With MATE being an integral part of Wireshark for a long time now and its
documentation being part of the Wiki for a while it is time to move it
into the Wireshark Users Guide.
All credits go to Luis Ontanon for creating MATE and the Wiki pages,
the various contributors to those pages and especially Pavel Sindelka for
the creation of the graphics.
This change merely incorporates the contents of the Wiki pages into an
asciidoc file for processing into documentation output. It is in no way a
claim to knowledge of or deep insight in the workings of MATE on my part.
Change-Id: Id9c60fd3ba4a52aafb988370ea7d658907970ccd
Reviewed-on: https://code.wireshark.org/review/27894
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
AsciiDoc allows dashes in macro names but not underscores. Current
versions of AsciiDoctor allow the inverse. Remove underscores to allow
for easier copying and pasting.
Remove asciidoc.conf while we're here. It's no longer used.
Change-Id: I32d8a4ec695b9e17a80ac720ee9faf62dbb362d3
Reviewed-on: https://code.wireshark.org/review/27787
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
DoIP is a vehicle bus protocol. It is carried by TCP or UDP and may include an UDS payload.
Change-Id: I1459c51fd710da8e2aaff0056bbf3f6e42c1b25e
Reviewed-on: https://code.wireshark.org/review/27448
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add back the capture info dialog. Draw sparklines for each protocol.
Update the User's Guide.
Bug: 12004
Change-Id: I45be8a0df4752255831a8b139ee84bb34d675ba9
Reviewed-on: https://code.wireshark.org/review/27565
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And put hyphens in "out-of-tree" and "in-tree".
Change-Id: I55c54a1334f490f948310139741fecf27203a359
Reviewed-on: https://code.wireshark.org/review/27550
Reviewed-by: Guy Harris <guy@alum.mit.edu>
macOS is a UNIX(R) and FreeBSD isn't a UNIX(R), but we mentioned macOS
along with UNIX but didn't mention FreeBSD along with UNIX.
Instead, just speak of "UN*Xes" and give Linux, macOS, and *BSD as
examples. Feel free to add Solaris, AIX, or HP-UX if you want, assuming
you can build Wireshark on them.
Change-Id: I85be3861fa0bc603b93d077a2d9d587d43cb6e7e
Reviewed-on: https://code.wireshark.org/review/27549
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Several graphics files are not listed in the symbol that defines
the dependancy for document building. Adding these files to the
WSUG_GRPAHICS symbol makes the list consistent.
Bug: 14676
Change-Id: I3016a1994473f90df460d726773c8470dbedd3bc
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/27471
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This speeds up the copy/paste step-by-step sequence.
Change-Id: Ib2e3ee54c8c86b7357260ecaab5d129ef296a9e9
Reviewed-on: https://code.wireshark.org/review/27309
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Note in the quick setup and tools documentation that we no longer
require or recommend Cygwin.
Change-Id: Ie0eb92c5817ae1d786136035adf8fa3988c8b98d
Reviewed-on: https://code.wireshark.org/review/27244
Reviewed-by: Guy Harris <guy@alum.mit.edu>
ENABLE_CHM_GUIDES is no longer in CMakeOptions.txt
Change-Id: I217ac89f12c95e66591465e3230c19968dcc0bde
Reviewed-on: https://code.wireshark.org/review/27209
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dissector for GSM-R protocol. Specification ETSI TS 102 610.
Trace example in https://wiki.wireshark.org/SampleCaptures [[attachment:gsm-r.uus1.pcap]]
Change-Id: I7496bfa141d75b3460f7c3bdbb791e24d4810231
Reviewed-on: https://code.wireshark.org/review/26929
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds support for the TPM 2.0 "protocol" as defined
by the Trusted Computing Group (TCG) specification.
The specification can be found here:
https://trustedcomputinggroup.org/tpm-library-specification/
The specification defines the format of the all TPM requests
and responses that this dissector supports.
A sample capture file that can be used for testing this
can be found in the https://wiki.wireshark.org/SampleCaptures
It is called policy-authorizeNV.pcap.
