The wireshark/wireshark-ubuntu-dev image was recently upgraded to Ubuntu
20.04. Since then the following tests have been failing:
---- FAILED
test/suite_capture.py::case_wireshark_capture::test_wireshark_capture_from_fifo
FAILED
test/suite_capture.py::case_wireshark_capture::test_wireshark_capture_from_stdin
FAILED
test/suite_capture.py::case_tshark_capture::test_tshark_capture_from_fifo
FAILED
test/suite_capture.py::case_tshark_capture::test_tshark_capture_from_stdin
FAILED
test/suite_capture.py::case_dumpcap_capture::test_dumpcap_capture_from_fifo
FAILED
test/suite_capture.py::case_dumpcap_capture::test_dumpcap_capture_from_stdin
FAILED
test/suite_capture.py::case_dumpcap_autostop::test_dumpcap_autostop_filesize
FAILED
test/suite_capture.py::case_dumpcap_autostop::test_dumpcap_autostop_packets
FAILED
test/suite_capture.py::case_dumpcap_ringbuffer::test_dumpcap_ringbuffer_filesize
FAILED
test/suite_capture.py::case_dumpcap_ringbuffer::test_dumpcap_ringbuffer_packets
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_multi_in_multi_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_multi_in_single_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_single_in_multi_out
FAILED
test/suite_capture.py::case_dumpcap_pcapng_sections::test_dumpcap_pcapng_single_in_single_out
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_interface_chars
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_invalid_chars
FAILED
test/suite_clopts.py::case_dumpcap_options::test_dumpcap_valid_chars
----
This is because dumpcap can't load our local libraries after setting cap_net_raw+cap_net_admin:
----
-- Begin stderr for command ('/builds/wireshark/wireshark/build/run/dumpcap', '-D') --
/builds/wireshark/wireshark/build/run/dumpcap: error while loading shared libraries: libwsutil.so.0: cannot open shared object file: No such file or directory
-- End stderr for command ('/builds/wireshark/wireshark/build/run/dumpcap', '-D') --
----
Add $(pwd)/run to our rpath.
(cherry picked from commit ef10cc74d1)
This bug affects Lua plugin dissectors for encapsulation protocols like
GRE. Typically the dissector creates a range for the payload packet, then
calls the next dissector with a tvb derived from the range, using
TvbRange_tvb(). The original version calls
tvb_new_subset_length_caplen() using the remaining capture length for the
reported_len argument. The fix passes -1 as the reported length, and
tvb_new_subset_length_caplen() calculates the new reported_len as required.
The bug only affects large packets captured with a snaplen and
truncated, then decoded with a Lua plugin for the encapsulation header.
Here's the typical bug symptom, gleaned from tshark decode of
an encapsulated IP payload:
[Expert Info (Error/Protocol): IPv4 total length exceeds packet length (114 bytes)]
[IPv4 total length exceeds packet length (114 bytes)]
Closes#15655.
(cherry picked from commit e7ec6739b6)
Remove the last package installation instances from .gitlab-ci.yml. Add
a comment at the top noting that dependencies should be added to our
Dockerfiles instead.
format_text uses the wrong bitmask when checking for two byte UTF-8
characters, resulting in rejecting half the possible two bytes characters,
including all of Arabic and Greek, and substituting REPLACEMENT CHARACTER
for them. Fixes#17070, and add some comments about the current behavior
that doesn't match existing comments.
(cherry picked from commit 770746cca8)
For Qt 5.11 and newer use horizontalAdvance() instead of boundingRect().width()
to calculate the width of a QString to position the hover rectangle position,
and to select which byte(s) to highlight.
Closes#17033.
(cherry picked from commit cb3b469d7f)
Fix error handlers in Listener draw() and reset() to avoid getting
LUA_ERRERR from lua_pcall(). Added error handler for Listener draw()
callback.
Handle LUA_ERRERR from lua_pcall() to avoid assert on this.
Changed some capitalized words in various error message.
Closes#16974.
(cherry picked from commit d104571e8a)
Remember all the IDBs we've seen from the input file so far and, if
we're writing multiple files (splitting an input file into multiple
output files), add all those IDBs to each of the output files.
Fixes issue #17060.
