When updating the progress dialog (which happens each time we read a
packet) the GTK+ UI processes application events every 100ms. Do the
same in the Qt UI.
Ping-Bug: 11515
Change-Id: Ic53eade05c0b82bf436c08618f28506c5fcdbc94
Reviewed-on: https://code.wireshark.org/review/10554
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
beginInsertRows + endInsertRows is expensive. Instead of calling them
each time we add a packet to the list, queue up a list of visible packets
and flush it during the next UI update.
Assume that none of our column data has newlines. Enable
uniformRowHeights and only disable it when we need to. Note that this
requires further work.
Ping-Bug: 11515
Ping-Bug: 10924
Change-Id: Ifbdd2964b174247a4745d4889ebda5bf3b886ba4
Reviewed-on: https://code.wireshark.org/review/10553
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The dissector is doing a lot of unnecessary "manual" operations. Start the process of simplifying that to encourage use of general APIs and put control of the "field name" in the hands of the hf_ entry it belongs with.
Change-Id: I5b048c04858ac4a846a276ba12d61c665deb66f8
Reviewed-on: https://code.wireshark.org/review/10547
Reviewed-by: Michael Mann <mmann78@netscape.net>
in this case, it's enough to exit the switch block and try to continue
with the next element
we might now end up with ie_item==NULL after the switch, so replace the
assertion with a check
Change-Id: Id54346077eb8aa12b22575f3ab6fa80087f240ce
Reviewed-on: https://code.wireshark.org/review/10549
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
replace switch-case with if
remove an initial value that's overwritten immediately
Change-Id: I98487ed08f91416179fcbbbaf80bf1b126a8d1c2
Reviewed-on: https://code.wireshark.org/review/10548
Reviewed-by: Anders Broman <a.broman58@gmail.com>
anymore).
Also make the RPM follow configure's qt4-vs-qt5 choice.
Change-Id: I832af99e055d42b92f3a7c8e4378c7a9d5d628b9
Reviewed-on: https://code.wireshark.org/review/10532
Reviewed-by: Jeffrey Smith <whydoubt@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
As noted in:
https://ask.wireshark.org/questions/45835/wireshark-mate-correlation-multiple-gops
Realistically all MATE's times should probably be converted to
FT_RELATIVE_TIMEs but that's a project for another day.
Change-Id: I11f640be769d16ccfd787ae2d7f3837fa03ad379
Reviewed-on: https://code.wireshark.org/review/10537
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Rane make -C asn1 and found this missing change.
Somehow the unnecessary initialization was not included with the
dissector regeneration in 3243b6f964
("asn1: split off cleanup routines").
Change-Id: I26d6f0ca4e7fa0b791108f016c684556da5d06e8
Reviewed-on: https://code.wireshark.org/review/10538
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
I'm guessing fix-encoding-args.pl doesn't work on packet-ncp2222.inc because the hf_ declarations/definitions aren't in the file itself, so it can't figure out endianness or field type. So to bring the file up to modern coding standards, I did it "manually". In general I think this file has escaped critique because of the "generated" nature of the dissector.
Also removed tvb_ensure_bytes_exist and tvb_get_ptr use as both were superfluous.
Change-Id: I224f0ce15f8eb93c48ecb8eea66d161d98468f23
Reviewed-on: https://code.wireshark.org/review/10502
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Modifications to ncp2222.py
Add absolute time values eptime for file/volume info
Add support for 64 bit File Transfer NCP's (22/54, 22/55, 22/56, 22/57, 22/58, 87/70, 87/71, 87/72, 87/73, 89/41, 123/35)
Fix numerous dissection errors in NWInfo and ExtNWInfo structures
Fix some indention (white space) in source
Modifications to packet-ncp2222.inc
Change seq count rollover value to 16 instead of 255 to make it more robust
Add ncp 87,72 reply
Add ncp 8x20 request
Fix ncp 8x20 reply
Change-Id: I80bdcc5854c02edd4ea51c74aa0bbc9c0e062bc1
Reviewed-on: https://code.wireshark.org/review/10017
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Broken in ge450b9b, when it stopped being static (which fixed other bugs). Conversations still need the fchdr "address" data to remain in scope.
Bug:11457
Change-Id: I17a3814bf76d2940124a2700fb6b12c6d7d834c1
Reviewed-on: https://code.wireshark.org/review/10518
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A few calls in the epan directory and comments in the ui directory
Change-Id: Ia8f8830ac6909ab94d3a03283bfd173456bc9718
Reviewed-on: https://code.wireshark.org/review/10492
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
After some analysis, update the dissector
Display only VC IP when type = 3, 4, 5 or 7
Change-Id: I53214125eebe978f67f6503072638ce3521cd155
Reviewed-on: https://code.wireshark.org/review/10441
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The spec file for building RPM's is not currently set up to handle
using Qt5 rather than Qt4.
This change adds Qt5 support to the spec file.
Change-Id: Ie726603377953bec41692a21148325829a26ba9a
Reviewed-on: https://code.wireshark.org/review/10276
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Add 34 attributes.
All attributes for this day should be supported now.
