The "Previous/Next Packet in Conversation" actions accidentally
overwrites more specific filters (like TCP port matching) by less
specific ones (like IP addresses). This resulted in strange behavior
where packets from different TCP streams were selected.
Change-Id: Ifa93064e1db3777fa3c12e2220bbb0b36b9478fe
Reported-by: Christian Landström
Reviewed-on: https://code.wireshark.org/review/22274
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Solves a UBSan runtime error null pointer passed as argument 1, which is
declared to never be null.
It can be reproduced with the pcap from bug 13603
Change-Id: I0d6fdddcccc892b3141855d59be372887afcaca5
Reviewed-on: https://code.wireshark.org/review/22272
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removing the toggle indicator. Search behaves now the same as it
does for e.g. in SublimeText
Change-Id: I4523001b536caa116bcb989f0850aa769c6220f8
Reviewed-on: https://code.wireshark.org/review/22280
Reviewed-by: Roland Knall <rknall@gmail.com>
Ensure the user profiles directory is created at startup so that
users can put downloaded profiles without creating the directory.
Change-Id: Ib06bb3055daef8fd9e78d7887ce56f8fe50e48bf
Reviewed-on: https://code.wireshark.org/review/22275
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Correct a couple of entries related to Konica Minolta.
Change-Id: I3acea1cf7ab1ad9be5d1b367a1015f5205b9e80b
Reviewed-on: https://code.wireshark.org/review/22268
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed 'len' from IPv4, not needed
Added more test coverage for IPv6 in dftestlib
Change-Id: I1ca80e2525f32f6095ad73352baba733f4694ced
Reviewed-on: https://code.wireshark.org/review/22260
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not put the wireless timeline in the main view with splitters, it has
a fixed size anyway and is not taken into account for layout and size
calculations for the panes.
Bug: 13776
Change-Id: I71da962950c3f1b215908674f4852afa76744343
Reviewed-on: https://code.wireshark.org/review/22242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Simon Barber <simon.barber@meraki.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allows duration to be calculated to 0
Handles generators where PHY type is not reported, but it can be
determined from the rate.
Change-Id: Ic0b9e1b0e3e51f4d5b670d25fea064daf250a55f
Reviewed-on: https://code.wireshark.org/review/22261
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 13813
Change-Id: Ic1582406896b2d4d3505ae1d3bb79cdbafa481da
Reviewed-on: https://code.wireshark.org/review/22247
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
There are lots of if (tree) checks. Start removing some which
are obviously unnecessary.
Change-Id: I3f8e4b82cd84d8e92ae79492d705438e2df739bb
Reviewed-on: https://code.wireshark.org/review/22238
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When going to a packet (first, last, next, prev and specific) during
capture we must turn off auto scroll to let the packet be shown
in the packet list.
Change-Id: If1c615eb4d422c3b4c0418114064f7a4a0b75b35
Reviewed-on: https://code.wireshark.org/review/22244
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With live or large capture files and asynchronous name resolution this can
cause serious scrolling issues as the name resolutions come in.
Bug: 12074
Change-Id: I1a5cca410c0608927b32e9e7107885370caf14d7
Reviewed-on: https://code.wireshark.org/review/22245
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously proto_tree_add_none_format() could be called with any type
of field type, not FT_NONE only.
Change-Id: I78976a168fc1bf606b72ad38d284bb0bd1794b03
Ping-Bug: 13780
Reviewed-on: https://code.wireshark.org/review/22243
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
We can simply stop the dissection and exit.
Change-Id: Ida8895513a1949fe5826ab89ffec2168642a9e89
Reviewed-on: https://code.wireshark.org/review/22237
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The 'U-RNTI' field in RLC Info struct is both used in the code and shown in the UI as a generic unique 'UE ID' (not specificly U-RNTI, although sometimes it is)
This commit renames the field to fit it's usage.
Change-Id: Ib42b8ed5192fe60c9a164d6d225634be53708c66
Reviewed-on: https://code.wireshark.org/review/22225
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Qt UI doesn't have a popup that tells you how long your file has been
loading. So let's set the load time each time we update the packets bar.
(Obviously this is only useful when you're waiting a long time for a file to
load...)
Change-Id: I9da372800a12454888439e2baf3d2a848c611501
Reviewed-on: https://code.wireshark.org/review/22234
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previous code assumed that list decoding was successful and that some
bytes were consumed. Let's explicitly check this.
