This reverts commit d1fcb7dd34.
Warning the user multiple times about an invalid ssl.keylog_file every
time a SSL stream is encountered is an annoyance (in tshark), but
crashing in GTK+/Qt during live captures is even worse.
Disable the warning for now. Maybe detect it once at startup? That would
not cover removed files though.
Bug: 11488
Change-Id: I56b2eba1df0cff2309584a745b55ada238999fc4
Reviewed-on: https://code.wireshark.org/review/9687
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
TLS can be tunnelled over other protocols (e.g. TLS over EAP
over 802.1x), which are neither TCP nor UDP. In this case,
we would assume DTLS, which is typically wrong. Assume TLS
instead.
Change-Id: I45d70789f7fa793861297fc2e7a5f2be311bbbb1
Reviewed-on: https://code.wireshark.org/review/10416
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Its time has finally come.
Technically I just renamed it to proto_tree_add_text_internal and removed the WS_DLL_PUBLIC (so it shouldn't link outside of epan). It's still (legitimately) used by expert.c otherwise I would have made it static within proto.c (and the rename wouldn't have been necessary).
Change-Id: I9bdf888d5e92bc7b70a3f5461b9297a66d994b80
Reviewed-on: https://code.wireshark.org/review/10594
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
The existing code parsed the callback program number from
a packet and then registered the callback program number.
But since the RPC dissector checks for valid and known
program numbers, it never parses it out.
Anyway, NFS4_CALLBACK is a well known number - use it!
Change-Id: Ia812359102bf6620e3b83109eb918032155cd8d3
Signed-off-by: Tom Haynes <loghyr@primarydata.com>
Reviewed-on: https://code.wireshark.org/review/10558
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Passing a null pointer probably means there's really something else
wrong at a higher level. If we could arrange that the DISSECTOR_ASSERT
macros do something useful when *not* executed during a dissection, that
would work.
Change-Id: I2605d1e1f97d35370736852aaf29eeaf2c560279
Reviewed-on: https://code.wireshark.org/review/10592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It returns a null pointer if you do.
Change-Id: I3bc934a576dba261d1e71767978e3789a892e728
Reviewed-on: https://code.wireshark.org/review/10590
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The intent here is to remove proto_tree_add_text from packet-csn1.c, but the macros setup means A LOT more hf fields needs to be created.
Many of those new hf fields were created with a perl script
Bug: 11504
Change-Id: If12c7677185f18a7f684fd3746397be92b56b36d
Reviewed-on: https://code.wireshark.org/review/10391
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We call cf_cb_file_rescan_{started,finished} in rescan_file. Do the same
in rescan_packets. In the Qt UI this ensures that flushVisibleRows gets
called so that packet_list_select_row_from_data works as expected.
Change-Id: I425b7beb0f97a7d5b84c979fca65b877673b4722
Reviewed-on: https://code.wireshark.org/review/10569
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
TCPROS is a transport layer for ROS Messages and Services.
It uses standard TCP/IP sockets for transporting message data.
Inbound connections are received via a TCP Server Socket with a header containing message data type and routing information.
For more information, see: http://wiki.ros.org/ROS/TCPROS
Bug: 11404
Change-Id: If8810dbb2cb6d6522eb035fd0fa1cf49933bad3d
Reviewed-on: https://code.wireshark.org/review/9807
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Added support for Delegated Mobile Network Prefix as
defined in RFC 7148.
- Corrected the issue where GRE Key option with no key
was not displayed properly.
- Also added append-text for the HNP option to also
display the HNP value.
Change-Id: I42a4bc1627e9e764f10d96aa3988c1f430f00ceb
Reviewed-on: https://code.wireshark.org/review/10565
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the ability to identify an instance of the dissector table to be modified by 'Decode As' thanks to pinfo->curr_layer_num
For now only IPv6 makes use of it but it could be extended to any other protocol
Also get rid of ipv6.nxt protocol: it is not required for 'Decode As' functionality and was colliding with ipv6.nxt field
Change-Id: I3c7403c77328ad7170e13af028d178f962a2b508
Reviewed-on: https://code.wireshark.org/review/10552
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
A little usability improvement: Warn user on connection and channel
errors and when a message is undeliverable.
Change-Id: I6106a63472b1fb5cbbabcf82a90af0f489030458
Reviewed-on: https://code.wireshark.org/review/10573
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "old" method of populating the INFO column was to dissect all fields of a function/subfunction, then do a search in the tree to find the hf_ values of interest to then format into something for the INFO column. This is very expensive and requires "low level" APIs (for tree manipulation) which really shouldn't be used in a dissector.
