For a value_string_ext, the values must be in numerical order.
Change-Id: I43063b59a8c15d7d1fcdca07d4ae9fd89917427d
Reviewed-on: https://code.wireshark.org/review/27058
Reviewed-by: Guy Harris <guy@alum.mit.edu>
../epan/tvbuff.c: In function 'tvb_new_octet_aligned':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
^
../epan/tvbuff.c: In function 'tvb_find_line_end_unquoted':
../epan/tvbuff.c:274:26: error: 'abs_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
*rem_len = tvb->length - *offset_ptr;
^
../epan/tvbuff.c:486:8: note: 'abs_offset' was declared here
guint abs_offset, rem_length;
Change-Id: Iba9fe31ac5fcf604d65bbf3bceef0c09004c1b6c
Reviewed-on: https://code.wireshark.org/review/27050
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Draft 11 swapped the Connection ID field with version in long packet.
CIDs are split into two and can now become up to 18 bytes. The column
will now display "DCID=1234" (or "SCID=1234" instead of "CID: 0x1234").
Recognize new short header flags, but maintain draft -10 dissection.
The VN and Long Header packet share much more common fields now, so pull
out some code from Long Header packets dissection.
Drop "LH", "SH" (can be inferred from other information) and
unabbreviate "VN" for columns.
Bug: 13881
Change-Id: Ifabd8f09f388f0c4c6afe78d939c1cff6b5f161b
Reviewed-on: https://code.wireshark.org/review/27009
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Opening a context menu in the expert dialog resulted in an UBSAN warning
because ExpertInfoModel::data is invoked with a proxy model index. Rely
on the proxy to perform this mapping (change filterActionTriggered to
avoid direct model access while at it).
Change-Id: Id399f44b954b87d7d4dd0341fbedb391ab1b13da
Fixes: v2.5.0rc0-1966-gb0112e60ad ("Add a model to use for Expert Info dialog.")
Reviewed-on: https://code.wireshark.org/review/27025
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add a "contained length" to tvbuffs. For non-subset tvbuffs, that's the
same as the reported length. For a subset tvbuff, that's the amount of
the reported data that was actually present in the "contained data" of
the parent tvbuff.
This is unaffected by the *captured* length of any tvbuff; that differs
from the contained length only if the capture was cut short by a
snapshot length.
If a reference is within the reported data, but not within the contained
data, a ContainedBoundsError exception is thrown. This exception
represents a protocol error, rather than a reference past the captured
data in the packet; we treat it as such.
Change-Id: Ide87f81238eaeb89b3093f54a87bf7f715485af5
Reviewed-on: https://code.wireshark.org/review/27039
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We no longer have TVBUFF_ values corresponding to different types of
tvbuff; we have, instead, a set of method pointers for the different
types. Refer to the types by name, rather than by TVBUFF_ value.
Expand the description of some fields in the tvbuff structure.
Change-Id: I38b5281df247ddd66b4e39abfc129053a012d241
Reviewed-on: https://code.wireshark.org/review/27036
Reviewed-by: Guy Harris <guy@alum.mit.edu>
[packet-ber.c:2687]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-erf.c:2475]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-fmp.c:378]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-http2.c:2050]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-obd-ii.c:643]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
[packet-yami.c:244]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour
Change-Id: Ie71f9f7c8f863d1e9c693bd56444f00bdad48042
Reviewed-on: https://code.wireshark.org/review/27019
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
The doc has a mixed way of providing example, both without executable
name and with it. Add it to all the provided examples. Add highlight of
tshark in examples, too.
Change-Id: I99d83201cc897629f186aabd20c0add9c7c53b93
Reviewed-on: https://code.wireshark.org/review/27034
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The generated elastic mapping file is huge and it can hassle softwares
like Kibana. This change adds the ability to append desired filters
that will appear in the mapping file.
This change adds the option --elastic-mapping-filter <protocols> to tshark.
Example: tshark -G elastic-mapping --elastic-mapping-filter ip,udp,dns
make only those 3 protocols to appear in the mapping file.
Change-Id: Ie2dcd6e44be2d084e8e50cd6554bd90178da4e38
Reviewed-on: https://code.wireshark.org/review/27001
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
JSON-GLIB depends on GObject. To avoid "undefined reference to
'g_object_unref'" with the gold linker, include gobject directly.
As the files are included with the GLib package, adjust FindGLIB2.cmake.
Change-Id: I007d30b89cc07d8746cee6b619832a722f086105
Fixes: v2.9.0rc0-201-g511c2e166a ("tshark: add -G elastic-mapping report.")
Reviewed-on: https://code.wireshark.org/review/27007
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the option length is >= 2, so that it's long enough to include the
code and length, always put it into the protocol tree, even if the
length is invalid. If the length is invalid, attach an expert info item
to the length field, rather than putting it into a top-level item of its
own.
Use a length of -1 for the top-level item for an option, rather than
what the length is supposed to be; that way, we don't throw an exception
if the option is too short - we just attach the aforementioned expert
info item to the length.
Change-Id: If2d987fa10739a7da28ca2c39515bfdf50da6ef9
Reviewed-on: https://code.wireshark.org/review/27018
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All WiresharkDialog instances have a "captureEvent(CaptureEvent)" method
that requires the definition of "CaptureEvent" from capture_file.h.
By luck, this definition is available for CMake builds due to the
generated MOC headers being included in the right order, but this cannot
be relied on. On an autotools build with less luck:
main_status_bar.moc.cpp: In static member function ‘static void MainStatusBar::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)’:
main_status_bar.moc.cpp:241:86: error: invalid use of incomplete type ‘class CaptureEvent’
case 28: _t->captureEventHandler((*reinterpret_cast< CaptureEvent(*)>(_a[1]))); break;
Create a new header file to limit exposure of the CaptureFile class.
Change-Id: I4ab609f13b9438797e39e7b98f367da35536979b
Fixes: v2.9.0rc0-186-g57bf7e4347 ("Qt: Fix memory leak for CaptureEvent")
Reviewed-on: https://code.wireshark.org/review/27003
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Drop support for draft -08 and draft -09, add support for draft -10
handshake decryption only (requires a new salt as well as a HKDF label
change). Fixed a bug in qhkdf_expand (swapped length and "QUIC " label)
which affects KeyUpdate (which was initially untested).
Bug: 13881
Change-Id: I5f3e2fe71ef0fd929d3271ecea3a8870f90e3934
Reviewed-on: https://code.wireshark.org/review/26992
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously a filter such as `http.request.method in {"GET"HEAD""}` would
be parsed as three strings (GET, HEAD and an empty string). As it seems
more likely that people make typos rather than intending to construct
such a filter, forbid this by always requiring a whitespace separator.
Change-Id: I77e531fd6be072f62dd06aac27f856106c8920c6
Reported-by: Stig Bjørlykke
Reviewed-on: https://code.wireshark.org/review/26989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixup a dependency and make sure we create the API reference from
scratch.
Change-Id: I832d1772eb8b4f07cab6f04d164cac10c70ab3bb
Reviewed-on: https://code.wireshark.org/review/26990
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove GTK+ entries from .gitignore and start removing it from
packaging.
Change-Id: I70391000906e983eab250c8158b486c3dc6d4a16
Reviewed-on: https://code.wireshark.org/review/26988
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Guy Harris