: add length validation to NPN extension

Add the definition from draft 4 as well (which describes the structure
in text). Remove the check for zero length name since this is normally
not the case (according to draft specification).

Change-Id: I72c3f04a5146d4c4fa291383258246d9ba2b14be
Reviewed-on: https://code.wireshark.org/review/19936
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: add validation for ALPN
Peter Wu [Fri, 3 Feb 2017 14:51:31 +0000 (15:51 +0100)]
ssl-utils: add validation for ALPN

Use ssl_add_vector to ensure that the lengths are checked for validity
and that expert info is added when invalid data is encountered.

Change-Id: I5d03dce988f695cdc305f1bfff9d19ae90c5f6e2
Reviewed-on: https://code.wireshark.org/review/19935
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years ago(D)TLS: simplify SignatureAndHashAlgorithm dissection
Peter Wu [Fri, 3 Feb 2017 14:15:10 +0000 (15:15 +0100)]
(D)TLS: simplify SignatureAndHashAlgorithm dissection

Merge the length parsing into the SignatureAndHashAlgorithm vector
parsing. Remove extra expert info which are replaced by the generic
ones.

Tested with a mutated pcap where the signature length field is off by
one (too large = expert error, too small = expert warning, as expected).

Change-Id: I43350352ae00eb42bbe5c2ee81289fb592b88f86
Reviewed-on: https://code.wireshark.org/review/19933
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: refactor "length" parameter into "offset_end" for extensions
Peter Wu [Fri, 3 Feb 2017 13:31:08 +0000 (14:31 +0100)]
ssl-utils: refactor "length" parameter into "offset_end" for extensions

Change all Hello extension dissector functions to accept the end of the
extension rather than the extension length. The changes are quite
mechanical: change "ext_len" to "ext_len = offset_end - offset".

Remove some "offset += ext_len" to ensure that additional unparsed data
is warned for.

The intent is that (extension) dissectors can easier check for overflow
(offset + 2 < offset_end). Later changes should remove "guint ext_len"
with appropriate changes (like replacing by ssl_add_vector).

Change-Id: Ic4846e6fd6164685c4704984136f701bec3afa58
Reviewed-on: https://code.wireshark.org/review/19932
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agossl-utils: add helper for validating Variable Length Vectors
Peter Wu [Fri, 3 Feb 2017 00:13:32 +0000 (01:13 +0100)]
ssl-utils: add helper for validating Variable Length Vectors

Currently variable length vectors are mostly unchecked with issues
ignored (see various "XXX - expert info"). In order to detect possible
attacks (and catch dissector issues), add helpers that extract the
vector length and that validate that a vector is correctly terminated.
Further dissection of a vector stops when not enough data is available.

The KeyShare extension and Extension itself are modified as a start,
more should follow. Future work should also ensure that the return value
represents the length after dissection (which should not exceed the
length). Also, the length field needs to be converted to an "offset_end"
value to ease overflow checking (length = offset_end - offset).

Change-Id: I6d757da2eb028f08a7b18661660313a6afd417e0
Reviewed-on: https://code.wireshark.org/review/19926
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoBluetooth: Update Assign Numbers
Michal Labedzki [Sun, 5 Feb 2017 10:14:56 +0000 (11:14 +0100)]
Bluetooth: Update Assign Numbers

Updated on 5th February 2017:
- UUIDs
- Company Ids

Change-Id: I9868891ee2bdcdaa687bd45c76429f2b476889cc
Reviewed-on: https://code.wireshark.org/review/19973
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agorawshark: fix err code.
Dario Lombardo [Sun, 5 Feb 2017 18:51:31 +0000 (19:51 +0100)]
rawshark: fix err code.

Change-Id: I5aec3ad14eb0f0d591691f2aa7eb8ce09341e020
Reviewed-on: https://code.wireshark.org/review/19963
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoBluetooth: ATT: Implement "Resolvable Private Address"
Michal Labedzki [Sun, 5 Feb 2017 11:16:02 +0000 (12:16 +0100)]
Bluetooth: ATT: Implement "Resolvable Private Address"

"Resolvable Private Address" comes in Core 5.
Also fix expert infos (usage) for all GAP characteristics are
described in Core 5.

Change-Id: I8386f5908b64cb758e2a973fb6f92fabcb30885a
Reviewed-on: https://code.wireshark.org/review/19974
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoBluetooth: SDP: Add HDP MDEP Data Type values for ISO/IEEE 11073-20601
Michal Labedzki [Sun, 5 Feb 2017 12:04:56 +0000 (13:04 +0100)]
Bluetooth: SDP: Add HDP MDEP Data Type values for ISO/IEEE 11073-20601

Values found at Bluetooth SIG: Assign Number:
https://www.bluetooth.com/specifications/assigned-numbers/health-device-profile

Change-Id: Ic99129e717f1de22162f5e398fa5b81ff3dcdc5a
Reviewed-on: https://code.wireshark.org/review/19975
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agollc: replace GHashTable and glib allocator with wmem.
Dario Lombardo [Sat, 4 Feb 2017 22:53:10 +0000 (23:53 +0100)]
llc: replace GHashTable and glib allocator with wmem.

Change-Id: Ia7736e0faff16dd73d56a91b5a96cc715e3ce75d
Reviewed-on: https://code.wireshark.org/review/19953
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agogeoip_db: remove leak.
Dario Lombardo [Sat, 4 Feb 2017 22:41:10 +0000 (23:41 +0100)]
geoip_db: remove leak.

