Use ws_strtou64 to convert __REALTIME_TIMESTAMP= and other timestamps,
which should work across platforms.
Bug: 16664
Change-Id: I371f2b60e1957e57dbbdbbc3ded5ad49e8eb79d1
Reviewed-on: https://code.wireshark.org/review/37849
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was previously limited to one byte (=4 slots), and afaik no readers
existed that supported more slots until now - now there is the sysmocom
octsim that as the name implies offers 8 slots.
Change-Id: I5eccc7b6fb0d3c12ef7d7379d3ee88b5e7c45b71
Reviewed-on: https://code.wireshark.org/review/37816
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change from master_split_.show() to packet_list_->show() in layoutPanes()
to avoid an issue where the pane sizes was stored with wrong values when
quit just after startup without loading a file.
This fixes a regression issue from g5ce52f74 and g7ebd5405.
Change-Id: I7ba1b5f8c9440d41d58dfd729013a0fd1e16be07
Reviewed-on: https://code.wireshark.org/review/37839
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Here we conform to the latest ieee1905 Multi-AP spec as tested by the
WFA. We also add support for reassembling ieee1905 messages.
Bug: 16660
Change-Id: Ic67784d7c213856a364f88c177ede9688271ea2a
Reviewed-on: https://code.wireshark.org/review/37574
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only do retransmission detection for CON and NON type messages.
Change-Id: I5b5d93800918a98d4d321d1dcd0f3090b485ba9e
Reviewed-on: https://code.wireshark.org/review/37842
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Construct FTDI FT reassembly table key based on desegment data. This
makes sure that the code can find corresponding data in the reassembly
table (which wasn't true for fuzzed captures).
Ping-Bug: 16691
Change-Id: I37f29aca07ec5e27f8a07db9233a9bb6d809dbda
Reviewed-on: https://code.wireshark.org/review/37841
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When scanning for Bad Command synchronization code 0xFA followed by the
command byte, only request reassembly if the last byte is 0xFA.
Ping-Bug: 16691
Change-Id: Ic04f47e2baece05c0a9a7f748d3035b18cf4e6a2
Reviewed-on: https://code.wireshark.org/review/37840
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Maintain separate RX and TX command info trees. When dissecting TX
packets during the first pass, the code has to traverse no more entries
than added by single TX packet. After the first pass there is no longer
a need to find the correct spot in the list, as the TX command info tree
points directly to the correct location.
Ping-Bug: 16691
Change-Id: Ie4a1d2e1152876b8b0a09308ed5a182b9a2e2895
Reviewed-on: https://code.wireshark.org/review/37837
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The snappy decompression routine has the same bug that was fixed for lz4 in
79576219c9 ("kafka: lz4: free the composite tvb only once").
Refactor the composite tvb handling for snappy as well. Allocate the
composite tvb only if we are cetain that data will be added to it.
Do not free the composite tvb ourselves, leave this to epan cleanup.
Change-Id: Ide3a88d1c02e525fe1aadd176068ce68c2330b98
Reviewed-on: https://code.wireshark.org/review/37838
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decryption of short header packets would fail if the client sends a SCID
due to a logic error. This was observed with Chrome 86.0.4198.2.
Thanks to Ashwin Jagadish for the report and sample capture.
Change-Id: I81f5ab1bc1ea1b379e4edd65969d3c3e58340065
Ping-Bug: 13881
Fixes: v2.9.0rc0-269-gec30d0b004 ("QUIC: implement connection migration (draft -10 and -11)")
Reviewed-on: https://code.wireshark.org/review/37830
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Display unknown TP types directly in the tree, users can then easily
look it up in sources such as
https://github.com/quicwg/base-drafts/wiki/Temporary-IANA-Registry
Fix display of large GREASE such as 0x3b318c8103de1274.
Change-Id: I6665fa4337e92ae973979813b7e58d66f38ae0fb
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/37829
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Display command code in command in packet entry. Fix command response in
linking when response for subsequent commands in packet was not in the
same packet as for the first command. Link to response packet only for
commands that actually have response.
Ping-Bug: 11743
Change-Id: I7c336202cf7d89b5cf785ad6ede8f1a71e0dc063
Reviewed-on: https://code.wireshark.org/review/37827
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FTDI FT does not have a sense of data segments. It simply transports
asynchronous data bytes between two parties. MPSSE dissector notifies
FTDI FT dissector when it needs more data to process command and/or
response using the desegment API.
FTDI FT assumes that the segment starts at the offset given by MPSSE and
ends when either MPSSE does no longer ask for more data, or when MPSSE
asks for more data but not from the beginning of tvb passed to it (when
packet contains both end of previous segment and start of a new one).
Ping-Bug: 11743
Change-Id: Ib400bedd4d61166c98f711e4ab132a3a3bd8051d
Reviewed-on: https://code.wireshark.org/review/37709
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The intention is to try to run this on the Petri-dish buildbot,
where it could run with '--commits 1' to warn about files touched
in the most recent commit.
