Commit Graph

86808 Commits

Author SHA1 Message Date
Gtker ee5053cd7b woww: Remove SMSG_COMPRESSED_UPDATE_OBJECT
This object is compressed and will have to be handled in a different
way.
2023-02-10 19:45:14 +00:00
Gtker 48444ed9ae woww: Add underscores for mount_result enumerators 2023-02-10 19:45:14 +00:00
Gtker 8d9eba98a1 woww: Replace mount_result with dismount_result for SMSG_DISMOUNTRESULT 2023-02-10 19:45:14 +00:00
Gtker f2dccbcf0b woww: Convert `mailbox_guid` hfs to `mailbox` 2023-02-10 19:45:14 +00:00
Gtker 4a46e64495 woww: Append '_in_milliseconds' to 'hf_woww_countdown_time' 2023-02-10 19:45:14 +00:00
Gtker 452ebdc420 woww: Replace many occurrences of hf_woww_item_id with *_item 2023-02-10 19:45:14 +00:00
Gtker a40f74a0b1 woww: Rename fields in SMSG_LOOT_ROLL 2023-02-10 19:45:14 +00:00
Jan Romann dbccb014ef CoAP: properly dissect OCF version options 2023-02-10 16:23:18 +00:00
Gian Lorenzo Meocci 882072d702 Add support for URSS field (8.2.77 PFCP Association Release Request) 2023-02-10 16:46:06 +01:00
David Fort 31624dff65 rdp: various improvements and fixes
Both dynamic and egfx channel had problems during the second pass.
For the dynamic the problem is that the reassembled packet usually contains multiple PDUs,
so the first pass works correctly, but given that there's multiple PDUs we can't attach
a single data to pinfo for the second pass. To fix that we compute a hash for the PDU and attach
the correct contextual info associated with this hash, that info will be used during the
second pass.

The patch fixes the same kind of bug in the egfx channel and zgfx uncompressed bits (the zgfx
compression is stateful so we need to save the uncompress buffer for the second pass).

In the dynamic channel, in capabilities packets some fields are present only after version 1
of the protocol.

Added some new EGFX version capabilities (also is listed the bogus 10.6 version that was
exposed in the previous specs).

The display of versions in EGFX capability message has been reworked to correctly show
a tree.
2023-02-10 14:02:07 +00:00
David Fort 5b90346b6d rdp: allocate channel name in the file allocator 2023-02-10 14:02:07 +00:00
David Fort 407ebfbf94 rdp: fix zgfx compression
In the case of raw tokens the decompressor was bogus and was either not updating
the output count, or not updating the number of consumed bits.
2023-02-10 14:02:07 +00:00
John Thacker 4221021ab6 Qt: Fix click to packet on OverlayScrollBar
Fix the calculation of the ratio for converting a packet number
to the scrollbar value by accounting for the length of the slider.
maximum() does not correpond to the last packet; it corresponds to
the first packet shown when the scrollbar is at maximum. The last
packet is maximum() + pageStep().
(See https://doc.qt.io/qt-6/qscrollbar.html#details)

The quarter of a page padding should be subtracted, not added,
from the calculated position.
(Fix up 422c0f45d4)

This correctly makes clicking on the a line in the minimap scroll
the packet list so that the corresponding packet is 25% of the
way down the visible window. (Excepting the cases of packets at
the very beginning or end of the entire packet list.)

Fix #13989
2023-02-10 01:56:20 +00:00
John Thacker 231f55b6f6 DICOM: Do not truncate in the middle of a UTF-8 character
Use ws_utf8_truncate to ensure that truncating the result of
tvb_format_text will not split a UTF-8 character. (50 bytes
is not necessarily 50 UTF-8 characters, but 50 UTF-8 characters
don't necessarily have a visible width of 50 characters anyway.)

Fix #18831
2023-02-09 20:35:02 -05:00
Guy Harris 51e9b6372e TLS: clean up variable names.
Just because a field's value is used in the string that's hashed to
compute a JA3 or JA3S hash, that doesn't mean it should be put into a
variable named "ja3_value", as that doesn't indicate what it *is*.  Use
meaningful names instead.
2023-02-09 14:58:12 -08:00
Moshe Kaplan 9e1905f88d Preferences: Support configuring debounce timers 2023-02-09 20:54:14 +00:00
Martin Mathieson 8812c5ed20 Fix some spelling errors 2023-02-09 19:37:20 +00:00
Gerald Combs ecbfda08c4 macOS: Update our extra package versions.
Track our extra package versions using CMake variables and bump each
version.
2023-02-09 17:52:55 +00:00
John Thacker 66fc2d4ee3 Qt: Actually ensure that rows are colorized
PacketListRecords should only report themselves as colorized when
colorized with the latest version of the coloring rules. Otherwise,
ensureRowColorized will not recolorize rows when the rules have changed.

This makes the minimap/intelligent scrollbar correctly update
colors in the background when the rules have changed. (Rows that
were being displayed were being updated, because the columnStrings
were invalidated at the same time, and when fetching the columnStrings
the colors would be updated if the rules had changed.)