The "new" method populates the INFO column at the same time a field is parsed, so nothing has to be revisited.
There are still expert infos (and possibly column APIs) under if (tree)s, but with the FAKE_TREE_IS_VISIBLE "hacks" removed, there should be less fear in removing the tree checks.
Change-Id: I847827395fc28704f468df8bc8b47b297dde8479
Reviewed-on: https://code.wireshark.org/review/10572
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Including:
1. Using ENC_BIG_ENDIAN and ENC_LITTLE_ENDIAN instead of self made macros
2. Creating an "expert info hook" so that fields can be parsed "in real time" and added as expert info instead of searching by field name and manually getting values. Most of the expert info is still under if (tree)s, but this is another step closer to removing all of the "manual labor" done that requires "special handling" of all tree functionality. Once the "manual labor" is removed, this dissector can behave like every other dissector and the if (tree)s can be removed with more abandon.
Change-Id: If2c6a4c723e12e070e68d6df2d492d4b5ac35123
Reviewed-on: https://code.wireshark.org/review/10555
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It makes more sense (not trying to decode UDP/TCP ports as HTTP) and is consistent across dissectors tables (while currently we have an empty field for tables other than UDP/TCP)
Change-Id: I794529f0f46b4197437a1d258f808991ae2338ad
Reviewed-on: https://code.wireshark.org/review/10571
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Connect itemSelectionChanged to header label updates instead of
currentItemChanged, which seems to be more reliable.
Change-Id: I29f8f2144ad6584e0612d43ec3aac5b258f08ebd
Reviewed-on: https://code.wireshark.org/review/10570
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The GTK+ update_progress_dlg() initially forces a UI update. Do so in
the Qt version as well.
Change-Id: I05d9e61a0d0e4e05af448039bbb81785ac00908c
Reviewed-on: https://code.wireshark.org/review/10568
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Otherwise you end up with a 'End of capture exceeded' popup when calling rescan_packets() with only a few packets in the capture
Change-Id: Idb387ce95f1d22b934e735c350ea0c117763d89a
Reviewed-on: https://code.wireshark.org/review/10567
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Setting a zero port still allows it for selection in the UAT dialog
while not breaking HTTPS dissection.
(In theory the UAT setting would work. In practice it would still call
ssl_dissector_add and take over the SSL registration for all tcp/443
traffic. On removal with ssl_dissector_remove, the HTTPS port is not
added back again until a restart (or until the HTTPS ports list is
changed from the default) because the spdy registration overwrites the
HTTP one...)
Also note that NPN detection for SPDY is not implemented, only ALPN
detection is supported.
Bug: 10984
Change-Id: I6e84aa6408abf40bb860abee4845731ce55ce254
Reviewed-on: https://code.wireshark.org/review/10517
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
If an RTP payload spans more than two packets, the dissector needs to
save the previous fragment info.
Bug: 11413
Change-Id: I62558f40136881d70bf2a9597eabd3697966ac4a
Reviewed-on: https://code.wireshark.org/review/9875
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support decode of tag/value
Only try to decode handshake when sequence number = 1
(Working on function to check if the packet is handshake..)
There is sometimes issue for decode ACK Special Frame Type...
Bug: 11494
Change-Id: If1f4051fc9c11d343acb7f15f94a325d4243a070
Reviewed-on: https://code.wireshark.org/review/8171
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace DSCP/ECT/CE with DSCP/ECN for IPv6.
Introduce short descriptions for DSCP/ECN values.
Formating changes:
- Make IPv4 and IPv6 as similar as possible.
- Display short abbreviations only for "Differentiated Services Field".
- Display DiffServ field as hex for IPv4.
- Elide leading zeros from hex representation from DiffServ field for IPv6.
- Display DSCP/ECN as decimal in subtree (same as "IP DSCP" column format).
Change-Id: Ia69d11dc9c1d752eb2e269314287c885506b5353
Reviewed-on: https://code.wireshark.org/review/10360
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
RSA private keys are typically not found in network captures, so let's
just remove it. This removal avoids overloading the pkcs1.modulus
field with the same meaning from two different contexts (RSAPrivateKey
and RSAPublicKey).
Change-Id: I65239718e6fc801fc53fa46c467dc86620aa3b29
Reviewed-on: https://code.wireshark.org/review/10546
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At least on Linux/X11 with Qt5 this appears to be necessary so the progress
bar updates more than once every 2 seconds or so (when loading a large file).