Change-Id: I40911820fa09111c167a5c526027f10381038dbb
Reviewed-on: https://code.wireshark.org/review/19952
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agocheckfiltername: Add llc.bluetooth_pid to the whitelist
Michal Labedzki [Tue, 31 Jan 2017 18:27:51 +0000 (19:27 +0100)]
checkfiltername: Add llc.bluetooth_pid to the whitelist

"llc.bluetooth_pid" is now placed in bluetooth-file, it seems to be
fine, but there is a need to avoid terrible/horrible scream from
this script.

Change-Id: I0bf3f5b5f6459ab1f13a8c2c6ad12859af608e85
Reviewed-on: https://code.wireshark.org/review/19969
Petri-Dish: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoCouchbase: Add decoding for create_bucket config
Oliver Downard [Fri, 3 Feb 2017 12:42:32 +0000 (12:42 +0000)]
Couchbase: Add decoding for create_bucket config

Change-Id: I7d84e67723196d9b39f6007950ec8fb95fe9a50e
Reviewed-on: https://code.wireshark.org/review/19934
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoRSVD dissector: minor fixes
Volodymyr Khomenko [Sun, 5 Feb 2017 19:03:04 +0000 (21:03 +0200)]
RSVD dissector: minor fixes

DataIn field should be three-state enum (not boolean)
See https://msdn.microsoft.com/en-us/library/dn393496.aspx

Fixed HandleStateShared value of QUERY_SHARED_VIRTUAL_DISK_SUPPORT reply
See https://msdn.microsoft.com/en-us/library/dn409282.aspx

Added VHDSET disk format (used by RSVD v2).

Change-Id: I7a9528e680dd4fede7e982d98316af5ef40cff3b
Reviewed-on: https://code.wireshark.org/review/19964
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoGTK: Add 'in' operator in display filter expression dialog
Jaap Keuter [Thu, 2 Feb 2017 07:41:52 +0000 (08:41 +0100)]
GTK: Add 'in' operator in display filter expression dialog

Add the 'in' operator to the list of available operators, where 'eq'
operator would be present also. Setup the curly bracket expression in
the filter and allow for multiple enums to be selected.

Bug: 12808
Change-Id: I42b328bcb3328521d193d9cdae56577eb66f8e15
Reviewed-on: https://code.wireshark.org/review/19913
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years ago[Automatic update for 2017-02-05]
Gerald Combs [Sun, 5 Feb 2017 16:11:59 +0000 (08:11 -0800)]
[Automatic update for 2017-02-05]

Update manuf, services enterprise-numbers, translations, and other items.

Change-Id: Ic3553d0e987fc7c0eafbe42a517f46212d137edc
Reviewed-on: https://code.wireshark.org/review/19959
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2 years agoieee802.11: fix indent
Alexis La Goutte [Sun, 5 Feb 2017 14:17:54 +0000 (15:17 +0100)]
ieee802.11: fix indent

Change-Id: I8d521200b645b7a7b73c1da1d466bfd992c70c17
Reviewed-on: https://code.wireshark.org/review/19957
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoiee80211: fix typo on some tag define
Alexis La Goutte [Sun, 5 Feb 2017 14:10:58 +0000 (15:10 +0100)]
iee80211: fix typo on some tag define

Change-Id: Ib3c35d332ef4c4b1b6d66d5fb9de7f87bcf15461
Reviewed-on: https://code.wireshark.org/review/19956
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoPDML: protocol filter incorrectly filters desired subfields
Martin Kacer [Thu, 19 Jan 2017 14:37:54 +0000 (15:37 +0100)]
PDML: protocol filter incorrectly filters desired subfields

Bug: 12847
Change-Id: I8a560dc44dceb06123d8bcecd512d132ee4ebb0d
Reviewed-on: https://code.wireshark.org/review/19671
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoDNP3: Fix reassembly of out of order fragments
Graham Bloice [Sat, 4 Feb 2017 21:09:59 +0000 (21:09 +0000)]
DNP3: Fix reassembly of out of order fragments

Rework Application Layer fragment reassembly to handle
out of order fragments (seen over UDP).

Change-Id: Ifd2bffba30f0a419a5f82ea6b9d2d221f7d6d276
Reviewed-on: https://code.wireshark.org/review/19947
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
2 years ago[GSA RR] Dissect System Information Type 21
AndersBroman [Sun, 5 Feb 2017 08:23:44 +0000 (09:23 +0100)]
[GSA RR] Dissect System Information Type 21

Change-Id: I85535dfdb7b064ba81f44ed08c3b1e84e7204e9e
Reviewed-on: https://code.wireshark.org/review/19954
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agopint(.h): Add Modelines and fix indent (use spaces)
Michael Mann [Sat, 4 Feb 2017 04:06:48 +0000 (23:06 -0500)]
pint(.h): Add Modelines and fix indent (use spaces)

Change-Id: Icadbf65ad186c775b2a0ca8596d5bf4ba66e4c68
Reviewed-on: https://code.wireshark.org/review/19873
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoThere's an RFC for that.
Guy Harris [Sat, 4 Feb 2017 22:23:23 +0000 (14:23 -0800)]
There's an RFC for that.