Fix #17621
2023-02-09 15:27:58 +00:00
Guy Harris 2d173ec34c TLS: allow but warn about 0x0304 in Client Hello legacy version field.
You're Not Supposed To Do That, as per RFC 8446 section 4.1.2 "Client
Hello".

Also do the equivalent check for DTLS, as RFC 9147 Section 5.3 "Client
Hello" says You're Not Supposed To Do The Equivalent.  We don't yet
handle DTLS 1.3, but if we ever do....

Fixes #18851.

While we're at it, improve two comments to clarify what
ssl_dissect_hnd_hello_common() does (and to fix one place where the old
comment was incorrect).
2023-02-09 14:33:11 +00:00
AndersBroman 60b87b55db NAS-5GS: fix dissection of UE OS Id 2023-02-09 13:16:47 +00:00
Martin Mathieson 7ce7af124a file-pcapng: add encoding arg to option dissector callback 2023-02-09 10:26:27 +00:00
Jason Cohen 843da72f86 f5fileinfo: Typo / omission fix from last merge. 2023-02-08 23:20:05 -06:00
Gabriel Ganne 427d028d0e cisco-metadata - fix protocol highlight size
Increase the proto item size so that the ethertype is selected as part
of the cisco-metadata protocol.

Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
2023-02-08 20:38:20 +00:00
Jaap Keuter 864e8f1f5f Man: Update extcap argument type documentation 2023-02-08 20:12:27 +00:00
ismaelrti 2a9e59f4cf RTPS: Fixed dissection of compressed data when using PL_CDR* encapsulation.
It was not using the right tvb when dissecting uncompressed
data with PL_CDR_LE or PL_CDR_BE encapsulation
2023-02-08 19:38:55 +00:00
Jason Cohen e3cb80d828 f5fileinfo: Add missing platform identifiers
Add missing platform identifiers for rSeries plafforms

https://my.f5.com/manage/s/article/K9476
r2800 / r2600 (C130)
r4800 / r4600 (C131)
r5900 / r5800 / r5600 (C129)
r10900 / r10800 / r10600 (C128)

Fixes: #18848
2023-02-08 17:39:38 +00:00
Martin Stigge 136ee860fa Fix RSVP P2MP ID rendering in RSVP session summary 2023-02-08 17:32:43 +00:00
John Thacker 4f14745fce Qt: Fencepost error in minimap/intelligent scrollbar
The location of the next line should be based off one row larger
than the current row.

This fixes an issue where all the lines drawn in the intelligent
scrollbar are off by one - the color intended to be drawn for
the first packet never appears, the first packet corresponds to
the line for the second packet, etc., and there is a line at
the bottom that can never be colored in.

Fix #18850
2023-02-08 14:47:32 +00:00
Daniël van Eeden 3123185b6e MySQL: Correct decoding of COM_BINLOG_DUMP_GTID
`COM_BINLOG_DUMP_GTID` was decoded with the same code as
`COM_BINLOG_DUMP`, but the order of items and the set of fields are
different.
2023-02-08 13:53:47 +00:00
Jan Romann 4d67dcb402
CoAP: fix CoAP dissectors 2023-02-08 14:17:34 +01:00
Martin Mathieson 86f7777c4c file-pcapng: Provide mechanism for 'local' block handlers 2023-02-08 13:10:48 +00:00
João Valverde eda38f5f2d Replace g_utf8_make_valid() with own function
The function ws_utf8_make_valid() is all-around better and
also does maximal substitution of subparts.
2023-02-08 11:21:19 +00:00
João Valverde a66b5080c3 Make wmem and wsutil a single logical library
We want to do more sophisticated processing of UTF-8 in wmem and
for that we want to use the unicode utility functions in wsutil.

We also want to use wmem scoped memory in wsutil unicode utility
functions.

This introduces a circular dependency. Fix that by making both
the same library and removing the sanitary cordon separating
them.

We still need to be mindful of public header  depencies of wmem on
wsutil because wmem.h is included in wireshark.h and we want to
be parsimonious with the use of global includes.
2023-02-08 11:21:19 +00:00
ismaelrti 53d51d1421 RTPS: Clean diplicated entity_kind_vals value
Removed incorrect value ENTITYID_OBJECT_NORMAL_META_CST_READER in
entity_kind_vals value_string
2023-02-08 11:15:39 +01:00
Donatas Abraitis 525161bb59 Add BGP Software Version Capability decoding
GoBGP, FRRouting, and Flockd already have this draft implemented.

https://datatracker.ietf.org/doc/html/draft-abraitis-bgp-version-capability

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
2023-02-08 07:19:11 +00:00
João Valverde 84f963dfa2 Move ui/version_info.[ch] to wsutil 2023-02-07 23:17:37 +00:00
Gerald Combs 3e07c0dc01 macOS: Forget our ChmodBPF package when uninstalling
Add `pkgutil --forget org.wireshark.ChmodBPF.pkg` to the "Uninstall
ChmodBPF" postinstall script. The `pkgutil` man page says

    --forget package-id
        Discard all receipt data about package-id, but do not touch the
        installed files.  DO NOT use this command from an installer package
        script to fix broken package design.

but Homebrew's Wireshark cask does this, and it should help to work
around issue #18734.

