With the name change from Ethereal to Wireshark, asn2eth was renamed
asn2wrs.
Change-Id: I5bdfa2362ca7de81b0bda6ec9faa78cdb0ba10b4
Reviewed-on: https://code.wireshark.org/review/27968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
../epan/dissectors/packet-scte35.c: In function ‘dissect_scte35_splice_insert’:
../epan/dissectors/packet-scte35.c:487:12: error: ‘tsf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (tsf) {
^
../epan/dissectors/packet-scte35.c:451:27: note: ‘tsf’ was declared here
guint8 component_tag, tsf;
^
cc1: all warnings being treated as errors
Change-Id: I9445c76bd1d3447ce5d9ce3df5970840a1605175
Reviewed-on: https://code.wireshark.org/review/27957
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently exist two main pages within Wireshark. The first being
the main welcome page and the second the packet capture page. The
first is called "main_welcome.?" and the second is actually the
master_split_ object defined in main_window.h. The first being a
QFrame, the second not.
In preparation for future developments (dockable windows, multiple capture
files), this is being corrected, with the main welcome being renamed
as welcome_page as a first step
Change-Id: I40703e6ed15ff6f6b62b2a3cf31f5636ac6da9ec
Reviewed-on: https://code.wireshark.org/review/27949
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Commit 46dc5f75, while fixing sccp reassembler in the generic case, introduced
a huge performance drop in some scenarios.
The bottleneck is the sccp_reassembly_id_map hash table and, more precisely,
the combination of the key layout and the hash function g_int64_hash()
The key is defined as:
guint64 key = ((guint64)frame << 32) | offset;
Since the hash function uses only the lowest 32 bits of the key, all fragments
at the same offset are saved in the same bucket
If the sccp fragments are always in different packets and at the same offset
(because, for example, there are only 1 chunk in every sctp packet) the hash
table degenerates in exactly one linked list.
Changing the key definition seems to restore the original performance
Since there are usually hardly more than ~10/20 sctp chunks in a packet,
this change shouldn't significantly affect performance when (all) fragments
are in the same frame
Change-Id: I2867a72819c2d91e1e0ae2cb97d63b5684d35bcc
Reviewed-on: https://code.wireshark.org/review/27944
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
master_split_ must be moved to a more prominent widget, as it is in actuality
the main widget of the application.
Change-Id: Id45b60f5f57c982c1890318eec9fa87ab61a9e19
Reviewed-on: https://code.wireshark.org/review/27942
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
LCLS information element decoding had been added to the gsm_a_bssmap
dissector before. Hoewver, they were only parsed in the existing
PDU types such as ASSIGNMENT REQ / COMPLETE.
LCLS introduced the three new LCLS specific PDUs, which we must also
handle from the dissector. Let's do that.
Change-Id: I6a57b1eaf326fa12438639418f1255b733c10d36
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Reviewed-on: https://code.wireshark.org/review/27941
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Network Instance is a field which will be either
a Domain name or APN address
Change-Id: I2cd832fcc5c44a348d575835254b8f1cae91f10c
Reviewed-on: https://code.wireshark.org/review/27317
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Time Sync Port Physical Address Info: Finish parsing this
2. Connection Manager: Add more service names
3. Add more Device Type enumerations
4. Unconnected Send Unsuccessful Response: Add the reserved byte
5. Vendor ID -> Originator Vendor ID
6. Add some BASE_UNIT_STRING
Change-Id: I112c44330cc4051d2eea8d149e3cbbf8eaef1247
Reviewed-on: https://code.wireshark.org/review/27937
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And handle comments in manuf file entries correctly.
There are entries in the manuf file where columns are
separated by two or more tab characters. These extra
tab characters are not being trimmed from the manuf name.
OUI: 00:40:96 ( Cisco Systems, Inc.)
->
OUI: 00:40:96 (Cisco Systems, Inc.)
Change-Id: Ie6545480848bb84c20bea6566a3ccf11c7ed9233
Reviewed-on: https://code.wireshark.org/review/27759
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
1. Connection Serial Number, Vendor ID, and Device Serial Number are always
used as a group. Group these as a struct to make them easier to manage.
2. Pull out common code into dissect_connection_triad()
No functional changes.
Change-Id: Ide126f8d0ea6ab8e2de5abf20e12643d5a35924d
Reviewed-on: https://code.wireshark.org/review/27926
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
wmem_ascii_strdown() stops when it sees a NUL, so there's no guarantee
that the resulting string is as long as the length passed in. This is
probably the cause of bug 14779 - the check that tests whether the
header name is valid scans the result of wmem_ascii_strdown(), assuming
it has the same length as the supplied header length, but if there's a
NUL in the header, it will be shorter than the supplied header length.