Change-Id: I557cb779f3adc5313e6d3498bbfeb56fdd308fbf
Reviewed-on: https://code.wireshark.org/review/26866
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing section on display filter functions to WSUG and make it
consistent with the wireshark-filter(4) manual. "count" was added in
Wireshark 1.12 (bug 9480). "len" was added in Wireshark 1.6.x.
"size" (added in 1.8.x) is not documented since it works like "len",
except that it is not limited to strings and byte arrays. I think that
"len" should be extended to other types while removing "size".
Change-Id: I2c8e2b4a11f007de7852a797bed971af86840b47
Reviewed-on: https://code.wireshark.org/review/27146
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Osmocom GSUP protocol is a light-weight alternative to the
classic GSM MAP protocol. It operates between (MSC|SGSN) and HLR.
Change-Id: I954c7e332dce3a8855f7f4ace0b878f66da6f02e
Reviewed-on: https://code.wireshark.org/review/25477
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For numeric values such as port numbers, "4430..4434" looks more
natural than "4430 .. 4434", so support that.
To make this possible, the display filter syntax needs to be restricted.
Assume that neither field names nor values can contain "..". The display
filter `data contains ..` will now be considered a syntax error and must
be written as `data contains ".."` instead. More generally, all values
that contain ".." must be quoted.
Other than the ".." restriction, the scanner deliberately accepts more
characters that can potentially form invalid input. This is to prevent
accidentally splitting input in multiple tokens. For example, "9.2." in
"frame.time_delta in {9.2.}" is currently parsed as one token and then
rejected because it cannot be parsed as time. If the scanner was made
stricter, it could treat it as two tokens (floats), "9." and "2." which
has different meaning for the set membership operator.
An unhandled edge case is "1....2" which is parsed as "1 .. .. 2" but
could have been parsed as "1. .. .2" instead. A float with trailing dots
followed by ".." seems sufficiently weird, so rejection is fine.
Ping-Bug: 14180
Change-Id: Ibad8e851b49346c9d470f09d5d6a54defa21bcb9
Reviewed-on: https://code.wireshark.org/review/26960
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Allow "tcp.srcport in {1662 1663 1664}" to be abbreviated to
"tcp.srcport in {1662 .. 1664}". The range operator is supported for any
field value which supports the "<=" and "=>" operators and thus works
for integers, IP addresses, etc.
The naive mapping "tcp.srcport >= 1662 and tcp.srcport <= 1664" is not
used because it does not have the intended effect with fields that have
multiple occurrences (e.g. tcp.port). Each condition could be satisfied
by an other value. Therefore a new DVFM instruction (ANY_IN_RANGE) is
added to test the range condition against each individual field value.
Bug: 14180
Change-Id: I53c2d0f9bc9d4f0ffaabde9a83442122965c95f7
Reviewed-on: https://code.wireshark.org/review/26945
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It has been replaced by cmake.
Change-Id: I83a5eddb8645dbbf6bca9f026066d2e995d8e87a
Reviewed-on: https://code.wireshark.org/review/26969
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch to a single Doyxgen configuration which was generated using a
recent version of Doxygen and customized to suit our needs. Add
wsar_html and wsar_html_zip targets to CMake. Update some Doxygen markup
and documentation as needed.
Change-Id: Ic8a424b292c35a26f74ae0b53322265683e56e69
Reviewed-on: https://code.wireshark.org/review/26976
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested with some hand-generated PDUs.
Change-Id: Ic603d0ca4578d23121e438ac2458be34e63492d2
Reviewed-on: https://code.wireshark.org/review/26755
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
The Lua documentation has class names at its third level which is quite useful
to discover its documentation.
This reverts commit f5cd52c0fb.
Change-Id: I2a2e82041ac46a1a9974727bbb1d5cbf6855a878
Reviewed-on: https://code.wireshark.org/review/26814
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch adds support for sequencing HTTP Redirects. This enables
tracking of HTTP-based redirects, which may not have a Referer header.
