Add some ENC_ values for various flavors of packed BCD, and use that
instead of explicitly calling tvb_bcd_dig_to_wmem_packet_str() and
adding the result.
Change-Id: I07511d9d09c9231b610c121cd6ffb3b16fb017a9
Reviewed-on: https://code.wireshark.org/review/36952
Reviewed-by: Guy Harris <gharris@sonic.net>
They were added in the code, but weren't documented.
Change-Id: Iaa12e2d33aa4a4b889c00a7f10b12b4c9b6e8197
Reviewed-on: https://code.wireshark.org/review/36953
Reviewed-by: Guy Harris <gharris@sonic.net>
It has to be initialized to false, otherwise you get random misreported
cycles.
Change-Id: I1ffa1f8fae4883960ebf0522e44bc9e1378b2470
Reviewed-on: https://code.wireshark.org/review/36939
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Expand the description of the "TCP ZeroWindow" analysis flag.
Change-Id: Icf9b5cb60d305150eb13e5d74f4a4d2008fa96e4
Reviewed-on: https://code.wireshark.org/review/36938
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support to the MSRP dissector to reassemble messages from multiple
packets.
Bug: 8270
Change-Id: I464c91b2e6e3c4edc242b3e2f52a8febc455e5ae
Reviewed-on: https://code.wireshark.org/review/36894
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A retransmitted ChangeCipherSpec could result in resetting the cipher.
The subsequent Finished message and application data messages would
therefore fail to decrypt. In legitimate TLS sessions, there should not
be a CCS without starting a new handshake, so that remains unaffected.
To ease debugging this issue, log the packet number and add some extra
details to the debug log. Move or remove ssl_packet_from_server calls to
avoid redundant work and to keep the debug log cleaner.
Additionally, try harder to dissect handshake messages if we know for
sure that they are decrypted. This allows inspection of a broken
Finished message that had a too large fragment length.
Tested with a private capture file from Stig Bjørlykke.
Change-Id: If6f15f8b72c467ea9ef15ddcaf2c5ebe980c27c8
Reviewed-on: https://code.wireshark.org/review/36929
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we launch a TCPStreamDialog in a situation where we can't select a
corresponding tcp stream, we leave the constructor before graph_
is initialized.
Later on, the destructor calls graph_segment_list_free(&graph_).
This requires that graph_ was initialized before.
Make sure that we initialize graph_ in the constructor, regardless
of errors.
(There's other aspects of this issue. We shouldn't be able to
launch a TCPStreamDialog when we have no tcp stream...)
Change-Id: I7b4ddadca8f699d30ec45f0fe6021ae9d36ced53
Reviewed-on: https://code.wireshark.org/review/36935
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the constructor, we allocate a delegate for the name column and assign
it by calling QAbstractItemView::setItemDelegateForColumn(). This does
not pass ownership of the delegate to QAbstractItemView, it's still
up to us to free the delegate.
ASAN warns about this
Indirect leak of 48 byte(s) in 1 object(s) allocated from:
...
#1 ... in ProfileTreeView::ProfileTreeView(QWidget*) ui/qt/widgets/profile_tree_view.cpp:46:17
#2 ... in Ui_ProfileDialog::setupUi(QDialog*) ui/qt/qtui_autogen/include/ui_profile_dialog.h:67:31
#3 ... in ProfileDialog::ProfileDialog(QWidget*) ui/qt/profile_dialog.cpp:59:13
#4 ... in MainWindow::on_actionEditConfigurationProfiles_triggered() ui/qt/main_window_slots.cpp:2239:36
Add a destructor for ProfileTreeView and free the delegate there.
Change-Id: I2a76abb7ec174c91ad15bfac91f2b47bea29f511
Reviewed-on: https://code.wireshark.org/review/36934
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the toolchain included with Command Line Tools instead of the one
from Xcode.app. This fixes the build on macOS 10.14.6:
FAILED: epan/crypt/CMakeFiles/crypt.dir/dot11decrypt_tkip.c.o
/Applications/Xcode-11.3.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/cc ...
...
/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/_stdio.h:93:16: error: pointer is missing a nullability type specifier (_Nonnull, _Nullable, or _Null_unspecified) [-Werror,-Wnullability-completeness]
unsigned char *_base;
Change-Id: I45d80dce1a0aca7a9f6a945171ebd8789314e924
Link: https://www.wireshark.org/lists/wireshark-dev/202004/msg00065.html
Reviewed-on: https://code.wireshark.org/review/36924
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
The IEEE 1278.1-2012 spec for DIS (Distributed Interactive Simulation)
specifies the format of Articulated Part VP record as:
8bits Record Type enum
8bits Change Indicator unsigned integer
16bits ID unsigned integer
32bits Parameter Type enum
32bits Parameter Value floating point
32bits Padding unused
(Section 6.2.94.2)
The dissector was interpreting the last 64bits as one value, this patch
fixes it to interpret it as 32bit float and 32bit padding.
