ManageInterfacesDialog::on_addPipe_clicked uses g_new0 to create an
"interface_t" instance, but InterfaceTreeCacheModel uses qDeleteAll
which results in ASAN reporting "alloc-dealloc-mismatch (malloc vs
operator delete)".
To fix this, remove the dynamic allocation and make
InterfaceTreeCacheModel store the instance internally.
Change-Id: I9426dfc88d0a54a889bbbc9cf336c0a6af76920e
Reviewed-on: https://code.wireshark.org/review/22410
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Look for our merge module using find_path. This should be more reliable
and doesn't assume our build and target platforms are the same.
Change-Id: I95a4454a063af2f978550b8cf1f1624c4aeb5ebc
Reviewed-on: https://code.wireshark.org/review/22426
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Adds a context menu for the toolbar filter buttons, which allows for
opening the preference for the filter buttons, as well as direct edit,
removal and disable functionality
Change-Id: I5f2d132737c77804cf22834574dfe3c02f85fbdf
Reviewed-on: https://code.wireshark.org/review/22327
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Instead of using one big linked list, we use a stack of list once all the pointers of one level have been handled the list is removed from the stack and we go to the level before.
Because of this the lists are much smaller and far less CPU is spent iterating on the objects or inserting objects in the list
Bug: 10544
Change-Id: I432aaf5b4b781411c92da92abe9c5503034b65dc
Reviewed-on: https://code.wireshark.org/review/4598
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
androiddump used to start tcpdump without specifying the interface
to capture packets on. This works when only one interface is up
but when multiple interfaces are up the output might be empty.
This change let tcpdump list all available network interfaces
and adds a unique extcap interface for each interface that is 'up'
on the device.
Change-Id: Icf0d7fa8f38320092579d4163dcdbcf2b687d8cc
Reviewed-on: https://code.wireshark.org/review/22402
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Instead of treating all output from Android tcpdump as Ethernet
data link type parse what tcpdump acually tells it to be.
This is needed as there are cases when the output is not Ethernet.
For example when starting packet capture on a device with multiple
interfaces up.
NOTE: As translation between tcpdump reported DLT and androiddump's
internal type was needed for now support is only added for types
used by network interfaces of tested devices (i.e. ETHERNET and
LINUX_SSL).
Change-Id: Ie3f9167176c336cb31f6e681f1daac6135a78883
Reviewed-on: https://code.wireshark.org/review/22401
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Isolate dissection of individual IEs to capture out-of-bound errors
and to continue with next IE on error.
Create subtree for each IE containing the TLV header. Reduce
information in overall Header IEs item.
Differentiate unknown and unsupported IE. Show more information.
Add warning if IE dissection consumes less content than the
indicated length.
Simplify Time Correction IE dissection and make more consistent.
Naming changes for consistency with standard.
Change-Id: I80f15edb646a15c0ed43d6571200a5d89cdeb7b5
Reviewed-on: https://code.wireshark.org/review/22381
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make the variable used for it an int; that's large enough, and, on
Windows, not so large that it provokes warnings.
Change-Id: I00600d816f69d79f7a42eb09b1290ff7708b0bfc
Reviewed-on: https://code.wireshark.org/review/22420
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For example, on at least some versions of Fedora, if you have a 64-bit
machine, have both the 32-bit and 64-bit versions of the run-time zlib
package installed, and have only the *32-bit* version of the zlib
development package installed, it'll find the header, and think it can
use zlib, and will use it in subsequent tests, but it'll try and link
64-bit test programs with the 32-bit library, causing those tests to
falsely fail. Hilarity ensues.
Change-Id: Ic2536e8a652ef96e2a3923c1faa61f6c8c06bf58
Reviewed-on: https://code.wireshark.org/review/22417
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
All strings sent to adb are prefixed with the length as a 4 byte
hex string. The length info prefix was manually hard coded into
strings. To avoid mistakes when updating code and to simplify
reading the source code instead let the various adb_send functions
calculate string lengths and generate the 4 byte hex string
prefixes.
Change-Id: I4178e9df5930a1c7904053e5a7750c943efddc84
Reviewed-on: https://code.wireshark.org/review/22399
Reviewed-by: Roland Knall <rknall@gmail.com>
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On Windows, we build libz as part of the Wireshark build process, so we
don't necessarily *have* a libz library to search or inflatePrime() at
this point; the search fails on the buildbots, for example.
So, on Windows, we just assume we have a new enough version of libz, so
that it has inflatePrime().