Change-Id: If9a3ba7fbd93374b4c63be7ce37510be5c2848f0
Reviewed-on: https://code.wireshark.org/review/19948
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agoIPv6: Update SRH dissection to draft-*-05
João Valverde [Thu, 2 Feb 2017 11:23:24 +0000 (11:23 +0000)]
IPv6: Update SRH dissection to draft-*-05

Change-Id: Ia61e8ffb4499e2ea25e66e9e05a6d2881f15d6ae
Reviewed-on: https://code.wireshark.org/review/19914
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
2 years agotap: add cleanup routine.
Dario Lombardo [Tue, 24 Jan 2017 13:19:22 +0000 (14:19 +0100)]
tap: add cleanup routine.

Change-Id: I460b053880ed43a7377b7696531bbaeb0fd0d68b
Reviewed-on: https://code.wireshark.org/review/19764
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agotap-stats_tree: use wmem allocator.
Dario Lombardo [Fri, 3 Feb 2017 22:37:44 +0000 (23:37 +0100)]
tap-stats_tree: use wmem allocator.

Change-Id: I17e652bf9c6e8a17c57afa0bc7bb909636152d15
Reviewed-on: https://code.wireshark.org/review/19945
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoconversation_table: replace g_string with wmem allocated string.
Dario Lombardo [Fri, 3 Feb 2017 22:31:01 +0000 (23:31 +0100)]
conversation_table: replace g_string with wmem allocated string.

Change-Id: I54402822ee24214d13e052c0379514a39de16980
Reviewed-on: https://code.wireshark.org/review/19944
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agosrt_table: add cleanup function.
Dario Lombardo [Fri, 3 Feb 2017 22:49:27 +0000 (23:49 +0100)]
srt_table: add cleanup function.

Change-Id: I8d1e9d587f7d47a9064d7b2e0c89f31dc41854ea
Reviewed-on: https://code.wireshark.org/review/19946
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years ago.mailmap: Update (of december)
Alexis La Goutte [Sun, 11 Dec 2016 20:32:55 +0000 (21:32 +0100)]
.mailmap: Update (of december)

Change-Id: Id96ce391b9957ac37705c503bea35395ee3d358d
Reviewed-on: https://code.wireshark.org/review/19207
Reviewed-by: Paul Williamson <paul@mustbeart.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoAdd support for Couchbase LWW *_with_meta commands
olivermd [Thu, 2 Feb 2017 15:28:59 +0000 (15:28 +0000)]
Add support for Couchbase LWW *_with_meta commands

Decodes the options and meta length fields added with LWW for
{set,del}_with_meta request commands.

Decodes get_meta responses extra field.

Please see https://issues.couchbase.com/browse/MB-22003

Change-Id: Ie5205e8188a32d59145c4f9c499b16c7a7997274
Reviewed-on: https://code.wireshark.org/review/19928
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2 years agoMKA: Padding support for basic-param-set dissection added
samsaha [Wed, 1 Feb 2017 11:50:38 +0000 (17:20 +0530)]
MKA: Padding support for basic-param-set dissection added

* It must be multiple of 4 Octets otherwise NULL padding should be there

Change-Id: I7563b0407bd70d1f0b7aac8597ce3a757a08925e
Reviewed-on: https://code.wireshark.org/review/19893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoBTLE: check connection_info presence before trying to perform reassembly
Pascal Quantin [Fri, 3 Feb 2017 08:13:26 +0000 (09:13 +0100)]
BTLE: check connection_info presence before trying to perform reassembly

Bug: 13379
Change-Id: Idafa780f24bf9f181c0913cbe16a0cfa9bce382e
Reviewed-on: https://code.wireshark.org/review/19927
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoextcap: destroy hash tables on exit.
Dario Lombardo [Thu, 2 Feb 2017 16:10:51 +0000 (17:10 +0100)]
extcap: destroy hash tables on exit.

Change-Id: Ia6a1d8a45c36aff7f2bea8bde2ed5f308bddd2e1
Reviewed-on: https://code.wireshark.org/review/19919
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
2 years agosharkd: fix warning C4090: 'function' : different 'const' qualifiers
Pascal Quantin [Thu, 2 Feb 2017 21:59:21 +0000 (22:59 +0100)]
sharkd: fix warning C4090: 'function' : different 'const' qualifiers

According to https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
the lpCommandLine argument must not be const as is may cause an access violation.

Change-Id: Iedd77663cd21ca8df542595890fbc7023f2c9c2b
Reviewed-on: https://code.wireshark.org/review/19922
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agodfilter-macro: add cleanup routine.
Dario Lombardo [Thu, 2 Feb 2017 15:43:22 +0000 (16:43 +0100)]
dfilter-macro: add cleanup routine.

Change-Id: I3de59c0366e9bec058de144eb136abaca24b5911
Reviewed-on: https://code.wireshark.org/review/19918
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agostream: clean up reassembly table.
Dario Lombardo [Thu, 2 Feb 2017 13:41:46 +0000 (14:41 +0100)]
stream: clean up reassembly table.

Change-Id: I71bc19eed5de342cd794938e3eb21545249d4853
Reviewed-on: https://code.wireshark.org/review/19917
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoFix builds without libpcap.
Guy Harris [Fri, 3 Feb 2017 00:12:23 +0000 (16:12 -0800)]
Fix builds without libpcap.

capture_opts_cleanup() doesn't exist if we're building without libpcap,
so don't call it if we're building without libpcap.