Expect 3:
0x2906 - Valid Range
0x2A2A - IEEE 11073-20601 Regulatory Certification Data List
0x2A4D - Report
The first is hard to implement now, the second needs to buy
specification, the last one will be implemented later - when USB HID
implementation will be full.
Please note that FLOAT/SFLOAT types are now supported right now.
Change-Id: I0499e17257aa8cb831fbd0cf1524d8e59c98cac7
Reviewed-on: https://code.wireshark.org/review/10526
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Finally we have FT_UINT40, so used it in Bluetooth ATT and
HDP dissectors.
Change-Id: Iab0e71345f031bca972b1eee20d7e95e193b2aef
Reviewed-on: https://code.wireshark.org/review/10527
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
"GN" does not seems to be really useful, but "PAN GN" is reasonable.
Change-Id: Ia04aa20e4b95743c7db46e87606e3843a124d7e4
Reviewed-on: https://code.wireshark.org/review/10524
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add error codes from AVDTP, GAVDTP and A2DP 1.3.1.
Change-Id: Ida7c8041bafcd954d9939c165808347f16c542a8
Reviewed-on: https://code.wireshark.org/review/10523
Reviewed-by: Michael Mann <mmann78@netscape.net>
The comment was valid, the private key is already looked during the
ClientHello message (using ssl_find_private_key) and since the key is
only used during the key exchange, it is not needed to look it up that
early.
Verified with the test suite (DTLS Decryption).
Change-Id: Ia084a40d98cd74c77e9f1659ac57eeb8d44e59b6
Reviewed-on: https://code.wireshark.org/review/10529
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Those lengths had better fit in an int if they're added to packet offsets.
(BTW, gsize is the spawn of Satan; it should never be used except when
you're dealing with GLib. It *should* have just been another name for
size_t, but it's 32 bits on 64-bit Windows, which means it's narrower
than size_t, which causes us some pain with g_snprintf().)
Change-Id: Icd8f0632242303dbea0d80e0dad45b317097daaa
Reviewed-on: https://code.wireshark.org/review/10516
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only make one pass through the parameter list, adding fields as we go. Use a
wmem_strbuf to simplify string construction. Extract the "add a param" switch
into its own function so it can be called from two different places.
Should be far easier to reason about, and much more efficient.
Change-Id: I0818e0b98cbc6d2025c776bce82e56fb72e8753a
Reviewed-on: https://code.wireshark.org/review/10505
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Uli Heilmeier <openid@heilmeier.eu>
Reviewed-by: Evan Huus <eapache@gmail.com>
ServerRes message does not follow other message when it comes to
provinding the list of ip-addresses. The type of ip-address (IPv4
or IPv6 does not depend on the protocol version but the length of
the message.
Fix: ipv4 address displayed as ip-address
Change-Id: Ie16f81c9482b30a80da37b9327b09e933d7808f8
Reviewed-on: https://code.wireshark.org/review/10513
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also save the new value in preferences
Change-Id: Ie1a942669ebc2824c999621ecd948425b3b49574
Reviewed-on: https://code.wireshark.org/review/10500
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Limit PacketListModel::recreateVisibleRows to checking for packets that
passed the display filter. Remove the call to resetColumns, which
invalidates the column string cache.
Call PacketListModel::resetColumns from PacketList::columnsChanged.
Along with invalidating the column string cache, this triggers a widget
update which means we shouldn't need to call recreateVisibleRows or
redrawVisiblePackets. Remove them.
Change-Id: Ic25f139e2c2f8cdebb2a868ccda7eb4127a3013c
Ping-Bug: 11324
Ping-Bug: 11514
Reviewed-on: https://code.wireshark.org/review/10491
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This commit adds handling for option 242 to bootp.
The value of the Avaya option 242 is a string containing a list of
several suboptions seperated by a ",".
However some suboptions may have multiple values also seperated by
a comma. The values may be enclosed in quotes.
A real-life string e.g. looks like:
MCIPADD=10.1.1.2,10.1.1.3,TLSSRVR=10.1.1.5,VLANTEST=60,L2Q=1,L2QVLAN=77
Documentation can be found here:
https://downloads.avaya.com/elmodocs2/one-X_Deskphone_Edition/R1.5/output/16_300698_4/admn054.html and
http://downloads.avaya.com/css/P8/documents/100068659
A set of crafted packets is attached to the bug.
Bug: 11021
Change-Id: I99b557a952fd34c0fcab6d0a5311440969316973
Reviewed-on: https://code.wireshark.org/review/7443
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Ethernet addresses are only 6 bytes in size, reading it as a 64-bit
integer is invalid. Use unsigned 8-bit integers instead.
Caught by UBSAN and Address Sanitizer. Trigger via the Statistics menu
Resolved Addresses (Qt) or Show address resolution (GTK).
Change-Id: I628ff7cce0ea4f4e378c7968cd79a0ae34cdd20b
Reviewed-on: https://code.wireshark.org/review/10443
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is further encouragement to not try to manually create a bitstring while formatting a field.
Change-Id: I4efbeb39a210cf1fd26203cd8560859276b333b0
Reviewed-on: https://code.wireshark.org/review/10494
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Gerald Combs