Check the raw line text in the check for a valid header name; fail if we
see a NUL (as that's not a valid character in an HTTP header).
is_token_char() handles both upper-case and lower-case letters, so we
don't need to wmem_ascii_strdown() the header first.
Once that succeeds, we can safely use wmem_ascii_strdown() to make a
null-terminated all-lower-case string for the header name.
Bug: 14779
Change-Id: Id3fa046dd0b1a8bd73fc9ff582e5e1fae535c2e9
Reviewed-on: https://code.wireshark.org/review/27936
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Minor bug fixes:
1. Preshared Keys: Minimum size can be 1, not 3. This shows malformed packets for valid data.
2. Preshared Keys: Display PSK based on PSK size, not ID size.
3. Correct name of some hf types.
Change-Id: Ib412cd109929a1f4a1e5b67b47cb4c9f0eab6512
Reviewed-on: https://code.wireshark.org/review/27929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We should really do a better length check. This also suggests that we
might be going past the length if it's too short - should we create a
new tvbuff, with tvb_subset_length(), and dissect based on that?
Bug: 14780
Change-Id: Iaaab529f34b0168ad74c7b4f3e1b4255504c1b57
Reviewed-on: https://code.wireshark.org/review/27930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
make-taps and make dissectors are build tools so that is the natural
location for them.
See also 99ec2b58eb68ab8530245dd13485612695ba064a and bug 14622.
Change-Id: I754848ea1c614bfa7121c44d89136ac3cba8a734
Reviewed-on: https://code.wireshark.org/review/27928
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Includes support for a bug in the endian encoding in PCP v4.0.0 - v4.0.1
which was fixed in v4.0.2.
Bug: 14630
Change-Id: I6861bfa07e6d359d32412fa874a67a9c6fcba086
Reviewed-on: https://code.wireshark.org/review/27159
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Would previously search for subdissector by second part of URI.
Subdissectors in hash table are indexed by first part and search
would return NULL.
Change-Id: I0af1c4800dd69eae78d51d752c3ac299d248ddf4
Reviewed-on: https://code.wireshark.org/review/27908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of relying on heuristics (single TCP segment contains a whole
MySQL packet) use the compression state from the greeting. This fixes
bad dissection when a single TCP segment contains multiple MySQL packets
with three other bytes at the end.
Tested with the capture from the linked report as well as bug 10342.
Bug: 13754
Change-Id: I9d9573f4705265d78ec3d75a195df70718de77b3
Reviewed-on: https://code.wireshark.org/review/27916
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Perl is required for generating version.h. It is therefore a mandatory
requirement for building on both Windows and Unix.
Bug: 14764
Change-Id: I0bc86f5c463148b8070166b677d2ec349c461488
Reviewed-on: https://code.wireshark.org/review/27915
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
N.B. as the primitive headers are (so far) identical to LTE,
re-use that code and remote 'lte' from primitive header fields.
Change-Id: I53ece508608fc9108f218ee2933e1b13cc9777bb
Reviewed-on: https://code.wireshark.org/review/27921
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The version of Berkeley YACC that comes with NetBSD 7.1 puts a
declaration of ascendlval into ascend.h, even when we're building a
reentrant parser. That causes a shadowing warning.
Suppress some diagnostics before we include ascend.h.
Change-Id: I190f0439c36b48c7dfb19a2fe6cef0eb1e96f198
Reviewed-on: https://code.wireshark.org/review/27917
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That's the case on DragonFly BSD 5.2.1, at least.
Change-Id: I8bbd51462d74380004c611183f4b9229f4d20ff6
Reviewed-on: https://code.wireshark.org/review/27913
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There was an issue, where siblings where not copied correctly.
Bug:14355
Change-Id: I31611a6731f3f4de6b204c7ee708e42f0b7b170c
Reviewed-on: https://code.wireshark.org/review/27802
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Roland Knall <rknall@gmail.com>
In different versions of libpcap, pcap_compile() has a 3rd parameter
with or without const. Using a non-const variable, allow the auto
promotion to const possible, but not the vice-versa.
Fixes compilation on OpenBSD.
Change-Id: I72162a4ea419668b6222e84bf5525a6c48fddd52
Reviewed-on: https://code.wireshark.org/review/27896
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There's already valgrind support in fuzz-test.sh; This change simply clones the
relevant fragments of script into randpkt-test.sh, making very minor tweaks as
needed. Valgrind support in randpkt-test.sh is enabled through the "-g"
command-line option, just like with fuzz-test.sh.
In my testing here, it seems MAX_LEAK could be reduced somewhat, but I don't
think that that belongs as part of this change; I've simply kept the MAX_LEAK
value from fuzz-test.sh.
