When the HTTP request is transmitted to a Proxy the URI is already
a "full URI".
Bug was reported by Thomas Baudelet.
Bug: 12176
Change-Id: I83f6bdef6fa96233792c6bbe54caad38df0f5fb6
Reviewed-on: https://code.wireshark.org/review/14142
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
HT tab stops are set every 8 spaces on UN*X; UN*X tools that treat an HT
character as tabbing to 4-space tab stops, or that even are configurable
but *default* to 4-space tab stops (I'm looking at *you*, Xcode!) are
broken. tab-width: 4, tabstop=4, and tabSize=4 are errors if you ever
expect anybody to look at your file with a UN*X tool, and every text
file will probably be looked at by a UN*X tool at some point, so Don't
Do That.
Adjust indentation to reflect the mode lines.
Change-Id: Icf0831717de10fc615971fa1cf75af2f1ea2d03d
Reviewed-on: https://code.wireshark.org/review/14150
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We should emit textEdited whenever the user changes the text
interactively. Do so when the user clicks the clear button or selects a
recent filter.
We might want to copy this to DisplayFilterEdit.
Change-Id: Icf02fead52947fcef6e7e617b0c49bfc9e1aec65
Reviewed-on: https://code.wireshark.org/review/14144
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Not all shells support uname -o.
Change-Id: Ia6f46f3580f6d7b421da672418dcbee38ad9e60b
Reviewed-on: https://code.wireshark.org/review/14143
Reviewed-by: João Valverde <j@v6e.pt>
Always decode Call ID (and payload length) when Version is Enhanced GRE (and no ACK flag)
Issue reported by Duncan Salerno
Bug:12149
Change-Id: I2f61dd6851e26cc93174f96e05c0055fc45be4e2
Reviewed-on: https://code.wireshark.org/review/14088
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This makes Python required only for (portable) fnmatch().
Change the ignore script to work as a filter.
Multi-platform improvements.
Change-Id: I6ac757d48ba2ff965da5da3dc9c25047a0e37f92
Reviewed-on: https://code.wireshark.org/review/13693
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
(qsort() is your friend.)
Change-Id: I71ab5fea0c8c0f548d737f5d5d1b7523b8a668ea
Reviewed-on: https://code.wireshark.org/review/14137
Reviewed-by: Guy Harris <guy@alum.mit.edu>
packet-flexray.c: In function ‘dissect_flexray’:
packet-flexray.c:245:6: error: ‘flexray_frame_tree’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
expert_add_info(pinfo, flexray_frame_tree, &ei_flexray_frame_payload);
^
cc1: all warnings being treated as errors
Change-Id: Iadcae49e7d958823ae7066906892f6c1ae85169b
Reviewed-on: https://code.wireshark.org/review/14124
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use more descriptive naming while at it.
Change-Id: Ic89562cb9fa2cd5e315992f12ad9e46f2361da0b
Reviewed-on: https://code.wireshark.org/review/14057
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector for the USB3 Vision machine vision camera protocol.
* Descriptors
* Bootstrap registers
* Control (GenCP)
* Stream data
A sample capture (usb_u3v_sample.pcapng) has been uploaded to
https://wiki.wireshark.org/SampleCapture
USB3 Vision a standard developed under the sponsorship
of the AIA for the benefit of the machine vision industry.
U3V stands for USB3 Vision (TM) Protocol
Change-Id: If1206df7974c6a91cf18f59ddecf9d38b9827934
Reviewed-on: https://code.wireshark.org/review/14008
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Expert info for cip_short_string,cip_string
2. Combine dissect_cip_multiple_service_packet_req/dissect_cip_multiple_service_packet_rsp. The formats are the same, and this ensures that all expert info checks are applied to both.
3. Remove some copy-paste in dissect_cip_generic_data
Change-Id: I433990bf4389bee78d414cab8547bd2bb39498c7
Reviewed-on: https://code.wireshark.org/review/14105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change fixes a leak in packet-diameter that loads a dictionary
but doesn't free all the data. Found by valgrind.