As such, this patch also renames 'HTTP Referer statistics' to
'HTTP Request Sequences' to better reflect the more generic
functionality.
Note that this does not fully support RFC 3986. An external library like
uriparser.github.io may be a better option for efficient, full relative
HTTP URL resolution.
A Sample PCAP to test functionality is available here:
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http_redirects.pcapng
A sample PCAP to demonstrate usefulness is available here:
https://www.malware-traffic-analysis.net/2015/08/31/page2.html
(examine request to hxxp://lk2gaflsgh.jgy658snfyfnvh.com/service.php)
Change-Id: I9edd1a1de86228b0dcb1df9f6f30e24379684321
Reviewed-on: https://code.wireshark.org/review/26679
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Update some cross references which were renamed in 1cd92c4961. Fixup
some capitalization while we're here.
Change-Id: Iae3227839cd34a52662a4b973c0f87e7e5a765cc
Reviewed-on: https://code.wireshark.org/review/26655
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Copy the current wireshark.spec.in and update it for use with CMake.
Remove the Qt4, GTK+2, and GTK+3 options. Add Ninja and mmdbresolve
options.
The rpm-package target builds a tarball using git-export-release.sh and
therefore must be run from a git checkout. The RPM _prefix macro is set
to CMAKE_INSTALL_PREFIX, so you'll probably want to run
cmake -DCMAKE_INSTALL_PREFIX=/usr ...
Change-Id: Ib014494d8858a0059126404cd91528ded5d8a9f6
Reviewed-on: https://code.wireshark.org/review/26579
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add duplicate ACK ticks to Statistics → TCP Stream Graphs → Time
Sequence (tcptrace), which I missed when porting from GTK+. Add zero
window crosses while we're here.
Switch TCPStreamDialog to a subclass of GeometryStateDialog.
Add a slot and URL for the Help button and a stub entry in the User's
Guide.
Bug: 12009
Change-Id: Idf2ddb9eb33d924d65998285b5cffc234156497c
Reviewed-on: https://code.wireshark.org/review/26592
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Ensure the dialog is populated when the dialog is opened after a capture
file has already been loaded.
Change-Id: I9ba1b4a1eb7a8b21ce7dac4a820eadf10daa9845
Reviewed-on: https://code.wireshark.org/review/26601
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Mention Npcap on the WinPcap installer page and add a link to it.
Update some other text and tell developers to use NSIS 3.0 while we're
here.
Change-Id: I64728f014f518439ba4a38eda7a283274d40fcdc
Reviewed-on: https://code.wireshark.org/review/26515
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch a build example to CMake + Ninja. Add syntax highlighting
annotations.
Change-Id: I5ee0af548f44ed5be6f6e8367f5167dc499df017
Reviewed-on: https://code.wireshark.org/review/26514
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This change introduces the OSCORE dissector, following
draft-ietf-core-object-security-07. It performs decryption and
authenticity
check on requests.
Bug: 14417
Change-Id: I92e45d66d5df51f6d4dbea4ef44e707955b65bee
Reviewed-on: https://code.wireshark.org/review/25480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix up some markup while we're here.
Change-Id: I2299b8bec44ff08952e2f1bda3a40448e2fb55c6
Reviewed-on: https://code.wireshark.org/review/26487
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I34f610a19a972db1c08d7896453e5ed671ec4dc6
Reviewed-on: https://code.wireshark.org/review/26394
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
Add mmdbresolve, a utility that reads IPv4 and IPv6 addresses on stdin
and prints resolved information on stdout. Place it under a liberal
license (MIT) so that we can keep libmaxminddb at arm's length. Add
epan/maxmind_db.[ch], which spawns mmdbresolve and communicates with it
via stdio.
Migrate the preferences and documentation to MaxMindDB.
Change the IPv4 and IPv6 asnum fields to FT_UINT32s. Change the
geographic coordinate fields to FT_DOUBLEs.
