Stuff that calls it is built in, and stuff it calls is built in, so
there's not much point in having it be a plugin; we already have
examples of plugin dissectors.
Change-Id: I512e0fda62faedb5f03f476fbece2e267e1d644f
Reviewed-on: https://code.wireshark.org/review/25775
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix a few errors in the Asciidoctor macros. Use the new macro names in
the release notes and gen-bugnote.
Change-Id: I2ca672949c59ca3da8a6b963cb5bd9abd66c348d
Reviewed-on: https://code.wireshark.org/review/25774
Reviewed-by: Gerald Combs <gerald@wireshark.org>
build_label_func is a pointer type, pointing to a function that can be
used to generate a label for a "Decode As" entry. There's no need to
have pointers to those pointers; have register_decode_as_next_proto()
take a build_label_func, not a build_label_func *, as its last argument,
assign that value rather than dereferencing it, get rid of unnecessary
casts, and fix the comment in epan/decode_as.h for that argument.
Change-Id: Idc3cf18204c543a2191b122c8129b362562c0ecd
Reviewed-on: https://code.wireshark.org/review/25773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Also show the seconds in a human readable string.
Change-Id: I124bfc12954fb7c2c65777c028986d18c5686c7b
Reviewed-on: https://code.wireshark.org/review/25772
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a "FileInstall.cmake" module that installs files and directories.
Use it to install the chunked HTML guides.
Install the guides into CMAKE_INSTALL_FULL_DOCDIR. By default this is
/usr/local/share/doc/Wireshark. Define DOC_DIR to match.
Add explicit file and directory permissions to the default install
targets.
Remove the PDF install target.
Bug: 14258
Change-Id: I4712a4047a54627b7520b5bf5f191e0761d19606
Reviewed-on: https://code.wireshark.org/review/25737
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add wmem versions corresponding to g_strjoin() and g_strjoinv().
Modify packet-rtps.c to use wmem routines_ where it is now using g_ routines causing mallocs.
Change-Id: I92c890a8b8f29a973e103676d8e5a681ee5abd50
Reviewed-on: https://code.wireshark.org/review/25764
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Parsing of complete-sib-short was wrong - did not consider the 8 bits of length in the begining
2. Added re-assembly logic for SIBs segmented into first/subsequent/last payloads
Change-Id: I2c4aab2cace795c3e47a22921a34efc4ee26a25f
Reviewed-on: https://code.wireshark.org/review/25598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prefix lists with a bullet symbol (U+2022) instead on an asterisk.
Skip the <head> tag while we're here so that we don't print the title
twice.
Change-Id: I1dfad1fc70aa05319e14c55b663dd2183ab87d79
Reviewed-on: https://code.wireshark.org/review/25762
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Use tools/html2text.py to convert HTML to text.
Remove some now-obsolete documentation.
Change-Id: Ib21a1ab10c789182da5fcc68e98917a00f2fa650
Reviewed-on: https://code.wireshark.org/review/25733
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
next_tvb_add_handle() allocates memory in packet scope.
When dissecting another packet from dissect_h225_h225_RasMessage() handler [it don't call next_tvb_init()]
next_tvb_add_handle() will write to freed pointer.
Fix by calling next_tvb_init() after leaving scope in order to clear list->last pointer.
ASAN report:
ERROR: AddressSanitizer: heap-use-after-free on address 0x6070000854f0 at pc 0x00000208574a bp 0x7ffca839cf00 sp 0x7ffca839cef8
WRITE of size 8 at 0x6070000854f0 thread T0
#0 0x2085749 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c
#1 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3
(...)
#21 0x168f460 in dissect_per_sequence /src/wireshark/epan/dissectors/packet-per.c:1920:12
#22 0xef31d3 in dissect_h225_InfoRequestResponse /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:910:12
#23 0x168e7db in dissect_per_choice /src/wireshark/epan/dissectors/packet-per.c
#24 0xeed6e3 in dissect_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:298:12
#25 0xef97af in dissect_RasMessage_PDU /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:339:12
#26 0xeef872 in dissect_h225_h225_RasMessage /src/wireshark/epan/dissectors/./asn1/h225/packet-h225-template.c:385:12
0x6070000854f0 is located 0 bytes inside of 72-byte region [0x6070000854f0,0x607000085538)
freed by thread T0 here:
#0 0x4e2528 in __interceptor_cfree.localalias.0 /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:76
#1 0x21263a1 in wmem_simple_free_all /src/wireshark/epan/wmem/wmem_allocator_simple.c:107:9
#2 0x205aa4d in wmem_leave_packet_scope /src/wireshark/epan/wmem/wmem_scopes.c:81:5
(...)
previously allocated by thread T0 here:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225c588 in g_malloc (/out/fuzzshark_test+0x225c588)
#2 0x20855e0 in next_tvb_add_handle /src/wireshark/epan/next_tvb.c:40:10
#3 0xef8728 in dissect_h225_ParallelH245Control_item /src/wireshark/epan/dissectors/./asn1/h225/h225.cnf:368:3
Found by oss-fuzz/5921
Change-Id: Iea006914a9e0c433d2073f6f4c7a2973d5a33a11
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5921
Reviewed-on: https://code.wireshark.org/review/25593
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
They are copied in structures using pinfo lifetime. Let's use the same scope.