Change-Id: Id509715f02daeecf12e3094fc1ed63e81705852b
Reviewed-on: https://code.wireshark.org/review/36922
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
The headers for UFTP version 4 contain a header length field which gives
the length of the header in 4 byte words. Currently, only the raw value
is displayed, not the actual byte count (for example 4 instead of 16).
Several headers contain a timestamp field composed of 4 byte seconds and
4 byte microseconds since the UNIX epoch. These are currently being
interpreted incorrectly as nanoseconds instead of microseconds.
The FILEINFO header contains a file timestamp field composed of 4 bytes
seconds since the epoch that is currently displayed as a raw value
instead of as a timestamp.
Change-Id: I936eb5317ca6802a094d8c1e01ae8ae78bb5cb7c
Reviewed-on: https://code.wireshark.org/review/36910
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
According to
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/
[discrete] is preferred over [float] for discrete headings.
Change-Id: I4d67a72c19a8cf75ad8cf37c55e6f5abddb14d04
Reviewed-on: https://code.wireshark.org/review/36925
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update the name resolution section of the User's Guide. Use title case
in the rest of the chapter and switch [float]s to [discrete]s.
Change-Id: I7093de72592466c32e130b952f9979f1b47fa280
Reviewed-on: https://code.wireshark.org/review/36923
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support for the -m (monospace font) flag was removed from Wireshark in
2.3/2.4 in g37252634c4. Remove it from the man page and help output.
Change-Id: Idaafeb6cd30d7deea6086a065168c91affd6f0ad
Reviewed-on: https://code.wireshark.org/review/36926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add an illustration of the advanced preferences along with some examples
from https://wiki.wireshark.org/Preferences/Layout.
Change-Id: I5dd6afe06bef9a0f5e1862f13fb716d63032cd96
Reviewed-on: https://code.wireshark.org/review/36927
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Add proto_item_get_display_repr(), which returns a string, allocated
with a specified wmem scope, containing the display representation of
the value of a proto_item.
Use it in the LLDP dissector, to append that string to the parent
protocol tree item; use packet scope, so it doesn't hang around forever
(the previous code used the NULL scope, meaning explicit freeing was
required, but it wasn't explicitly freeing the value, so it was
leaking).
Change-Id: I146380118833b1daef9dea8bd9463001e5b9325f
Reviewed-on: https://code.wireshark.org/review/36931
Petri-Dish: Guy Harris <gharris@sonic.net>
Reviewed-by: Guy Harris <gharris@sonic.net>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Don't use hf_text_only. For the protocol tree items that are just
subtrees, use proto_tree_add_subtree(); for the emergency call numbers,
give them real FT_STRING fields, using tvb_bcd_dig_to_wmem_packet_str().
Change-Id: I721271e26502abce8d8ce2375fc0916c0de586e6
Reviewed-on: https://code.wireshark.org/review/36928
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The validator doesn't prevent the input focus from being transferred out
of the QLineEdit, and it merely prevents the user from entering a value
that's considered "invalid" rather than "not valid but "intermediate"".
For QIntValidator(), values that have more digits than the maximum value
are "invalid", but values that have the same number of digits but that
are larger are just "intermediate".
This means the user will be able to send such a value to the extcap
module.
So we explicitly check the validator in ExtArgText::isValid(), so that
1) we provide visual feedback (at least to people who can detect a red
background) for out-of-range values that don't have too many digits and
2) prevent them from being treated as valid and passed to the extcap
module.
Bug: 16510
Change-Id: Ie5b90cf5dbb57c91744f6a28a71674b65ef21bb6
Reviewed-on: https://code.wireshark.org/review/36914
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Otherwise values look confusing since at first glance they look like hex
values, for instance "-22cB".
Change-Id: I8ce3c108876f5acd65c5d6418c18ce43f618eb25
Reviewed-on: https://code.wireshark.org/review/36907
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update "Import From Hex Dump" via GUI to allow the same timestamp format as
supported by the command line tool text2pcap. Added support for:
%F Equivalent to %Y-%m-%d (the ISO 8601 date format).
%s The number of seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
While at it changed the following:
- Subsecond timestamp dot format (.) is now shown in the timestamp Example Label.
- A timestamp format without any format (%) now disables Import button.
The field "Timestamp format" in the GUI now accepts exactly the same formatting
as the text2pcap's -t time format option.