While we're here, the last line of valgrind-wireshark.sh launches a subprocess,
and that shell then simply returns its exit code, so there is no need for the
shell to stick around. So, let's use "exec" here to replace the shell with the
new process.
Testing Done: On Linux amd64, ran several iterations of randpkt-test.sh and
fuzz-test.sh, both with and without the "-g" option.
Change-Id: I87cc63559dc2e66c42c905f46657ce40cabf0104
Reviewed-on: https://code.wireshark.org/review/27741
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FrameInformation was never deallocated, leaking the whole pinfo scope.
Fix a dealloc-alloc-mismatch (packet_data_ was g_memdup'd). Attach the
DataPrinter menu actions to the action group instead of the singleton
DataPrinter instance, this enables freeing the actions when the submenu
is gone rather than clearing this at program exit.
Reported by ASAN.
Change-Id: If13af94a60b07b0e52973ccc5c437ef987bfb394
Fixes: v2.5.0rc0-1627-g8a6ea0e454 ("Qt: Further cleanup ByteView")
Reviewed-on: https://code.wireshark.org/review/27844
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by ASAN.
Change-Id: I0e7578d6583dc11312d95108331b6a743d7d5514
Reviewed-on: https://code.wireshark.org/review/27832
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Free the memory as documented.
Change-Id: I8a8842160be676bb08f5b93e795b9ed8edef2ede
Reviewed-on: https://code.wireshark.org/review/27829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While HTTP header names are restricted to a limited set, many
implementations basically read whole lines and then look for a colon.
Actual validation happens after that. Follow that approach to avoid
early termination of request/response headers and diagnose the issue.
This may break HTTP/0.9 response parsing, but nobody should be using
that now.
Bug: 10123
Change-Id: If435aa832effc83095f9b6b822a76cb46451e7de
Reviewed-on: https://code.wireshark.org/review/27605
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix a crash (denial of service) resulting from a large buffer overrun
(read) when the "MS/TP Length" is smaller than 3. If that is the case,
then an integer overflow will result in a large unsigned number.
Fix a buffer overflow (write) when the "code" (length) octet is 0. This
is illegal and would result in an integer overflow. With a specially
crafted encoded CRC-32K value, this could result in writing 255 bytes
past the end of buffer (xoring the octets with 0x55).
Make the meaning of the "length" parameter more obvious (include two
bytes such that it reflects the input and output buffer size).
Corrected based on the description in Section 9.10 of
http://www.bacnet.org/Addenda/Add-135-2012an-PPR2-draft-rc4_chair_approved.pdf
(note that its reference code also has this overflow issue).
Bug: 14771
Change-Id: Iac27e1151f02add4e54abb0fcae6afc94460ae23
Fixes: v2.9.0rc0-734-g0e517232a8 ("Added support for extended length BACnet MS/TP data frames.")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8580
Reviewed-on: https://code.wireshark.org/review/27897
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dirk Roemmen <dro@cslab.de>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A CAM inspector file maintains a global time counter in units of
1us. Set the correct resolution for the packet timestamps.
Keep track of the time counter when the file is loaded and we walk
through the file from start to end. Process timestamp blocks in the
file. Each of those blocks updates a part of the overall time counter.
Change-Id: I138cd8fb287e591b078babc2403a599287df1397
Reviewed-on: https://code.wireshark.org/review/27904
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lemon gets this error on its Parse() function, at least on FreeBSD 11.1
with its version of Clang.
Change-Id: I4fc1674373af5c0016ee953b61066bf6b24b7ad6
Reviewed-on: https://code.wireshark.org/review/27905
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When there are two segments, but zero requests, "i=1" will be reset to
"i=0" and an infinite loop occurs.
Change-Id: I32cb387ce0724936bcb5d5832b1c90d2bc585998
Fixes: v2.5.2rc0-100-g8f0f691312 ("RPC-over-RDMA: add reassembly for reply, read and write chunks")
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7138
Reviewed-on: https://code.wireshark.org/review/27891
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
With MATE being an integral part of Wireshark for a long time now and its
documentation being part of the Wiki for a while it is time to move it
into the Wireshark Users Guide.
All credits go to Luis Ontanon for creating MATE and the Wiki pages,
the various contributors to those pages and especially Pavel Sindelka for
the creation of the graphics.
This change merely incorporates the contents of the Wiki pages into an
asciidoc file for processing into documentation output. It is in no way a
claim to knowledge of or deep insight in the workings of MATE on my part.
Change-Id: Id9c60fd3ba4a52aafb988370ea7d658907970ccd
Reviewed-on: https://code.wireshark.org/review/27894
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to TS 29.060, ch6.
Change-Id: I7945b483f73265a7eb5432094054c5d4683fd6f8
Reviewed-on: https://code.wireshark.org/review/27875
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>