Change-Id: I9ae33b0c13af2785b5adb380a5b03e89116f67df
Reviewed-on: https://code.wireshark.org/review/19925
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agoFix builds without libpcap.
Guy Harris [Fri, 3 Feb 2017 00:00:49 +0000 (16:00 -0800)]
Fix builds without libpcap.

capture_opts_cleanup() doesn't exist if we're building without libpcap,
so don't call it if we're building without libpcap.

Change-Id: I6c9defea15fac7df5533269c4945b965d9a67c25
Reviewed-on: https://code.wireshark.org/review/19924
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agocapture_opts: free memory on exit to avoid leak.
Dario Lombardo [Wed, 25 Jan 2017 09:16:35 +0000 (10:16 +0100)]
capture_opts: free memory on exit to avoid leak.

This required a restyle of the way the different apps exit.

Change-Id: Iedf728488954cc415b620ff0284d2e60f38f87d2
Reviewed-on: https://code.wireshark.org/review/19780
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agoNFSv4.2 mode_umask support
Andreas Gruenbacher [Thu, 2 Feb 2017 18:40:15 +0000 (19:40 +0100)]
NFSv4.2 mode_umask support

Add support for the NFSV4.2 mode_umask attribute which will be initially
supported by Linux v4.10.

Change-Id: Id98e20cd0ed93bf7ad9b2246e9e05299f3d7a9fc
Reviewed-on: https://code.wireshark.org/review/19921
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agodtls: Support Decode As for selecting appdata dissector
Peter Wu [Mon, 30 Jan 2017 18:33:09 +0000 (19:33 +0100)]
dtls: Support Decode As for selecting appdata dissector

Being able to override (set) the application data dissector without
hacks (RSA keys dialog) would be nice. Modelled after
v2.3.0rc0-481-gafa2605e43 ("Support Decode As for {SSL,TLS}-over-TCP.")

Change-Id: Ic4c5ca55e8f20ad599c41c1df58b24f3bced2281
Reviewed-on: https://code.wireshark.org/review/19869
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2 years agowsutil/sober128: remove unused macros and functions
Peter Wu [Wed, 1 Feb 2017 12:12:01 +0000 (13:12 +0100)]
wsutil/sober128: remove unused macros and functions

Removed unused macros/functions that are apparently imported from
LibTomCrypt, only LOAD32L and STORE32L are needed. Remove code that
tries to distinguish between little/big endian, since WORDS_BIGENDIAN
was never defined, this would never have worked on big endian anyway.

Remove the special ROR "optimization" for GCC on i386, modern compilers
are able to optimize it to exactly the same thing. The generic
LOAD32L/STORE32L macros are less optimized (as can be seen in the
generated code), but this was not noticable in the mean running time.

Tested with the packet capture from bug 3232, the result is the same:

    tshark -ocorosync_totemnet.private_keys:example.com -r corosync-totemsrp--key:example.com--2nodes.pcap -Vx

Bug: 13368
Change-Id: I59bf27d7dd990bbcd5ad34a1797f4a6c8a04512d
Reviewed-on: https://code.wireshark.org/review/19894
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2 years agoxml: use wmem allocators and replace GHashTable with wmem_map_t.
Dario Lombardo [Fri, 13 Jan 2017 10:32:20 +0000 (11:32 +0100)]
xml: use wmem allocators and replace GHashTable with wmem_map_t.

Change-Id: I9dbddc6fd4a5eaa458843343b3e9b8e1832bde8f
Reviewed-on: https://code.wireshark.org/review/19630
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2 years agosharkd: make it compile without libGeoIP.
Dario Lombardo [Tue, 31 Jan 2017 16:30:02 +0000 (17:30 +0100)]
sharkd: make it compile without libGeoIP.

Change-Id: Ief867ce8552136298bd6bd6879ec482cc5b38b6f
Reviewed-on: https://code.wireshark.org/review/19887
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
2 years agoimf: convert GHashTable to wmem_map
Dario Lombardo [Wed, 1 Feb 2017 13:40:56 +0000 (14:40 +0100)]
imf: convert GHashTable to wmem_map

Change-Id: Ia5bd6af88db76bbe4e0a267c30b6f7749b23e299
Reviewed-on: https://code.wireshark.org/review/19903
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agoRawshark: Add a memory limit (-m) option.
Gianluca Borello [Mon, 23 Jan 2017 16:57:32 +0000 (08:57 -0800)]
Rawshark: Add a memory limit (-m) option.

Add an option to rawshark that lets the user set a maximum memory limit.

Change-Id: Ie102ee5f6ba5aec90a35bd63297184c7dc37662c
Reviewed-on: https://code.wireshark.org/review/19911
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2 years agoncp: convert GHashTable to wmem_map_t.
Dario Lombardo [Wed, 1 Feb 2017 13:22:43 +0000 (14:22 +0100)]
ncp: convert GHashTable to wmem_map_t.

Change-Id: I0de1c332a6052c20f6afbe1e51dfb14e18485891
Reviewed-on: https://code.wireshark.org/review/19899
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agoGHashtable -> wmem_map conversions
Michael Mann [Thu, 2 Feb 2017 04:13:42 +0000 (23:13 -0500)]
GHashtable -> wmem_map conversions

Many of the register_init_routine/register_cleanup_routine functions
are for initializing and cleaning up a GHashtable.
wmem_map_new_autoreset can do that automatically, so convert many
of the simple cases.