Bug: 10658
Change-Id: I24aeed637bea1b41d173270bda413af230f4425f
Reviewed-on: https://code.wireshark.org/review/26214
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Remove the endpoint map and its button from the Qt and GTK+ UIs. It
depends on GeoIP Legacy for coordinate information and those databases
are being deprecated in favor of MaxMind DB. We *could* upgrade the code
to use mmdbresolve, but according to
https://dev.maxmind.com/geoip/geoip2/geolite2/ they're also going to
remove coordinate information from GeoLite2:
"In addition, in 2019, latitude and longitude coordinates in the
GeoLite2 databases will be removed.* Latitude and longitude coordinates
will continue to be provided in GeoIP2 databases. Please check back for
updates."
Change-Id: I43e1593d282a0f1aae897b1f4724117d1496b21e
Reviewed-on: https://code.wireshark.org/review/26229
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reduce the TOC depth so that it's not quite so huge.
Change-Id: I5748edf0e715961da57eff7e0ade6fad175ab24b
Reviewed-on: https://code.wireshark.org/review/26110
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves,
along with apostrophes.
Change-Id: I78930d6902e2691b6a2cb35ed5bae6fef4bb7257
Reviewed-on: https://code.wireshark.org/review/26108
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add "QA engineers use it to verify network applications",
as suggested by Alexander Sashnov.
Change-Id: Ia9c83fd2f2610db747043f861931470e3f4e4c53
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/26057
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use the standard Wireshark style sheet for the release notes. Add a note
about updating them via themes.asciidoctor.org.
Change-Id: Ic6b66308cf1e1bea7b34a09963f92881d01eda8c
Reviewed-on: https://code.wireshark.org/review/25911
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The docbook info is now in README.adoc
Change-Id: Ifbc6a1803d23835d9b2b91a9fd6df34002cc3e8f
Reviewed-on: https://code.wireshark.org/review/25900
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This adds a dissector for the Steam In-Home Streaming
Discovery Protocol by Valve Software.
Useful documentation can be found at:
https://codingrange.com/blog/steam-in-home-streaming-discovery-protocol
Change-Id: I26a79e201cfb0aad0ca702ac962e1e7b1b541517
Reviewed-on: https://code.wireshark.org/review/23615
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix a few errors in the Asciidoctor macros. Use the new macro names in
the release notes and gen-bugnote.
Change-Id: I2ca672949c59ca3da8a6b963cb5bd9abd66c348d
Reviewed-on: https://code.wireshark.org/review/25774
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add a "FileInstall.cmake" module that installs files and directories.
Use it to install the chunked HTML guides.
Install the guides into CMAKE_INSTALL_FULL_DOCDIR. By default this is
/usr/local/share/doc/Wireshark. Define DOC_DIR to match.
Add explicit file and directory permissions to the default install
targets.
Remove the PDF install target.
Bug: 14258
Change-Id: I4712a4047a54627b7520b5bf5f191e0761d19606
Reviewed-on: https://code.wireshark.org/review/25737
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tools/html2text.py to convert HTML to text.
Remove some now-obsolete documentation.
Change-Id: Ib21a1ab10c789182da5fcc68e98917a00f2fa650
Reviewed-on: https://code.wireshark.org/review/25733
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch the markup text processor for files in the docbook directory from
AsciiDoc to Asciidoctor. Asciidoctor has several useful features (such
as direct PDF output) and is actively developed. It's written in Ruby
but that dependency can be sidestepped with AsciidoctorJ, a
self-contained bundle that only depends on the JRE.
The current toolchain targets require Python, AsciiDoc, DocBook XML,
DocBook XSL, Java, FOP, xsltproc, lynx, and the HTMLHelp compiler:
HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: AsciiDoc → DocBook XML → xsltproc + DocBook XSL
PDF: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → FOP
HTMLHelp: AsciiDoc → DocBook XML → xsltproc + DocBook XSL → HHC
This change removes the AsciiDoc and FOP requirements and adds either
AsciidoctorJ or Asciidoctor + Ruby:
HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
Chunked HTML: Asciidoctor → DocBook XML → xsltproc + DocBook XSL
PDF: Asciidoctor
HTMLHelp: Asciidoctor → DocBook XML → xsltproc + DocBook XSL → HHC
Ideally we could generate all of these using AsciidoctorJ, Java, and
lynx. Unfortunately we're not there yet.