==30481== 36,656 (960 direct, 35,696 indirect) bytes in 24 blocks are definitely lost in loss record 3,417 of 3,421
==30481== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30481== by 0xA7FE610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA81422D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0xA7CDC44: g_array_sized_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30481== by 0x6863743: dictionary_load (packet-diameter.c:1980)
==30481== by 0x6863743: proto_register_diameter (packet-diameter.c:2344)
==30481== by 0x71C4BA4: register_all_protocols (register.c:323)
==30481== by 0x65EEFA7: proto_init (proto.c:521)
==30481== by 0x65CD621: epan_init (epan.c:126)
==30481== by 0x115330: main (tshark.c:1220)
Change-Id: I3c0d19e1accab415355aa0f50c598f0c83356985
Reviewed-on: https://code.wireshark.org/review/13821
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update docs to include steps for CMake builds.
Change-Id: Iefbe038ab93311bb3b2e9fd21bcdc674290dba45
Reviewed-on: https://code.wireshark.org/review/14121
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug:10501
Change-Id: I8d77c41537f1bfed9b5fbc585119496ec73c06eb
Reviewed-on: https://code.wireshark.org/review/14123
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If it's 0x1A2B3C4D, that means it has the same byte order as the
instruction set for which Wireshark was built[*]; if it's 0x4D3C2B1A, it
means it has the opposite byte order. (We assume no "middle-endian"
machines here; it's extremely unlikely that any of this code will ever
work on a PDP-11.)
Wireshark *does* work on big-endian machines (if there are any places
where it doesn't, those are bugs that must be fixed), so we can't assume
that "same byte order as our instruction set" means "little-endian".
[*]If, for example, you run a PowerPC binary under Rosetta, it'll act as
if big-endian is the native byte order, even though it's running on a
little-endian machine.
Change-Id: Ic438bd85c034f1fba276408ba30214d7078121d1
Reviewed-on: https://code.wireshark.org/review/14133
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't use the byte order from any previously-seen SHB, as it might be
different.
Bug: 12167
Change-Id: I19a81f81f2e8115938387487e2682b8b11a100fe
Reviewed-on: https://code.wireshark.org/review/14131
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We don't need to allocate an WTAP_OPTION_BLOCK_IF_DESCR option block;
don't use the value we allocated.
We must not allocate an WTAP_OPTION_BLOCK_IF_STATS option block until we
need it, as we may have to allocate *more than one* of them here! The
old code would reuse the same block, adding it more than once, causing a
"freeing already freed data"/"freeing non-allocated data" error on some
platforms.
Change-Id: I8582627c1f5deecfd4f6490dcdf8c31ee3809d12
Reviewed-on: https://code.wireshark.org/review/14130
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The S1 code works similarly to the S2/S3 code, and has the same issue.
Change-Id: I288e30ccdf67d8a6daec8c8428c0f703e18ecc89
Reviewed-on: https://code.wireshark.org/review/14127
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The 1 is for the byte written with vht_ndp_flag; the 16 is for the PLCP
header. Separate them out; no change to the actual code (as any
compiler worth its salt would do constant folding).
Change-Id: I5e081c67e605203153270ed9a3f9e30b9e9b968c
Reviewed-on: https://code.wireshark.org/review/14125
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: I661cadd8beea9585885e48c03a8b52561d1df778
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14113
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fixes regression introduced by f5340b2
g_hash_table_remove will call free on object, thus there is no need for explicit g_free,
as is causes a double-free:
*** Error in `/usr/sbin/wireshark-gtk': double free or corruption (fasttop): 0x0000555556e6bf50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77da5)[0x7fffef80ada5]
/lib64/libc.so.6(+0x804fa)[0x7fffef8134fa]
/lib64/libc.so.6(cfree+0x4c)[0x7fffef816cac]
/lib64/libglib-2.0.so.0(g_free+0xe)[0x7ffff09665ee]
/lib64/libglib-2.0.so.0(+0x388ba)[0x7ffff094f8ba]
/lib64/libwireshark.so.6(+0x1cfb46b)[0x7ffff49d646b]
/lib64/libwireshark.so.6(+0x1d03d99)[0x7ffff49ded99]
/lib64/libwireshark.so.6(+0x173b11f)[0x7ffff441611f]
/lib64/libwireshark.so.6(+0x173bba5)[0x7ffff4416ba5]
/lib64/libwireshark.so.6(call_dissector_with_data+0x26)[0x7ffff4419ad6]
.....