Add `pkgutil --forget org.wireshark.path_helper.pkg` to the "Remove
Wireshark from the system path" postinstall script.
2023-02-07 21:24:34 +00:00
David Perry 71a77a4a5d Correct function signatures for buffer functions 2023-02-07 19:52:37 +00:00
John Thacker 4818778df2 tshark: Preserve options when dissecting packets and writing
epan_dissect_run_* and epan_dissect_reset unreference the packet
block that is part of the record, which frees it if the ref count
drops to zero. However, tshark needs the block later to, e.g.,
copy the options. process_cap_file_[single|second]_pass still
unreference and free the block with wtap_rec_reset() at the end
of each packet loop.

Fix #18693
2023-02-07 18:27:12 +00:00
David Perry c01f860867 Update comments in `wiretap/file_access.c` 2023-02-07 18:24:28 +00:00
John Thacker ca230a59e0 wiretap, pcapng: Distinguish WTAP_ENCAP_UNKNOWN and _NONE
WTAP_ENCAP_UNKNOWN is used for two different cases:
1. Encapsulation type values that are unsupported by libwiretap or
bogus values (and thus "unknown" to libwiretap).

2. An initial state where the encapsulation type is "not yet" known
for a file type like pcapng without a single encapsulation type in the
header, before any packets or interfaces that set the encapsulation type
have been read. (If the file has no packets, this may be the value after
the file is entirely read in.) This can be the value when an output file
is written out simultaneously with reading an input file, rather than
reading the entire input file first, and, e.g., there is a custom block
before any IDBs.

The first case can never be handled when writing out a file, but the
second case can possibly be handled, so long as (for pcapng) IDBs
are available to write when they become necessary, or (for file
types like pcap with a single link-layer type in the header) the
writer waits until a link-layer type is seen to create the output
header. (It is possible, of course, that writing would fail in the
middle if an unsupported encapsulation type appears, or if the
encapsulation becomes per-packet for file types that don't support that,
but that is an unavoidable risk when writing without reading the entire
input file(s).)

Introduce WTAP_ENCAP_NONE for the second case, and use it for pcapng,
where we guarantee that any necessary IDBs will be passed along.
Continue to use WTAP_ENCAP_UNKNOWN for the first case.

Allow pcapng files to open a file for writing with WTAP_ENCAP_NONE.

There are some other file types that support per-packet link-types,
and could also use WTAP_ENCAP_NONE, but they require more work to
generate IDBs. (Note that all of them currently are impossible to
write to pcapng when they have multiple encapsulations, even if
the encapsulations are all supported by pcapng, because they don't
properly generate IDBs.)

Remove the workaround in ef43fd48b4
for tshark writing to pcapng when the source file is WTAP_ENCAP_UNKNOWN,
since now such files will be WTAP_ENCAP_NONE and work properly (and
also work in editcap, mergcap, etc.)

Along with 8cddc32d35, fix #18449.
2023-02-07 13:33:20 +00:00
John Thacker e8db896c62 PROFINET: Add strings with proto_tree_add_item
Add strings with proto_tree_add_item instead of tvb_memcpy,
appending a null, and a proto_tree_add_string so that the
strings are validated for encoding, trailing nulls, etc.

Fix #18847
2023-02-07 07:20:27 -05:00
João Valverde c62aa67d2c Move ui/exit_codes.h to include/ 2023-02-07 10:12:08 +00:00
Dr. Lars Völker 25cf3e2e98 TECMP: Improve usability of lifecycle field
This patch adds more human readable information for the lifecycle field.
2023-02-07 06:51:06 +00:00
Gerald Combs e1db561aa2 macOS: Fixup our signature identifiers
Pass a prefix to `codesign` so that our signature identifier is
"org.wireshark.foo" instead of "foo" for our command line utilities,
libraries, and ChmodBPF.
2023-02-07 01:43:13 +00:00
John Thacker fd183cb40b Qt: Add ability to cancel sorting
Add the ability to cancel sorting. Since we now parse user inputs
during the sort, test and set the capture file read lock. Try to
sort in PacketList::captureFileReadFinished, since now sorting during
thawing won't happen if it's in the middle of a rescan.

Fix #17640
2023-02-07 00:03:24 +00:00
Jan Romann 252e667218 CoAP: update Observe option doc comment 2023-02-06 20:47:12 +00:00
Jan Romann be591c150a CoAP: add support for additional options 2023-02-06 20:47:12 +00:00
João Valverde 7c156d9ac4 Add a #define HAVE_MSYSTEM and use it
In certain situations using __MINGW64__ is not correct.
We want to have the condition apply using MinGW-w64 but also
using MSYS2, which the __MINGW64__ condition alone does not
capture.

Add a HAVE_MSYSTEM C define and use it where appropriate.
2023-02-06 19:39:33 +00:00