Change-Id: I93e1f435845fd5a5e5286487e9f0092fae052f3e
Reviewed-on: https://code.wireshark.org/review/19912
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoiso15765: convert GHashTable to wmem_map.
Dario Lombardo [Wed, 1 Feb 2017 13:29:30 +0000 (14:29 +0100)]
iso15765: convert GHashTable to wmem_map.

Change-Id: I25fd598f3c2bd75548213140e93198b611f30d4b
Reviewed-on: https://code.wireshark.org/review/19900
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agotools: add a Gtk/GNOME suppression file.
Dario Lombardo [Wed, 1 Feb 2017 20:59:14 +0000 (21:59 +0100)]
tools: add a Gtk/GNOME suppression file.

As described here https://wiki.gnome.org/Valgrind valgrind can be
tuned for Gtk/GNOME (glib) software by this official (or so) suppression
file. Add it to the standard valgrind script to reduce the output
for those functions out of Wireshark scope.

Change-Id: I5dbc91ce82a890c9c02b624289ced96909be5f84
Reviewed-on: https://code.wireshark.org/review/19910
Reviewed-by: Dario Lombardo <lomato@gmail.com>
2 years agoQt: Add extcap placeholder parameter
Stig Bjørlykke [Mon, 7 Dec 2015 12:30:26 +0000 (13:30 +0100)]
Qt: Add extcap placeholder parameter

Added a parameter to set placeholder text in textBox.

Change-Id: Iccf92fe60abc78be8f0fa112c0c9eb78890674b5
Reviewed-on: https://code.wireshark.org/review/12463
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
2 years agoMake some more protocols into pinos.
Michael Mann [Sun, 1 Jan 2017 14:40:58 +0000 (09:40 -0500)]
Make some more protocols into pinos.

Change-Id: I87d842e3efe9f82eaaab81347dfb79d6c0932792
Reviewed-on: https://code.wireshark.org/review/19491
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoUse INVALID_SOCKET for an invalid socket handle.
Guy Harris [Wed, 1 Feb 2017 19:04:54 +0000 (11:04 -0800)]
Use INVALID_SOCKET for an invalid socket handle.

-1 is fine on UN*X, but, on Windows, it's INVALID_SOCKET.  We define
INVALID_SOCKET as (-1) on UN*X, so it can be used on both platforms.

Change-Id: Ib2269ddf98c352a1d3c85e44006cc49d80750a78
Reviewed-on: https://code.wireshark.org/review/19909
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agoFix some more UN*X-vs-Windows issues.
Guy Harris [Wed, 1 Feb 2017 18:17:48 +0000 (10:17 -0800)]
Fix some more UN*X-vs-Windows issues.

Change-Id: Ie9ad31289f0572a7e7249fcb3305849673536f05
Reviewed-on: https://code.wireshark.org/review/19908
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agoframe: use wmem instead of glib allocator.
Dario Lombardo [Wed, 1 Feb 2017 14:11:15 +0000 (15:11 +0100)]
frame: use wmem instead of glib allocator.

Change-Id: Ibed5c2418d1dd400fe586d40681fb5ba90efbd9f
Reviewed-on: https://code.wireshark.org/review/19906
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoh460: use wmem for strdup.
Dario Lombardo [Wed, 1 Feb 2017 14:34:15 +0000 (15:34 +0100)]
h460: use wmem for strdup.

Change-Id: Iac6027e4b1449a77bc6b0a3d089634a296b8e802
Reviewed-on: https://code.wireshark.org/review/19904
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoh248: convert GTree to wmem_tree.
Dario Lombardo [Wed, 1 Feb 2017 14:25:16 +0000 (15:25 +0100)]
h248: convert GTree to wmem_tree.

Change-Id: Ia8d1a7ca4ce7e8754ab97ffe5f6e11181f08b264
Reviewed-on: https://code.wireshark.org/review/19905
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoipmi: use wmem instead of glib allocator.
Dario Lombardo [Wed, 1 Feb 2017 13:37:30 +0000 (14:37 +0100)]
ipmi: use wmem instead of glib allocator.

Change-Id: I739e0cd9ebe35049b6633a9cfa0f793d66823f9a
Reviewed-on: https://code.wireshark.org/review/19901
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agohdcp2: convert GHashTable to wmem_map.
Dario Lombardo [Wed, 1 Feb 2017 13:39:10 +0000 (14:39 +0100)]
hdcp2: convert GHashTable to wmem_map.

Change-Id: If68a73c05bfc301e1cfdba75c090305a5b454979
Reviewed-on: https://code.wireshark.org/review/19902
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoproto: free memory on cleanup.
Dario Lombardo [Wed, 1 Feb 2017 12:40:11 +0000 (13:40 +0100)]
proto: free memory on cleanup.

Change-Id: Ia6cb39cbf6d5b50d39746f38758433a7541219a2
Reviewed-on: https://code.wireshark.org/review/19896
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoieee802a: add shutdown routine.
Dario Lombardo [Wed, 1 Feb 2017 12:53:19 +0000 (13:53 +0100)]
ieee802a: add shutdown routine.

Change-Id: I21d0ab5619cde9a43b96eaff351fa338e317f4f9
Reviewed-on: https://code.wireshark.org/review/19897
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agondps: convert GHashtable to wmem_map.
Dario Lombardo [Wed, 1 Feb 2017 12:57:35 +0000 (13:57 +0100)]
ndps: convert GHashtable to wmem_map.

