Remember all the IDBs we've seen from the input file so far and, if
we're writing multiple files (splitting an input file into multiple
output files), add all those IDBs to each of the output files.
Fixes issue #17060.
(cherry picked from commit a11e5261e1)
The Export Objects Content-Type filter combobox should not sort the
header of "All Content-Types" in with the list of content types, but
should ensure that it is always the first item, especially as the first
item position is used to show all content. This is particularly an issue
in some localizations; e.g., すべてのコンテントタイプ alphabetizes
after actual content types. Fixes bug #17048
(cherry picked from commit 2d8dd9ed4f)
At least one ns-3 capture has DMG frames (as indicated by the channel
number being in the 60 GHz band - radiotap currently has no DMG metadata
field) that have the +HTC/Order flag subfield set but have no HT Control
field, causing them to be misdissected.
802.11-2016 says that DMG frames should never have +HTC/Order set; if it
*is* set in a QoS frame known to be a DMG frame, flag it with an expert
info item and don't treat it as having an HT Control field.
Update a bunch of comments to give more information, put comments in the
appropriate places, and speak of 802.11-2016 rather than older standards.
While we're at it, update the title and description of the +HTC/Order
flag to reflect its name as of 802.11-2016.
(cherry picked from commit 3c640ca04a)
Don't assume that the Internet has our best interests at heart when it
gives us the size of our decompression buffer. Assign an arbitrary limit
of 50 MB.
This fixes#16739 in that it takes care of
** (process:17681): WARNING **: 20:03:07.440: Dissector bug, protocol Kafka, in packet 31: ../epan/proto.c:7043: failed assertion "end >= fi->start"
which is different from the original error output. It looks like *that*
might have taken care of in one of the other recent Kafka bug fixes.
The decompression routines return a success or failure status. Use
gbooleans instead of ints for that.
(cherry picked from commit f4374967bb)
Make sure _proto_tree_add_bits_ret_val allocates a bits array using the
packet scope, otherwise we leak memory. Fixes#17032.
(cherry picked from commit a9fc769d7b)
Back in 2017, commit d7bab0b46e introduced
printing the TEI in COL_INFO. Unfortunatelky it contained a typo and
stated "TEI:1%u" instead of "TEI:%u". So TEI 0 became TEI 10, etc. -
causing some confusion.
Let's remote that extraneous '1' and at the same time print the sapi
with two digits for better alignment of multiple lines. It is a
two-digit decimal value (0..63).
(cherry picked from commit 9c5ea50b0a)
That's QoS-frame only; for non-QoS frames, the +HTC/Order subfield
doesn't mean there's an HT Control field.
Update the reference to the part of the 802.11 standard mentioning that
subfield to 802.11-2016.
(cherry picked from commit 1fa5687fad)
It's clearer to say
if (A) {
if (B) {
do this;
} else {
do that;
}
}
than to say
if (A && B) {
do this;
} else if (A && !B) {
do that;
}
(cherry picked from commit baee4a41c7)
Change
case DATA_FRAME:
if (condition) {
do stuff;
break;
}
do other stuff;
break;
to
case DATA_FRAME:
if (condition) {
do stuff;
} else {
do other stuff;
}
break;
to make it clearer that it's "do this if condition is true, else do
that".
(cherry picked from commit 258fb14821)
When there is no do_dissection cf is missing some variables
for cf_close() call. Therefore we have to set them explicitly.
Fixes: wireshark/wireshark#17021
(cherry picked from commit 0fad19b7d9)
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
(cherry picked from commit 5e45f770fd)
Fix dissecting of packets received on LE Coded PHY. These packets
will include the extra field "coding indicator" after the access
address.
The assignment of phy in the common bluetooth context was missing,
leading to this field being left out and the offset being wrong.
(cherry picked from commit c586f71a5c)
Don't call the columnString() and discard the result in order to force
colorization; instead, add a separate method to force colorization and
use that.