Bug: 13850
Change-Id: Ied0909f4a591ff3312d83a2a2ed41e3cd12218e8
Reviewed-on: https://code.wireshark.org/review/22413
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Make the frame into a two-row frame to better accomodate
the comments field, and reinstate the correct action for the
buttons
Change-Id: I171e4bc3c7f195b7179cd6b1c2ab4ab42ede9c04
Reviewed-on: https://code.wireshark.org/review/22405
Petri-Dish: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Same code pattern is used over and over when connecting to an adb
server. Introduce a helper function that perform the function of
connecting to specified adb server and transport.
Change-Id: Id2f72f1eb976fa0d742a6db1ef6d592264990ba1
Reviewed-on: https://code.wireshark.org/review/22398
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Comments in code claim:
"The data we are getting from the tcpdump stdoutput stream as the
stdout is the text stream it is convertinng the 0A=0D0A; So we
need to remove these extra character."
This is not true on non-Windows systems at least so avoid the filter
when not built for Windows.
NOTE: A problem with the filter is that it operates on all bytes
received on the socket, including packet data(!). Capturing
data with CR/LFs (for example an HTTP request) will fail. Ideally
the filter should be replaced with some other mechanism but as I
don't have a Windows system to verify that the comment claims are
valid, this change will at least make androiddump work on
non-Windows systems.
Bug: 13510
Change-Id: Ic00f44fa7516c0db7fc015ed8685deb365a347db
Reviewed-on: https://code.wireshark.org/review/22397
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Go from <expression>,<comment> to <comment>\n<expression>
Bug: 13814
Change-Id: I842e38798eba7ff87751733ce0b2befdc9c8c27f
Reviewed-on: https://code.wireshark.org/review/22395
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix deprecation warnings that occur with cmake 3.8, replacing it by
some other function that is supported since at least cmake 2.8.8.
This also updates URLs and splits the description in a package
description and the purpose for the package (shown on the next line).
Change-Id: Ic0f37898593f48b8f37f6a228dae49288f20538f
Reviewed-on: https://code.wireshark.org/review/22393
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Packet statistics were not showing the packets above 5120 due to
the last entry being reformatted and not parsed correctly.
Since the last entry is "reformatted" for better user string,
also "reformat" the last entry as it goes through "range processing".
Bug: 13844
Change-Id: Id49b41c08111dcad1590e034159b81ead8636c4e
Reviewed-on: https://code.wireshark.org/review/22382
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a field to the display filter button UAT to allow comments
to be displayed as part of the tooltip to the diplay filter
button
Bug: 13814
Change-Id: I74459e4102856258d31d6429e2fd924a9f798cd5
Reviewed-on: https://code.wireshark.org/review/22390
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
"Warning" is a more appropriate name because filter may not
be as deterministic as user desires
Bug: 13834
Change-Id: Ie34e37db8866dc409f25df227a4d34e7c11d0058
Reviewed-on: https://code.wireshark.org/review/22392
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
ITU Y.1711 at https://www.itu.int/rec/T-REC-Y.1711-200402-I/en states
that OAM payloads are big endian (section 5.3) as reported on bug.
Bug: 8292
Change-Id: Id30e340eee5f5a5c96020cdd1770fa48adb5d169
Reviewed-on: https://code.wireshark.org/review/22383
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: Ib583470ba612ef24da4d9360f7bbc0e33fb19bd9
Reviewed-on: https://code.wireshark.org/review/22377
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't use DISSECTOR_ASSERT() unless we're in wmem packet scope, see
commit 341b06ce0795ae957627c9174b57e75c7827f028
Change-Id: I509f9197155fe6ea6f46c23c93eb188220b9dd8d
Reviewed-on: https://code.wireshark.org/review/22379
Reviewed-by: Michael Mann <mmann78@netscape.net>
There's a number of protocols whose payload contains yet another
protocol but no criterion to figure out what this next protocol is.
Define a new global function register_decode_as_next_proto() to register
a Decode As entry for this scenario so the user can manually select the
next protocol.
A lot of the housekeeping that is normally required for Decode As is not
applicable to such a scenario. Provide simple data structures and
functions to cover this, make them internal to epan/decode_as.c and
allow them to be shared by multiple of the new simplified Decode As
entries.
(For now, the mechanism is based on an FT_UINT32 dissectore table where
all entries are linked to number 0. We should eventually come up with a
better mechanism.)
Change-Id: I3f81e331d7d04cfdfe9a58732d881652d77fabe2
Reviewed-on: https://code.wireshark.org/review/22376
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
DISSECTOR_ASSERT() can be used only when we're in wmem packet scope. It
cannot be used during startup when address types are registered. In
those cases, we must use g_assert().
If we still use DISSECTOR_ASSERT() and an assert is hit, we'll see a
wmem assertion
**
ERROR:../epan/wmem/wmem_core.c:52:wmem_alloc: assertion failed:
(allocator->in_scope)
Aborted
instead of the actual assert output.