The release notes depend on several macros (ws-buglink, ws-salink,
cve-idlink, sort-and-group). Add Asciidoctor (Ruby) equivalents.
Remove the BUILD_xxx_GUIDES CMake options and add various output targets
automatically. This means that you have to build the various documentation
targets explicitly.
Change-Id: I31930677a656b99b1c6839bb6c33a13db951eb9a
Reviewed-on: https://code.wireshark.org/review/25668
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use "or" instead of a comma for alternate keyboard shortcuts.
Change-Id: I3f2abf63b4c437ca0fe439d91dfac44e24d9d8e5
Reviewed-on: https://code.wireshark.org/review/25624
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert some passthrough XML comments left over from the DocBook →
AsciiDoc conversion to AsciiDoc / Asciidoctor comments.
Change-Id: Iaf44bcf0b8a3a383e735b2b4394722cbbb2bdff3
Reviewed-on: https://code.wireshark.org/review/25615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Switch from AsciiDoc's smart quotes markup to the quotes themselves. Use
double curly quotes in place of singles.
Switch from XML entities to their direct equivalents where we can.
Switch from hex entities to decimal entities where we can't or it's not
convenient. (Asciidoctor PDF doesn't yet handle hex entities).
Change-Id: Iaf5ec33249e1c91b3d50b5d96251763243b72836
Reviewed-on: https://code.wireshark.org/review/25606
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Start using markup that is preferred by Asciidoctor but compatible with
both generators.
Add a missing "cpp" attribute and set a couple of Asciidoctor-specific
compatibility attributes.
Change-Id: Iff4c31362e4493b97a85f46db2c39b18c336536f
Reviewed-on: https://code.wireshark.org/review/25600
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Adding Session Multiplex Protocol SMP
SMP is used by TDS when MARS in enabled.
Bug: 14110
Change-Id: Ia4113c627d107da6c3d51e4004265efb228a297b
Reviewed-on: https://code.wireshark.org/review/25509
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I306341c7cddf8facb4a9ca62254a465a1da22174
Reviewed-on: https://code.wireshark.org/review/25423
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I049c8b9b9a0a1da2243217532186ba5a19cf5671
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25424
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Generate a single PA4-sized PDF. PA4 is the approximate intersection of
A4 and Letter[1]. This gives us one less file to build and distribute.
If you're printing out hard copies of the guides this wastes a few pages
compared to an A4-sized PDF, but if you're printing out hard copies of
the guides you've already made a strong commitment to waste paper.
Page counts:
Guide Size Pages
WSDG A4 203
WSDG Letter 217
WSDG PA4 217
WSUG A4 192
WSUG Letter 204
WSUG PA4 205
[1] https://en.wikipedia.org/wiki/Paper_size#PA4_or_L4
Change-Id: If43d4b19947c77a51b3943a2b329dbab45025d79
Reviewed-on: https://code.wireshark.org/review/25438
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Codecs in general come in many flavours, G.729 non in the least.
Be accurate about what codec implementation is actually provided.
Change-Id: I372062906bef973c8e19b63e5296574780d8a89e
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/25388
Reviewed-by: Michael Mann <mmann78@netscape.net>
ASN.1 prose imported from the specification and heavily modified
manually to workaround its poor quality.
Some of them are marked with -- WS modification comment, some are not.
Probably useless as-is, but it is an initial start until an updated
version is available.
Change-Id: I19ab6cedb6aa23c8ed57bae525ee4a3391494e32
Reviewed-on: https://code.wireshark.org/review/25235
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This interperates the main body of Lustre traffic.