The g_hash_table_insert will remove and deallocate existing entry, so we
don't need to do it at all.
Change-Id: Ide47d1f9deb3e1b0d8adefd31fc6f3bf5cbaa010
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Reviewed-on: https://code.wireshark.org/review/14096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes a missing "*" marker in the title and this warning when the
capture file comment is modified:
QWidget::setWindowModified: The window title does not contain a '[*]' placeholder
Change-Id: Iea0a63cf8c8f9abd577397c8881f0399d2e798ba
Reviewed-on: https://code.wireshark.org/review/14010
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Documentation changes only (comments and docbook).
Update WSDG with the fragment_add_seq_check API that was introduced in
Wireshark 1.10.
Fix typos and clarify the many functions we have for adding reassembling
fragments.
Change-Id: I38715a8f58e9cf1fe3e34ee4b1a4ae339630282b
Reviewed-on: https://code.wireshark.org/review/14066
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bound the recursion depth to avoid a stack overflow while parsing a
deeply nested constructed string.
Call chain before this patch:
- dissect_ber_octet_string
- dissect_ber_constrained_octet_string
- reassemble_octet_string (called for constructed types)
- dissect_ber_octet_string *recursion*
After this patch, the reassemble_octet_string will throw if the maximum
recursion depth is reached.
Bug: 11822
Change-Id: I6753e3c9f5dcbfab0e4c174418b2c7eb784d64d2
Reviewed-on: https://code.wireshark.org/review/14108
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Commit v1.99.10rc0-316-gf28e23f added some additional room for the 16
byte PLCP header and 1 byte L1P. These are however not part of the
remaining data, only the header.
Bug: 11795
Change-Id: Ia6935d27366a07f818f147c9094a801429b049e2
Reviewed-on: https://code.wireshark.org/review/12240
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Undo Qt's "helpful" canonicalization of paths returned by the file
dialogs to use / as the pathname component separator rather than using
the native pathname component separator.
Bug: 12117
Change-Id: I6077191a2204574ca50f53b5424f7f421db33db3
Reviewed-on: https://code.wireshark.org/review/14109
Reviewed-by: Guy Harris <guy@alum.mit.edu>
After changing an asciidoc source file, the html files were not rebuilt
via 'ninja developer_guides'. It turns out that the
developer_guide_docbook target has an order-only dependency on
developer-guide.xml (and not the developer-guide.xml dependencies).
Fix this by adding an explicit dependency on the generated .xml file.
Change-Id: I4bdc0ebca8909caaab9cc0797cc35cc6260bfe43
Reviewed-on: https://code.wireshark.org/review/14065
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Also install the Qt5-devel packages (in addition to plain old "Qt").
Change-Id: I86f6a779dc9d0b359c69f0627106d1cce3120f83
Reviewed-on: https://code.wireshark.org/review/13916
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
'rsip.parameter.address' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sap.originating_source' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
'sflow_245.nexthop' exists multiple times with NOT compatible types: FT_IPv6 and FT_IPv4
Change-Id: Idabe9adafac2e11f2e90a494e5fac1a341edca33
Reviewed-on: https://code.wireshark.org/review/14091
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We just dissect it as raw bytes for now; ultimately, we need to process
it the same way we process data for other forms of USB capture.
This also catches the case where the frame length is bogusly large
(including so large that rounding it up to a multiple of 4 overflows).
Bug: 12153
Change-Id: I537974d548fdcda917d9fce8189eb2134bc17bb9
Reviewed-on: https://code.wireshark.org/review/14103
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Highlight the matching tree item and matching packet bytes when
doing a Find Packet. Added cf->search_len to correctly highlight
the matching bytes when doing a regex search.
Bug: 12157
Change-Id: I84fbdb9b43be4355e24aff3cf5f8850f1119e2bf
Reviewed-on: https://code.wireshark.org/review/14086
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Uli Heilmeier