Bug: 14416
Change-Id: I5f8ee6fff49d63584a246936f551db1803ff9816
Reviewed-on: https://code.wireshark.org/review/25748
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
HKDF (RFC 5869) is a standard construct used in TLS 1.3, QUIC and
OSCORE, generalize it for use outside the TLS dissector.
Since none of the users need the "context" (formerly "hash_value")
field, remove the parameter.
Change-Id: Id952de8cb3000f6f6eda844d17c78bbd3906a84d
Reviewed-on: https://code.wireshark.org/review/25723
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use copy_address_swallow() instead of copy_address().
When inserting the key in the hash map, copy it in wmem file scope.
Bug: 14407
Change-Id: Ida524d314c943f480dd0e1bf44fd0ded01aafaeb
Reviewed-on: https://code.wireshark.org/review/25731
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Crafted packets may not have ipmi_header.
Bug: 14409
Change-Id: Ib6a8eceab13525c6c8dca5cef8bce3532dc50911
Reviewed-on: https://code.wireshark.org/review/25745
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Sanity check the total_length to make sure it doesn't go negative.
Bug: 14412
Change-Id: I87e38f6c792fa81184e4c412d6433fbbf2060f28
Reviewed-on: https://code.wireshark.org/review/25744
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fields are 16-bit values and large 16-bit values can be incorrectly
treated as negative, causing infinite loops in offset calculations.
Bug: 14413
Change-Id: I44334c3e9ced0734f4e1a70720859c0abf4a05c8
Reviewed-on: https://code.wireshark.org/review/25743
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14414
Change-Id: I39843e8959510a0efa1add51a16e207fc63f88b1
Reviewed-on: https://code.wireshark.org/review/25742
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
oss-fuzz triggered: set_address: assertion failed: (addr_data == NULL).
Valgrind confirms that ceph was passing uninitialized value to set_address()
==16301== Conditional jump or move depends on uninitialised value(s)
==16301== at 0x6C37762: set_address (address.h:78)
==16301== by 0x6C37762: copy_address_shallow (address.h:253)
==16301== by 0x6C37762: c_node_copy (packet-ceph.c:1433)
==16301== by 0x6C37F72: c_conv_data_copy (packet-ceph.c:1455)
==16301== by 0x6C37F72: c_conv_data_clone (packet-ceph.c:1464)
==16301== by 0x6C37F72: c_pkt_data_save.isra.4.part.5 (packet-ceph.c:1593)
==16301== by 0x6C40EAE: c_pkt_data_save (packet-ceph.c:1561)
==16301== by 0x6C40EAE: dissect_ceph.isra.60 (packet-ceph.c:7046)
==16301== by 0x6C4186A: dissect_ceph_heur (packet-ceph.c:7111)
Found by oss-fuzz/6148.
Change-Id: I8ec762d541fd8cfd919710cf460c44968707dcc5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6148
Reviewed-on: https://code.wireshark.org/review/25736
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Since g2a80fe283c (2005-10-06!) length initialization was moved, and
the message length is no more correct (previously tvb_length_remaining()
was called with offset equal to 0, which is no more the case after the
change).
Bug: 14410
Change-Id: I2f00be83fa17ad7344d0d75f4a899f169d7a622b
Reviewed-on: https://code.wireshark.org/review/25735
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Switch the markup text processor for files in the docbook directory from
AsciiDoc to Asciidoctor. Asciidoctor has several useful features (such
as direct PDF output) and is actively developed. It's written in Ruby
but that dependency can be sidestepped with AsciidoctorJ, a
self-contained bundle that only depends on the JRE.
The current toolchain targets require Python, AsciiDoc, DocBook XML,
DocBook XSL, Java, FOP, xsltproc, lynx, and the HTMLHelp compiler:
HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
PDF: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → FOP
HTMLHelp: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → HHC
This change removes the AsciiDoc and FOP requirements and adds either
AsciidoctorJ or Asciidoctor + Ruby:
HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
PDF: Asciidoctor
HTMLHelp: Asciidoctor → DocBook XML → xsltproc + DocBook XSL → HHC
Ideally we could generate all of these using AsciidoctorJ, Java, and
lynx. Unfortunately we're not there yet.
The release notes depend on several macros (ws-buglink, ws-salink,
cve-idlink, sort-and-group). Add Asciidoctor (Ruby) equivalents.
Remove the BUILD_xxx_GUIDES CMake options and add various output targets
automatically. This means that you have to build the various documentation
targets explicitly.
Change-Id: I31930677a656b99b1c6839bb6c33a13db951eb9a
Reviewed-on: https://code.wireshark.org/review/25668
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The function was actually calling QList<QVariant>.prepend underneath
and some users of the class may need "append" to mean "append".
prepend() is faster, but current users are sorting all lists anyway.