Change-Id: I7eea9c0d97d24bc14ad75f082a3531dcf1a3b6ae
Reviewed-on: https://code.wireshark.org/review/10559
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Bug: 10791
Change-Id: I58c35c757039e69111a39100f5ccb306e098d591
Reviewed-on: https://code.wireshark.org/review/10519
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When updating the progress dialog (which happens each time we read a
packet) the GTK+ UI processes application events every 100ms. Do the
same in the Qt UI.
Ping-Bug: 11515
Change-Id: Ic53eade05c0b82bf436c08618f28506c5fcdbc94
Reviewed-on: https://code.wireshark.org/review/10554
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
beginInsertRows + endInsertRows is expensive. Instead of calling them
each time we add a packet to the list, queue up a list of visible packets
and flush it during the next UI update.
Assume that none of our column data has newlines. Enable
uniformRowHeights and only disable it when we need to. Note that this
requires further work.
Ping-Bug: 11515
Ping-Bug: 10924
Change-Id: Ifbdd2964b174247a4745d4889ebda5bf3b886ba4
Reviewed-on: https://code.wireshark.org/review/10553
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The dissector is doing a lot of unnecessary "manual" operations. Start the process of simplifying that to encourage use of general APIs and put control of the "field name" in the hands of the hf_ entry it belongs with.
Change-Id: I5b048c04858ac4a846a276ba12d61c665deb66f8
Reviewed-on: https://code.wireshark.org/review/10547
Reviewed-by: Michael Mann <mmann78@netscape.net>
in this case, it's enough to exit the switch block and try to continue
with the next element
we might now end up with ie_item==NULL after the switch, so replace the
assertion with a check
Change-Id: Id54346077eb8aa12b22575f3ab6fa80087f240ce
Reviewed-on: https://code.wireshark.org/review/10549
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
by default, an empty byte array (FT_BYTES) is represented as an empty string
thus, using "Apply as Filter / Selected" on such an item creates an
invalid display filter expression, e.g. dvb-ci.mmi.char_tbl==
represent an empty byte array as "" if we're compiling a display filter
expression
Bug: 11526
Change-Id: Ie94507a24a496e0c25bcdadfab72fdf9fb35958a
Reviewed-on: https://code.wireshark.org/review/10540
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
replace switch-case with if
remove an initial value that's overwritten immediately
Change-Id: I98487ed08f91416179fcbbbaf80bf1b126a8d1c2
Reviewed-on: https://code.wireshark.org/review/10548
Reviewed-by: Anders Broman <a.broman58@gmail.com>
anymore).
Also make the RPM follow configure's qt4-vs-qt5 choice.
Change-Id: I832af99e055d42b92f3a7c8e4378c7a9d5d628b9
Reviewed-on: https://code.wireshark.org/review/10532
Reviewed-by: Jeffrey Smith <whydoubt@gmail.com>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
When the HTTP dissector passes data to a subdissector, it should also
propagate the desegmentation ability. Otherwise subdissectors (such as
HTTP2) will not be able to handle large DATA frames.
Reported by Alexis, verified with his capture.
Change-Id: I831a78e8d1ad08536e3d0d870012e427ce289b1b
Reviewed-on: https://code.wireshark.org/review/10544
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The fix for bug 11331 has as side-effect that the HTTP part of a
conversation is not dissected on the second pass.
Fix it by calling the HTTP2 dissector only when it was detected via
heuristics, and not via Upgrade (since that would be handled by the
http loop).
While at it, remove the use of tvb_new_subset_remaining since the
original tvb is not touched and move the comment about the proxy to the
right place.
Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
(via heuristics).
Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
Reviewed-on: https://code.wireshark.org/review/10541
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The invalid message occurred for an ack of a TCP segment
which included both retransmitted data and additional new data.
Bug: 11506
Change-Id: Id981d04c91b9e69b6ee1e0dea85aed142bf32594
Reviewed-on: https://code.wireshark.org/review/10395
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
In the past large integers would be displayed as text, later on this
was changed into a "proper" header field. In most cases you do not want
to see "ber.64bit_uint_as_bytes" though, but the original field name.
This patch allows fields that are marked as FT_BYTES to be displayed
with their original header field details (name, description, etc.).
Change-Id: I4ab1a4cce649a225c73298fbf4dcf1692c693a03
Reviewed-on: https://code.wireshark.org/review/10539
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Peter Wu