This avoids the need to choose a column; we were using 1 as the column
number, but column numbers are zero-origin, so that's column 2, which
isn't guaranteed to exist (a crash ensued if it didn't).
(cherry picked from commit 58aea1de62)
The canonical location for the usb.ids file is
http://www.linux-usb.org/usb.ids. Unfortunately that site isn't
accessible over HTTPS so we were using https://usb-ids.gowdy.us/usb.ids
instead. *That* site is down, so switch to the Linux USB project's
SourceForge repository URL, which appears to house the assets for
www.linux-usb.org, including the usb.ids file.
(cherry picked from commit 01d5e8ee51)
Some UN*Xes (4.4-lite-derived, such as the obscure, little-known macOS,
FreeBSD, NetBSD, OpenBSD, and DragonFly BSD) have a length field in the
socket address structure.
That was originally done for OSI address support; unlike most transport
addresses, such as IPv4 (and IPv6) addresses, where the size of the
address is fixed, the size of an OSI transport layer address is *not*
fixed, so it cannot be inferred from the address type.
With the dropping of OSI support, that field is no longer necessary in
userland. System calls that take a socket address argument also take an
address length argument; in newer (all?) versions of the {macOS,
FreeBSD, NetBSD, OpenBSD, DragonFly BSD} kernel, the system call code
sets the length field in the kernel's copy of the address to the address
length field value.
However, that means that you have to pass in the appropriate length; if
you have a sockaddr_storage that might contain an IPv4 address or an
IPv6 address, connect() (and bind()) calls should use the IPv4 address
size for IPv4 addresses and the IPv6 address size for IPv6 addresses,
otherwise, at least on macOS, the call fails.
In cap_open_socket(), report socket() and connect() errors separately,
to make it easier to determine where TCP@ captures fail, if they do
fail. (That's how I got here in the first place.)
(cherry picked from commit e3047d9b38)
The pointer isn't incremented in get_ts_23_038_7bits_string_unpacked
so it just decodes the first octet length times.
(cherry picked from commit 5df3f5d05d)
coherent_set_tracking.coherent_set_registry_map uses a struct as a key,
but the hash and comparison routines treat keys as a sequence of bytes.
Make sure every key byte is initialized. Fixes#16994.
Call wmem_strong_hash on our key in coherent_set_key_hash_by_key instead
of creating and leaking a GBytes struct.
(cherry picked from commit 33e63d19e5)
It's easy to create systemd blocks with a missing or invalid
__REALTIME_TIMESTAMP= field when fuzz testing. If that's the case, leave
WTAP_HAS_TS unset instead of returning an error. Fixes#16965.
(cherry picked from commit 51145c62e6)
PEP 394[1] says,
"In cases where the script is expected to be executed outside virtual
environments, developers will need to be aware of the following
discrepancies across platforms and installation methods:
* Older Linux distributions will provide a python command that refers
to Python 2, and will likely not provide a python2 command.
* Some newer Linux distributions will provide a python command that
refers to Python 3.
* Some Linux distributions will not provide a python command at all by
default, but will provide a python3 command by default."
Debian has forced the issue by choosing the third option[2]:
"NOTE: Debian testing (bullseye) has removed the "python" package and
the '/usr/bin/python' symlink due to the deprecation of Python 2."
Switch our shebang from "#!/usr/bin/env python" to "#!/usr/bin/env
python3" in some places. Remove some 2/3 version checks if we know we're
running under Python 3. Remove the "coding: utf-8" in a bunch of places
since that's the default in Python 3.
[1]https://www.python.org/dev/peps/pep-0394/#for-python-script-publishers
[2]https://wiki.debian.org/Python
(cherry picked from commit 30c392f166)
According to TS 44.060, figure 10.3a.2.1, note 2, the TLLI is
encoded in little endian for EGPRS (while big endian is used in GPRS).
(cherry picked from commit dfa8a3fe5a)