Change-Id: I65cb02f4a2d1960cc2c49034963b191156789cc9
Reviewed-on: https://code.wireshark.org/review/25730
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
These were initially coded incorrectly. The problem was found by
George Baltatanu and a fix supplied by him.
Change-Id: I1de86ca7c5428efbcdd0fb39244a1cafbbcd32ab
Reviewed-on: https://code.wireshark.org/review/25724
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a single UDP port is supporting multiple protocols, for example RTP and
RTCP can share a port, and one of these protocols is detected through a
heuristic before a superior protocol (e.g. SIP/SDP) has established that the
port has multiple protocols, then only the heuristic is used. This is due to
only looking for an exact match with find_conversation() and not going any
further. The superior protocol only adds the dissector by source address/port.
So, to fix, if we do not find the exact match, we continue serching for a
dissector on the partial matches.
Bug: 14370
Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae
Reviewed-on: https://code.wireshark.org/review/25432
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ensure that wsutil/ws_pipe.c includes <sys/select.h> as as both
the timeval struct and the select function are used.
Change-Id: Idbd9e9a5b9cbee9977a423c32e55be81bb6425c3
Reviewed-on: https://code.wireshark.org/review/25616
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Commit 043ed1f6 enabled non-blocking connect on Windows. This seems to
break androiddump on Windows completely, since a successful connection
always returns SOCKET_ERROR on connect, with WSAGetLastError() set to
WSAEWOULDBLOCK.
Apparently, the only way to check for a real connection is to try a
write select on the socket:
https://stackoverflow.com/questions/35370239/timeout-in-connect-function-from-winsock
This fixes androiddump on Windows:
- If ADB server is running, extcap interfaces are listed
- If ADB is not running, there is no noticeable delay in Wireshark
Change-Id: I6bd772215c7b232c8fe8e840cb7ad1d54c7d8860
Reviewed-on: https://code.wireshark.org/review/25715
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Use "exec:" ADB command to get raw (non-PTY) tcpdump output
This is also supported on Android devices before Android 7, and is a
much easier approach than testing the new "shell,raw:" command and
falling back if unsupported. This basically undoes commit 5ebc3277.
2. Pass "-U" to tcpdump to prevent on-target buffering
Before using the "shell,raw" approach in commit 5ebc3277, I tried the
"exec:" command already, but experienced extreme buffering of the
tcpdump output, which is unacceptable for live trace viewing.
Turns out, the buffering is determined "automatically" by libpcap:
- When running in a PTY, output is flushed fast for viewing
- When _not_ in a PTY, output is not flushed and thus heavily buffered.
The "exec" command obviously doesn't use a PTY.
Fortunately, tcpdump has a "-U" option to flush the output after each
catpured packet, which is exactly what we need.
3. Ignore tcpdump stderr output
Enabling "-U" caused androiddump to fail, because it happened that the
tcpdump stderr logs were mixed with the stdout data. (We were probably
lucky this didn't happen without -U as well).
To fix this, we just ignore stderr completely by adding "2>/dev/null" to
the tcpdump command.
4. Get linktype from pcap global header
The stderr logs were previously parsed to get the textual linktype.
This is now replaced by a simpler & less fragile approach: tcpdump
prints the global pcap header, which contains precicesly the linktype
info we need.
5. Parse pcap global header magic correctly for timestamps & endianness
The previous code only supported the "classic" pcap header magic and
might also been incorrect on big-endian host machines.
Now, endian handling is simplified and we can detect the "nanosecond
timestamp" magic values as well.
This fixes the problem that extcap_dumper_dump expects *nano*second
timestamps, but the previous code supplied *micro*seconds if on-target
tcpdump outputs microseconds.
6. The parsing simplifications above allowed the main loop for tcpdump
capture to be simplified considerably.
Change-Id: Id66791e700a8943b86128f044f080bee60a9fa79
Reviewed-on: https://code.wireshark.org/review/25713
Petri-Dish: Michael Mann <mmann78@netscape.net>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PROCESSOR_ARCHITECTURE is a standard Windows environment variable.
Rename the CMake variable WIRESHARK_TARGET_PROCESSOR_ARCHITECTURE.
Change-Id: I03109d45d6fb5f00742cd43085a9d33d9e5ddf1f
Reviewed-on: https://code.wireshark.org/review/25721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A file might contain only metadata records, which exist only to provide
information needed to interpret data records; no point in showing them
in record counts.
Put the counts into the structure that we fill in, and rename the
structure and the routine to reflect that it determines statistics other
than just times.
Speak of data records rather than packets; the file might be full of
Sysdig event records but not have any packets in it, for example.
Change-Id: I8553181dca4129736bdae2c0cbba92becc28d6ef
Reviewed-on: https://code.wireshark.org/review/25722
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's only used with the Windows dialog, so no need to make it public.
Change-Id: I4976748d642399b57abc89bccc26f680e3938509
Reviewed-on: https://code.wireshark.org/review/25719
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't have all the file open dialogs have their own copies.
Change-Id: Icd6f2fd44b081575e6481a134027c90046938c64
Reviewed-on: https://code.wireshark.org/review/25717
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Bruno Verstuyft