Change-Id: Id1f46ed533980e67bf18aa13fcc828bf1f5e7f6e
Reviewed-on: https://code.wireshark.org/review/19898
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agodtls: avoid possible NULL deref
Peter Wu [Wed, 1 Feb 2017 10:49:30 +0000 (11:49 +0100)]
dtls: avoid possible NULL deref

"decoder->flow" could result in a NULL pointer dereference if a null
cipher was in use (caught by Clang static analyzer).

Answering the questions:
- DTLS records fragments do not need to be reassembled, thus there is no
  flow. The Handshake messages have their own fragment_offset field and
  thus there is no need to maintain an extra flow.
- Actually one datagram can contain multiple records (RFC 6347, 4.1.1),
  but this is not implemented yet. The key can however not be "0"
  though, it must match the offsets from ssl_get_record_info.

Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Change-Id: Iac367a68a2936559cd5d557f877c5598114cadca
Reviewed-on: https://code.wireshark.org/review/19892
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoGSM A / NAS-EPS: detect missing mandatory information elements
Pascal Quantin [Fri, 27 Jan 2017 17:20:40 +0000 (18:20 +0100)]
GSM A / NAS-EPS: detect missing mandatory information elements

Current code is not able to detect missing mandatory information elements
because the macro will return once the end of the payload is reached.
Remove this check from all mandatory IE macros, and put it at the beginning
of optional IE ones. It should allow to detect any missing mandatory IE
while still stopping message dissection in case optional IEs are not
present.

Change-Id: Ie820740e25c1d03ee3462fa4a913c3a7870fcc2d
Reviewed-on: https://code.wireshark.org/review/19816
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoBluetooth 5.0, HCI command/event PHY update dissection
Allan Møller Madsen [Sun, 29 Jan 2017 21:40:42 +0000 (22:40 +0100)]
Bluetooth 5.0, HCI command/event PHY update dissection

Dissection of all new HCI command/events related with
Bluetooh 5.0 feature 'PHY update - LE 2M and LE Coded'

Change-Id: I212cb368d3295ba36eb0ca34329df566cae1611b
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19849
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
2 years agopacket-btle.c: If frame information is missing, provide a default.
Michael Mann [Wed, 1 Feb 2017 04:48:27 +0000 (23:48 -0500)]
packet-btle.c: If frame information is missing, provide a default.

"default" frame information sets no retransmission or more fragments.

Bug: 13015
Change-Id: I1c8a29fe06d0b38abc789c8e454dc484490186f9
Reviewed-on: https://code.wireshark.org/review/19891
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoExpand a comment to give more details.
Guy Harris [Wed, 1 Feb 2017 04:41:38 +0000 (20:41 -0800)]
Expand a comment to give more details.

(Dear Microsoft: why did you choose not to support line buffering in
the MSVC "standard I/O library" routines?)

Change-Id: I5add94d2c83e73e9845fea0f355a1923fddf2deb
Reviewed-on: https://code.wireshark.org/review/19890
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agosharkd: windows support
Jakub Zawadzki [Sat, 28 Jan 2017 21:40:17 +0000 (22:40 +0100)]
sharkd: windows support

Change-Id: I6581bacdea49416cc26431f66b093f36b39c5a67
Reviewed-on: https://code.wireshark.org/review/19829
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2 years agossl-utils: fix format specifies type 'void *' but the argument has type 'SslFlow...
Alexis La Goutte [Tue, 31 Jan 2017 19:38:58 +0000 (20:38 +0100)]
ssl-utils: fix format specifies type 'void *' but the argument has type 'SslFlow *' (aka 'struct _SslFlow *') [-Wformat-pedantic]

Change-Id: Iec574db8c28d2e02136e6c4119e5688b21112299
Reviewed-on: https://code.wireshark.org/review/19889
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoOpenflow (v5): fix redundant redeclaration of ‘dissect_openflow_message_v5’ [-Wredund...
Alexis La Goutte [Sun, 22 Jan 2017 14:17:57 +0000 (15:17 +0100)]
Openflow (v5): fix redundant redeclaration of ‘dissect_openflow_message_v5’ [-Wredundant-decls]

Change-Id: I6340f0b903af1371e69172b05650c49fc18b8890
Reviewed-on: https://code.wireshark.org/review/19888
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoDon't provide GTK setup by default.
Joerg Mayer [Mon, 30 Jan 2017 21:13:58 +0000 (22:13 +0100)]
Don't provide GTK setup by default.

Update comments to reflect the behaviour as well.

Update comment inside the

Change-Id: Id3629b217a2adc096fd6b0cb0221270e92ebd5da
Reviewed-on: https://code.wireshark.org/review/19875
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2 years agoAdd Decode As capabilities to MoldUDP dissector
Justin Helgesen [Sun, 29 Jan 2017 21:06:49 +0000 (15:06 -0600)]
Add Decode As capabilities to MoldUDP dissector

Per the Nasdaq TotalView-ITCH v2/3 protocol specifications the
NASDAQ-ITCH dissector needs be able to dissect a MoldUDP payload.