Change-Id: Ie924d39e093d1fef8cfbdf02d15bbede386b2862
Reviewed-on: https://code.wireshark.org/review/37826
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We no longer support Qt 5.2 or earlier.
Change-Id: I94ba6df2120956dadfce407fd999d39250485bc6
Reviewed-on: https://code.wireshark.org/review/37821
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
predfined tf strings are used for the new introduced ring reduncancy flags
Change-Id: I5273eff410391bf4f104feea8602377698a97c8d
Reviewed-on: https://code.wireshark.org/review/37819
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Christian Krump <christian.krump@br-automation.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Our authors lists and man pages are encoded as UTF-8 and have been for
quite a while. Remove perlnoutf.pl and ensure that standard I/O uses
UTF-8 as described at
https://www.perl.com/pub/2012/05/perlunicook-make-all-io-default-to-utf-8.html/
Change-Id: I7016ec5e3a12934463b43bcfdde2c424069c20ac
Reviewed-on: https://code.wireshark.org/review/37817
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
According to specification, problematic Block Decode
is fixed.
Change-Id: I0d1a13a26771231eb6f05b18325ee2bb94e975bc
Reviewed-on: https://code.wireshark.org/review/37813
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid string literals while at it to avoid -Wpointer-sign warnings with
GCC 10. This has the additional benefit of avoiding storing the trailing
NUL byte after the data, resulting in a tiny reduction in binary size.
This compound literal syntax is supported since C99 which is permitted
by doc/README.developer.
Change-Id: I35f4d3a46aa78e12915d92136f1de0891131bede
Reviewed-on: https://code.wireshark.org/review/37818
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We need wmem_file_scope() to handle path attribute info after
MPLS/VNI label.
Bug: 16678
Change-Id: Ib487b271110c78d2d4ae10f01fc24cda3edc0713
Reviewed-on: https://code.wireshark.org/review/37790
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some ring redundancy flags available in the SOA frame.
These flags could be interesting for some users and should be decoded.
Bug: 16687
Change-Id: Ica20a9b2a87adf31dca3b064785cdac2e5bc3d2c
Reviewed-on: https://code.wireshark.org/review/37810
Reviewed-by: Christian Krump <christian.krump@br-automation.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
The page at
https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-printer
lists a number of printer attributes that correspond to the attributes
listed here.
Describe what the hidden attribute means, more clearly describe whta the
enable-devq attribute means, and clean up other descriptions to make
them more stylistically consistent.
Change-Id: I4830df6dc610bce6b7603750d5c4aa73685f6c28
Reviewed-on: https://code.wireshark.org/review/37806
Reviewed-by: Guy Harris <gharris@sonic.net>
From reading GNU libc's .x file for NIS+ (which has an Oracle America
copyright, suggesting that it was originally a file from Sun, and thus
likely to be the official NIS+ rpcgen file), and from reading the way
the GNU libc code treats the return value of the return value of an
NIS_CALLBACK RPC, it appears to be a Boolean where "true" means that the
callback in question is still running and "false" means it's not
running.
Label the results as such.
(I should probably really check the Illumos source to see if it includes
the NIS+ client and server and, if so, read that, so see what Sun's code
did.)
Change-Id: I4eb430dfca3d1162972a2a750effc31f626f20bf
Reviewed-on: https://code.wireshark.org/review/37791
Reviewed-by: Guy Harris <gharris@sonic.net>
The current dissector only allows 10 nested vlan tags and stops
dissections, if more are present.
This patch lets the TECMP dissetor reset the VLAN depth for
each embedded Ethernet frame it hands over the Ethernet dissector.
Bug: 16685
Change-Id: I29a726274a01c2ef296d4d1eeaffd6d5960db294
Reviewed-on: https://code.wireshark.org/review/37786
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the SMB 3.1.1 dialect, this field is interpreted as the Flags field, which indicates how the SMB2 message was transformed:
Encrypted 0x0001
- The message is encrypted using the cipher that was negotiated for this connection.
In the SMB 3.0 and SMB 3.0.2 dialects, this field is interpreted as the EncryptionAlgorithm field,
which contains the algorithm used for encrypting the SMB2 message. This field MUST be set to one of the following values:
SMB2_ENCRYPTION_AES128_CCM 0x0001
- The message is encrypted using the AES128 CCM algorithm.
For dissection it's enough to expect SMB 3.1.1, as the value and the meaning
of 0x0001 is always the same (as AES128 CCM was the only possible algorithm before 3.1.1)
Change-Id: I4bd796bd1be38ed4a6481aa7bf68cb5b2e3637d2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37785
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Introduced QT 5.7 calls in my recent change (also C+11, which is
required for QT >= 5.7). Providing an alternate code path for QT < 5.7
Change-Id: I866af35138d4691a659aee756ce9c3ce4ffb933f
Reviewed-on: https://code.wireshark.org/review/37779
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Gerald Combs
Eric Wild