Change-Id: Ie48362f86ed3214288635767d1fc4161599d1907
Reviewed-on: https://code.wireshark.org/review/36417
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Distinguished Name (AFI 17) is not a widely used address family, but
there is ongoing work in the LISP IETF working group to standardize its
use within the LISP control plane protocol. The encoding is quite
simple, it's just a zero-terminated ASCII string. Details can be found
in the following IETF draft:
https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding
Change-Id: I701f54d0c5e95b14ad48030935eb059bd68c9a0e
Reviewed-on: https://code.wireshark.org/review/36892
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix the field length of "Length of Destination Interface
field" and "Length of Network Instance field" which should
be two-octet long but only one in the current codes.
Change-Id: Id303b92812bb2551ec570ec807d602d0fb44f27a
Signed-off-by: Yoshiyuki Kurauchi <ahochauwaaaaa@gmail.com>
Reviewed-on: https://code.wireshark.org/review/36908
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add more tabs and fix some type mismatch
Add some expert info for wide used flag
Add dissection of FRACSEC in milliseconds if it possible
Change-Id: Ic681a69e0659c6b6e33f77a8016e14708a7dca08
Reviewed-on: https://code.wireshark.org/review/36888
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixing two issues:
1. Dissecting each item in the content list is off by 4 bytes,
so the content type, the offset and the length are all
incorrect.
2. When the content item is a HOLE the length should be 8 bytes
not 4.
Also, simplifying the dissect_nfs4_read_plus_content function
to dissect only the contents of each item instead of the whole
list and then use dissect_rpc_array function to dissect the
array of content items.
Bug: 16499
Change-Id: Ia5c9929366cb35ab5d1646219c9b56f6051c4ff5
Reviewed-on: https://code.wireshark.org/review/36861
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
and also remove unnecessary method
Change-Id: If6dfc5ae2f5ddab97926beeaa611372cd487b98a
Reviewed-on: https://code.wireshark.org/review/36900
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Filter buttons can be sorted into folders, by separating
different depths by the parent separator "&&". Context
menu for filter buttons work also in submenus, and the
depth of submenus is only limited by the character limit
for the label
Bug: 16498
Change-Id: I9c784a36e8c46eede11f679a4c1ac830213de7ce
Reviewed-on: https://code.wireshark.org/review/36885
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
packet-mac-lte.c:4370:7: warning: no previous prototype for function 'get_dual_conn_phr_num_c_bytes' [-Wmissing-prototypes]
Change-Id: Ifb585026610b4b2f100f60e4b20278d986775d3a
Reviewed-on: https://code.wireshark.org/review/36896
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
packet-lwm2mtlv.c:476:6: warning: no previous prototype for ‘lwm2m_allocate_fields’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:518:25: warning: no previous prototype for ‘lwm2m_search_float_resources’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:535:25: warning: no previous prototype for ‘lwm2m_search_fields’ [-Wmissing-prototypes]
packet-lwm2mtlv.c:558:6: warning: no previous prototype for ‘lwm2m_free_fields’ [-Wmissing-prototypes]
Change-Id: Ib62ed48b68c6eb28e1372466ceef6a2a118ebe1c
Reviewed-on: https://code.wireshark.org/review/36897
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ethernet frame padding for short frames _should_ be zeros. Replace
the assume_padding preference with the padding preference that by default
will only consider consecutive zeros long enough to reach the minimum
ethernet length to be padding. The old behaviors are preserved.
Never (old FALSE) and Any (old TRUE - old default)
The old behavior broke some trailer dissectors when the trailer was
added before the determination of needing padding was made. Thus the
ethernet dissector would consume some of the trailer as padding.
Bug: 16481
Change-Id: I6b9e1d26d07d84cb768eece5e44412e23dfe37ca
Reviewed-on: https://code.wireshark.org/review/36691
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the packet containing the content type header is missing the stream
can be dissected by using decode as.
Change-Id: I40c57e34971c9eee3d694975262dd7b3c7b3ef89
Reviewed-on: https://code.wireshark.org/review/36852
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Windows builds have been stuck for a while because the Qt project
changed their installers which prevented the installers from finishing.
Remove support because 1) the Qt installer will most likely continue to
break over time as it did in the past, several times, 2) Travis CI uses
Bash which is a non-standard environment on Windows, and 3) other CI
platforms such as GitHub Actions started providing Windows support.
Remove Windows from the Travis CI builds and all related supporting
files as well. They can be restored once the Qt automation is fixed.
Bug: 16501
Change-Id: I911491587a23f339aa6d6ffcfb6faffe234e5e91
Reviewed-on: https://code.wireshark.org/review/36887
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
It has header_added, but the header is UDP, not IP.
Change-Id: I1a4e6f0bf655f0764abdd8c45582dd9dcbc7686c
Reviewed-on: https://code.wireshark.org/review/36880
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When filling bd_addr from tap_device->bd_addr[], only the first
octet was used
Change-Id: I3cb281d96126d77e5e6862e44704c7f9ab34cb78
Reviewed-on: https://code.wireshark.org/review/36152
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>