Change-Id: Id5194930025a9abdfb1663234233fd51e525a34b
Reviewed-on: https://code.wireshark.org/review/19847
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoAlso show BGP Shutdown communication on admin reset
Arjen Zonneveld [Tue, 31 Jan 2017 13:35:29 +0000 (14:35 +0100)]
Also show BGP Shutdown communication on admin reset

Shutdown communication is now also allowed on Admin Reset NOTIFICATION messages:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-idr-shutdown-04.txt

Change-Id: I6450d3d5de5aef4bd709ba2b211ca717784b00a7
Reviewed-on: https://code.wireshark.org/review/19886
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2 years agoPAPI: Add dissection of Licence Manager
Alexis La Goutte [Thu, 26 May 2016 11:02:07 +0000 (13:02 +0200)]
PAPI: Add dissection of Licence Manager

Change-Id: I1b7dd1835fe60852b8c90f0ce5e240813cad89d1
Reviewed-on: https://code.wireshark.org/review/15574
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoAdd wmem allocator parameter to format_uri
Michael Mann [Tue, 31 Jan 2017 13:29:53 +0000 (08:29 -0500)]
Add wmem allocator parameter to format_uri

Change-Id: Ic6de84a37b501e9c62a7d37071b2b081a1a1dd50
Reviewed-on: https://code.wireshark.org/review/19885
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoformat_text_wmem -> format_text
Michael Mann [Tue, 31 Jan 2017 12:51:19 +0000 (07:51 -0500)]
format_text_wmem -> format_text

All cases of the "original" format_text have been handled to add the
proper wmem allocator scope.  Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.

Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoEnable some more tests.
Gerald Combs [Mon, 30 Jan 2017 20:51:19 +0000 (12:51 -0800)]
Enable some more tests.

The "Microsecond pcap-ng via stdin" and "Nanosecond pcap-ng via stdin"
tests work here on macOS and Windows (likely due to g8a141fe), so
enable them.

Change-Id: I148d02f0cc23162d782457e1d8f0e7c2c0dc6932
Reviewed-on: https://code.wireshark.org/review/19877
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2 years agoTLS13: partial update of CertificateRequest for draft -18
Peter Wu [Mon, 30 Jan 2017 17:10:00 +0000 (18:10 +0100)]
TLS13: partial update of CertificateRequest for draft -18

Document structure, did not put much effort in there as the format is
subject to change (untested, no pcap available).

Change-Id: I2da8c4e005d65314158d038bc0af7411773d8fba
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19865
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoTLS13: add Encrypted Extensions
Peter Wu [Mon, 30 Jan 2017 04:28:21 +0000 (05:28 +0100)]
TLS13: add Encrypted Extensions

See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.3.1

Change-Id: I35e049d991be4c242ef2b84db3a322c6a13d2f96
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19860
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoTLS13: handle content type from decrypted record
Peter Wu [Mon, 30 Jan 2017 04:25:11 +0000 (05:25 +0100)]
TLS13: handle content type from decrypted record

Extract the content type and handle padding per
https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5.2

When TLS 1.3 is detected, rename the "Content Type" field to "Opaque
[Content] Type" and add a new generated field for the content type that
was extracted from the decrypted contents.

Change-Id: I149a5d7e2493dded6e2c0190e170fa350f76466e
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19859
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoTLS13: update Certificate for draft -18
Peter Wu [Mon, 30 Jan 2017 16:51:46 +0000 (17:51 +0100)]
TLS13: update Certificate for draft -18

Note that RPK (RFC 7250) is not well-defined and is left untouched.
https://github.com/tlswg/tls13-spec/issues/722

Certificate extensions dissections remains a task for later.

Change-Id: I62276e59db94429e4c09058aca3c08f390ec3af7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19864
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoTLS13: fix CertificateVerify dissection for -18
Peter Wu [Mon, 30 Jan 2017 17:16:06 +0000 (18:16 +0100)]
TLS13: fix CertificateVerify dissection for -18

digitally-signed is gone in TLS 1.3. ClientKeyExchange/ServerKeyExchange
are gone, so effectively modifying this function is good enough to cover
CertificateVerify dissection (ssl_dissect_hnd_cli_cert_verify).

See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#page-58

Change-Id: I07f621bc088d810a3f35343bec7a0a3303b1426b
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19866
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoSupport for NSH with Ethernet encapsulation
Jaime Caamaño Ruiz [Mon, 30 Jan 2017 18:13:20 +0000 (19:13 +0100)]
Support for NSH with Ethernet encapsulation

Change-Id: I88bc4924add4d89c1386cb1be9d27233cef861f1
Reviewed-on: https://code.wireshark.org/review/19867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoWSDG: Update some of the NSIS text.
Gerald Combs [Tue, 31 Jan 2017 00:30:45 +0000 (16:30 -0800)]
WSDG: Update some of the NSIS text.

Recommend v3 instead of v2.

Change-Id: I13260611dd6b12372aba8938a87574cd9a8e1a47
Reviewed-on: https://code.wireshark.org/review/19880
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agotest: add (D)TLS test for AEAD ciphers
Peter Wu [Sun, 29 Jan 2017 22:19:48 +0000 (23:19 +0100)]
test: add (D)TLS test for AEAD ciphers

TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).

The decryption suite passes these tests on:

* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
  so tests that depend on RSA keys fail here (but the new tests pass).

Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoBGP: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang
Alexis La Goutte [Fri, 27 Jan 2017 06:55:55 +0000 (07:55 +0100)]
BGP: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang

Change-Id: I0569326140c88a6dd2d7e2b8819c9f5323a98670
Reviewed-on: https://code.wireshark.org/review/19810
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoformat_text -> format_text_wmem for wlan dialogs
Michael Mann [Tue, 31 Jan 2017 03:38:20 +0000 (22:38 -0500)]
format_text -> format_text_wmem for wlan dialogs

format_text_wmem uses NULL scope in GUI dialogs

Change-Id: Ifaa342e034de9f99b59169cdf0c7ddc52ff67597
Reviewed-on: https://code.wireshark.org/review/19882
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoHave tvb_format_text use wmem_packet_scope() memory.
Michael Mann [Tue, 31 Jan 2017 04:18:51 +0000 (23:18 -0500)]
Have tvb_format_text use wmem_packet_scope() memory.