(cherry picked from commit a11e5261e1)
The Export Objects Content-Type filter combobox should not sort the
header of "All Content-Types" in with the list of content types, but
should ensure that it is always the first item, especially as the first
item position is used to show all content. This is particularly an issue
in some localizations; e.g., すべてのコンテントタイプ alphabetizes
after actual content types. Fixes bug #17048
(cherry picked from commit 2d8dd9ed4f)
At least one ns-3 capture has DMG frames (as indicated by the channel
number being in the 60 GHz band - radiotap currently has no DMG metadata
field) that have the +HTC/Order flag subfield set but have no HT Control
field, causing them to be misdissected.
802.11-2016 says that DMG frames should never have +HTC/Order set; if it
*is* set in a QoS frame known to be a DMG frame, flag it with an expert
info item and don't treat it as having an HT Control field.
Update a bunch of comments to give more information, put comments in the
appropriate places, and speak of 802.11-2016 rather than older standards.
While we're at it, update the title and description of the +HTC/Order
flag to reflect its name as of 802.11-2016.
(cherry picked from commit 3c640ca04a)
Don't assume that the Internet has our best interests at heart when it
gives us the size of our decompression buffer. Assign an arbitrary limit
of 50 MB.
This fixes#16739 in that it takes care of
** (process:17681): WARNING **: 20:03:07.440: Dissector bug, protocol Kafka, in packet 31: ../epan/proto.c:7043: failed assertion "end >= fi->start"
which is different from the original error output. It looks like *that*
might have taken care of in one of the other recent Kafka bug fixes.
The decompression routines return a success or failure status. Use
gbooleans instead of ints for that.
(cherry picked from commit f4374967bb)
Make sure _proto_tree_add_bits_ret_val allocates a bits array using the
packet scope, otherwise we leak memory. Fixes#17032.
(cherry picked from commit a9fc769d7b)
Back in 2017, commit d7bab0b46e introduced
printing the TEI in COL_INFO. Unfortunatelky it contained a typo and
stated "TEI:1%u" instead of "TEI:%u". So TEI 0 became TEI 10, etc. -
causing some confusion.
Let's remote that extraneous '1' and at the same time print the sapi
with two digits for better alignment of multiple lines. It is a
two-digit decimal value (0..63).
(cherry picked from commit 9c5ea50b0a)
That's QoS-frame only; for non-QoS frames, the +HTC/Order subfield
doesn't mean there's an HT Control field.
Update the reference to the part of the 802.11 standard mentioning that
subfield to 802.11-2016.
(cherry picked from commit 1fa5687fad)
It's clearer to say
if (A) {
if (B) {
do this;
} else {
do that;
}
}
than to say
if (A && B) {
do this;
} else if (A && !B) {
do that;
}
(cherry picked from commit baee4a41c7)
Change
case DATA_FRAME:
if (condition) {
do stuff;
break;
}
do other stuff;
break;
to
case DATA_FRAME:
if (condition) {
do stuff;
} else {
do other stuff;
}
break;
to make it clearer that it's "do this if condition is true, else do
that".
(cherry picked from commit 258fb14821)
When there is no do_dissection cf is missing some variables
for cf_close() call. Therefore we have to set them explicitly.
Fixes: wireshark/wireshark#17021
(cherry picked from commit 0fad19b7d9)
After a key update, we should update Packet Protection cipher but
we shouldn't touch the Header Protection one.
With the current code, PP and HP ciphers are quite entangled and we
always reset both of them. Therefore, at the second key update we
reset the used 1-RTT HP cipher too; no wonder even header decryption
fails from that point on.
To properly fix this issue, all the ciphers structures has been rewritten,
clearly separating PP code from HP one.
Close#16920Close#16916
(cherry picked from commit 5e45f770fd)
Fix dissecting of packets received on LE Coded PHY. These packets
will include the extra field "coding indicator" after the access
address.
The assignment of phy in the common bluetooth context was missing,
leading to this field being left out and the offset being wrong.
(cherry picked from commit c586f71a5c)
Don't call the columnString() and discard the result in order to force
colorization; instead, add a separate method to force colorization and
use that.
This avoids the need to choose a column; we were using 1 as the column
number, but column numbers are zero-origin, so that's column 2, which
isn't guaranteed to exist (a crash ensued if it didn't).
(cherry picked from commit 58aea1de62)