Change-Id: Ife12ca3455d56ba4faa2dd6034df8a091d8641ed
Reviewed-on: https://code.wireshark.org/review/22378
Reviewed-by: Michael Mann <mmann78@netscape.net>
In 082e3e346f, we dropped the prtype
preference in favour of Descode As.
Register prtype as an obsolete preference to make sure that it's not
removed from the preferences file. The way, the preferences file is
still usable with older wireshark versions.
Change-Id: I8feed6080b58dd5443898e2c5b12732b0b3a0a4f
Reviewed-on: https://code.wireshark.org/review/22373
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Make the tcp segment data available on all tcp packets, regardless of
reassembly of higher layer protocols.
Change-Id: I1a5024e427e07b85bfc3a4aad5d0a401beb1049d
Reviewed-on: https://code.wireshark.org/review/22374
Reviewed-by: Sake Blok <sake@euronet.nl>
Petri-Dish: Sake Blok <sake@euronet.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Cope with a space between colon and start of options value.
When there are no constraining modifiers, let match for
next content or pcre field start from beginning of payload
again.
Change-Id: Ie1267a0a38143cbe9f0444945f78708bbefaa270
Reviewed-on: https://code.wireshark.org/review/22365
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Remove the special case for vid 0x072F, pid 0x2200. We should be able to
set Decode As for this (vid, pid) to USB CCID and then use the new
Decode As mechanism to select the next protocol.
Register GSM SIM, ISO7816, PN532 and ACR122 as possible payloads
for USB CCID.
Change-Id: I8237cc9123655d3b289b0564ffb83a32434bebfc
Reviewed-on: https://code.wireshark.org/review/22290
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 13825
Change-Id: Ibda27599739a26a388e1c66ae813ff5c2c8339be
Reviewed-on: https://code.wireshark.org/review/22367
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The commit contains a general framework for parsing NVMe Fabrics data
responses, which contain only "pure" data. These packets are received
as a response for Data requests inside the SGLs in NVMe commands.
Change-Id: I05f8130df6eef37795d258be680f673930ab6e34
Signed-off-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-by: Parav Pandit <parav@mellanox.com>
Tested-by: Nitzan Carmi <nitzanc@mellanox.com>
Reviewed-on: https://code.wireshark.org/review/22207
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way it can be properly filtered out.
This was broken when pkt_comments was switched to a pino and
wasn't available in the protocol filters list.
Change-Id: Ie3f2b4f25eeb11be57111c98be87e33e0849174b
Reviewed-on: https://code.wireshark.org/review/22363
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Convert the TCP port preference to a range and add Gerrit's default
port.
Change-Id: I13460315e9b312673648a37d5f90955134b3ddbc
Reviewed-on: https://code.wireshark.org/review/22362
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds the --no-duplicate-keys option to tshark. If -T json is specified,
this option can be specified in order to transform the duplicate keys
produced by -T json into single keys with as value a json array of all
separate values.
Specifying --no-duplicate-keys changes the function which groups node
children that is passed to write_json_proto_tree. Instead of a function
that puts each node in a separate group (proto_node_group_children_by_unique)
a function is passed that groups children that have the same json key
together (proto_node_group_children_by_json_key). This will lead to
some groups having multiple values. Groups with multiple values are
written to the output as a json array. This includes normal json keys
but also keys with the "_raw" and "_tree" suffix.
If --no-duplicate-keys is specified with an option other than "-T json"
or "-T jsonraw" or without -T an error is shown and tshark will exit.
"Export Packet Dissections -> As JSON" in the GUI is hardcoded to use
the duplicated keys format.
Fixes one regression in the output where a filtered json key (-j) with
both a value and children would not have the "_tree" suffix added to the
json key containing the children.
Includes a little code cleanup (removes one instance of code
duplication and simplifies a while loop).
Fixes a memory leak (I thought this fix was already included in the
previous refactor patch but something must have gone wrong when updating
the patch so I'm including it again in this patch).
Bug: 12958
Change-Id: I401f8fc877b5c590686567c3c44cdb832e9e7dfe
Reviewed-on: https://code.wireshark.org/review/22166
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of the following IEs:
- Serial-Number
- Warning-Type
- Data-Coding-Scheme
- Warning-Message-Contents
- Message-Identifier
Reuse the code from S1AP wherever possible
Change-Id: Icaf78b21532cf91fc2cd225d687a6a11813a20d8
Reviewed-on: https://code.wireshark.org/review/22352
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put custom column field settings in quotes in the recent file to
support multi custom columns which contains space. Otherwise the
space will be removed in prefs_get_string_list() and the field will
not match when reading the recent file.
Change-Id: Ic6e2b1e02d68970a4e11fbecbe55a7b10f8b10dd
Reviewed-on: https://code.wireshark.org/review/22349
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Peter Wu