It's only use is in dissectors or other tree creation APIs (where
packet scope is valid), so have it use format_text_wmem with
wmem_packet_scope().

Change-Id: I1f34e284a870c9844c6b27f4ae08a1e7efe54098
Reviewed-on: https://code.wireshark.org/review/19883
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoTLS: add bare essentials for TLS 1.3 decryption support
Peter Wu [Mon, 30 Jan 2017 13:29:12 +0000 (14:29 +0100)]
TLS: add bare essentials for TLS 1.3 decryption support

The bare essentials are now in place to perform decryption
(HKDF-Expand-Label, calculation of traffic secrets, AEAD integration).
Can successfully decrypt the initial handshake message. Only AES ciphers
are supported, ChaCha20-Poly1305 still needs to be added.

Note: "decryption" indeed works, but dissection needs to be updated. The
padding must be stripped and the content type extracted.

Ping-Bug: 12779
Change-Id: I3869c9ae5131e57519be99c5f439c4fa68841bae
Reviewed-on: https://code.wireshark.org/review/19858
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agossl-utils: add AEAD authentication check
Peter Wu [Mon, 30 Jan 2017 01:00:18 +0000 (02:00 +0100)]
ssl-utils: add AEAD authentication check

Unauthenticated data should not be displayed as valid. Validate the
authentication tag, similar like how MAC checks are done for block
ciphers. This requires Libgcrypt 1.6 or newer.

Tested against the (D)TLS AEAD tests on Libgcrypt 1.4.5 (CentOS 6),
1.6.5 (Ubuntu 14.04), 1.7.6 (Arch Linux). Compile-tested w/o Libgcrypt.

Change-Id: Iee15f4ccc5bbe01a50677167fa9c50c1ffe382d3
Reviewed-on: https://code.wireshark.org/review/19853
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agossl-utils: refactor AEAD decryption handling
Peter Wu [Tue, 20 Sep 2016 19:26:43 +0000 (21:26 +0200)]
ssl-utils: refactor AEAD decryption handling

The current ssl_decrypt_record is hard to understand due to mixing CBC
concepts (MAC, padding) with AEAD. Extract the AEAD functionality and
use better variable naming.

The "Plaintext" debug print now includes just the plaintext (the auth
tag is stripped). A write_iv.data_len check is added just to be sure and
more prep work is done for auth tag validation and TLS 1.3 support.

Tested against the (D)TLS AEAD tests on Libgcrypt 1.4.5 (CentOS 6),
1.6.5 (Ubuntu 14.04), 1.7.6 (Arch Linux). Compile-tested w/o Libgcrypt.

Change-Id: I94dd2fd70e1281d85c954abfe523f7483d9ac68b
Reviewed-on: https://code.wireshark.org/review/19852
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
2 years agoHave hfinfo_format_text use format_text_wmem.
Michael Mann [Mon, 30 Jan 2017 03:19:57 +0000 (22:19 -0500)]
Have hfinfo_format_text use format_text_wmem.

Use NULL scope to be safe.

Change-Id: I1967737cf6a1c90cc2e0476d3f2ace63aa0c9153
Reviewed-on: https://code.wireshark.org/review/19857
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoHave tvb_format_stringzpad use wmem_packet_scope() memory.
Michael Mann [Mon, 30 Jan 2017 03:00:39 +0000 (22:00 -0500)]
Have tvb_format_stringzpad use wmem_packet_scope() memory.

It's only use is in dissectors, so have it use
format_text_wmem with wmem_packet_scope().

Change-Id: I22121324fd47aee32174b65104458ad2ef329bd7
Reviewed-on: https://code.wireshark.org/review/19856
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoAdd format_text_wmem.
Michael Mann [Mon, 30 Jan 2017 02:53:49 +0000 (21:53 -0500)]
Add format_text_wmem.

This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()).  This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.

Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agoISAKMP: Add Forticlient (connect License and EndPoint Control) from Fortinet Vendor ID
Alexis La Goutte [Mon, 30 Jan 2017 20:33:44 +0000 (21:33 +0100)]
ISAKMP: Add Forticlient (connect License and EndPoint Control) from Fortinet Vendor ID

Change-Id: Idf40de8bfa76cbe4437a157fc90bd994d4b2233e
Reviewed-on: https://code.wireshark.org/review/19872
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2 years agocoap: add support for coaps (DTLS-secured CoAP)
Peter Wu [Mon, 30 Jan 2017 18:41:29 +0000 (19:41 +0100)]
coap: add support for coaps (DTLS-secured CoAP)

coaps port is defined in RFC 7252, section 12.7.

CoAP (RFC 7252) is defined only for UDP, not TCP. For TCP, the frame
format is slightly different (draft-ietf-core-coap-tcp-tls-05) and
needs more dissector changes, so remove registration for now.

Change-Id: I1fc7163086f8fe66986565aa24b579ef24f72550
Ping-Bug: 13370
Reviewed-on: https://code.wireshark.org/review/19870
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>