Bug: 13780
Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb
Reviewed-on: https://code.wireshark.org/review/22235
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check that we do not have any overflow when converting words to bytes
Bug: 13810
Change-Id: I43604f7bab427fc542c281e386ab9b994338366d
Reviewed-on: https://code.wireshark.org/review/22227
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In 609ea4baa6
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I4769fc10d74fe7358f9794b9697591c61324e883
Reviewed-on: https://code.wireshark.org/review/22239
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When opening the enabled protocols dialog from a protocol preferences
menu we must flush app signals to ensure a redissect is done.
Change-Id: I512b8f6959aabcc15ccffc67615583ee9c60ceec
Reviewed-on: https://code.wireshark.org/review/22224
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If the searchbar is already open focus on the bar and highlight
existing test, instead of closing an already open bar
Change-Id: I4f8ae2e903cb65c0ebca238f3bcc1c62b63b5c3b
Reviewed-on: https://code.wireshark.org/review/22223
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace with easier to understand and already present NAME_RESOLVED given dummy address is always filled.
Change-Id: If8464f89e88722aac70689749fe0d4a31c119db2
Bug: 13798
Reviewed-on: https://code.wireshark.org/review/22110
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Heuristic PCH dissector was trying to access the packet's header (4 bytes) without asserting these bytes exist
Change-Id: Id2747e00ed353b1962293b3cd3ea6fbe9449a81d
Reviewed-on: https://code.wireshark.org/review/22220
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
To match the recently renamed file name.
Change-Id: Id784b955ec96a52a5f380d415094dce81e1774d5
Reviewed-on: https://code.wireshark.org/review/22222
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Implemented dissector to parse zigbee commands within SE metering cluster
Change-Id: Iffb179c3e6db88b91b9ec96ed4d4b12bbeac682e
Reviewed-on: https://code.wireshark.org/review/22221
Reviewed-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I3bdca418801305d71b33fa07396497d82ad06e33
Reviewed-on: https://code.wireshark.org/review/22212
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
In change 18a3b0659c, I moved the table
that uses it, but not the actual definition, from libpcap.c to
pcap-common.c; they both should have been moved. Make it so.
Change-Id: I266fce455df3848b873cdfadb12cecdbf9c8d4d3
Reviewed-on: https://code.wireshark.org/review/22216
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In 609ea4baa6
(I459249b98741cc069495c84ad4c47c0aa6768096) I unintentionally removed
the registration. Put it back.
Change-Id: I7cf216378e1610350949910091ee187ce150ca05
Reviewed-on: https://code.wireshark.org/review/22213
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Original sanity check was missed for fragmentation
Bug: 13755
Change-Id: If9e24e01a119c869b02f198456776c8e6c6f2ad0
Reviewed-on: https://code.wireshark.org/review/22193
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Set the merge module path based on our platform and version of Visual
Studio.
Change-Id: Ic866447f36d5264d61fc988f3f9d8b4d2e5c0827
Reviewed-on: https://code.wireshark.org/review/22192
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Currently the UMTS FP & MAC dissector's are named packet-umts_X.
This commit renames the UMTS RLC's files to show their relation.
Change-Id: I9e37be95f7c7d08278075a49b8abc2b480a13d64
Reviewed-on: https://code.wireshark.org/review/22188
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For at least Qt, the main_window_update callback is not necessary to
make the stop button work. When restarting a live capture during a
flood (via Ctrl-R), this callback actually results in an infinite loop
in MainWindow::captureStop since the capture state never changes from
FILE_READ_IN_PROGRESS.
Remove this callback to ensure that the problematic
pipeActivated / sync_pipe_input_cb / capture_input_new_packets /
main_window_update / ... / on_actionCaptureRestart_triggered /
testCaptureFileClose / captureStop sequence is avoided.
Even though captureStop invokes capture_stop, I guess that this does not
change the state because the pipeActivated callback is already active.
Bug: 10917
Change-Id: I6ca4fa946963928b7bc8a53ca14f9a9a3a35eaa7
Reviewed-on: https://code.wireshark.org/review/22097
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
testCaptureFileClose can also be invoked while reading an existing
capture file (the original comment only applied to GTK+, not Qt). When
the user quits Wireshark while reading an offline pcap, this could
result in a confusing "Unsaved packets" dialog. Fix this by checking the
actual capture session state.
After fixing this, the next issue is that cf_close trips on an assertion
("cf->state != FILE_READ_IN_PROGRESS"). To address this problem, do not
close the capture file immediately, but signal to the reader (cf_read)
that this should be done (similar to the quit logic in GTK+).
Bug: 13563
Change-Id: I12d4b813557bf354199320df2ed8609070fdc58a
Reviewed-on: https://code.wireshark.org/review/22096
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Peter Wu