This dissects all current Lustre OPCODES (as of Lustre 2.10.2)
This dissects MDS REINT sub-opcodes
This dissects LDLM Intent opcodes
This dissects LLOG EADATA
Conversation matching is just IP based and not IP/port based.
Only one lustre "instance" can be running on a given host at a given time,
and request / reply pairs aren't don't always match by port numbers.
Add exception for lustre_* structure names in PROTOABBREV.
We have several lustre.lustre_* because the internal lustre structre is
named lustre_ (i.e. lustre_handle or lustre_msg_v2)
This is still a work in progress, as there are missing FLAG values
and some LLOG EADATA structures that aren't fully decoded.
Change-Id: If57085e2692565336e49f40fb475ca1035da7a35
Signed-off-by: Nathaniel Clark <nathaniel.l.clark@intel.com>
Reviewed-on: https://code.wireshark.org/review/24800
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use SetConsoleTextAttribute to reset our colors on Windows. Update the
release notes and man page.
Change-Id: I2bc309787f9c2331324503092bd1c9ae6360eb55
Reviewed-on: https://code.wireshark.org/review/25170
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I360bc4f802e28e9fc64cbd5cc06e514cbaf3b25f
Reviewed-on: https://code.wireshark.org/review/25091
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Two Edit->Copy methods are using the same keyboard shortcut as other
functionality:
1. Ctrl+Shift+D is used for "Copy this item's description" and
"Ignore All Displayed packets"
2. Ctrl+Shift+F is used for "Copy this item's field name" and
"Reload as File Format/Capture"
Resolve this by changing the Copy methods to use Ctrl+Alt+Shift as modifier.
Add a keyboard shortcut for "Copy all visible items" while here.
Change-Id: I0d963501055e63963d93e211f592aa9e82801d3c
Reviewed-on: https://code.wireshark.org/review/24884
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Micro version bump for mate to homogenize it between CMake and autotools.
The cmake macro doesn't handle the "a" suffix and it doesn't seem worth
implementing.
Change-Id: Ib022c6aa170623b83a9700e4fa098c60a9cddfab
Reviewed-on: https://code.wireshark.org/review/24847
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
plugin.rc is Windows specific, also add condition to reflect that.
Change-Id: Ibbb7dab77dd1f277e2302c8f931218ca433f8c72
Reviewed-on: https://code.wireshark.org/review/24833
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Qt 5.4 introduced qUtf8Printable, a convenience macro for converting
QString to a UTF-8 const char *. Add a compatibility definition and
start using it.
Change-Id: I3cf88611b1ed1a34082cb2ba82394954e2e6c461
Reviewed-on: https://code.wireshark.org/review/24828
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Put different types of plugins (libwiretap, libwireshark) in different
subdirectories, give libwiretap and libwireshark init routines that
load the plugins, and have them scan the appropriate subdirectories
so that we don't even *try* to, for example, load libwireshark plugins
in programs that only use libwiretap.
Compiled plugins are stored in subfolders of the plugin folders, with
the subfolder name being the Wireshark minor version number (X.Y). There is
another hierarchical level for each Wireshark library (libwireshark, libwscodecs
and libwiretap).
The folder names are respectively plugins/X.Y/{epan,codecs,wiretap}.
Currently we only distribute "epan" (libwireshark) plugins.
Change-Id: I3438787a6f45820d64ba4ca91cbe3c8864708acb
Reviewed-on: https://code.wireshark.org/review/23983
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
So far decode just packet headers
Change-Id: I7a01f3c83b97882f4c669122ad94b2bdab0ab251
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Reviewed-on: https://code.wireshark.org/review/24583
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of blurring the main welcome screen during startup, draw a dark
band under the progress bar. This reduces the startup time a bit here.
Port over a date check from the GTK+ UI.
Change-Id: I997d0fd2e4320702fe85ee2aea02ce835a423df9
Reviewed-on: https://code.wireshark.org/review/24711
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 9553
Change-Id: I19505c3c05585a05877e9f0db06400ebb8b33985
Reviewed-on: https://code.wireshark.org/review/24585
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make ASCIIDOC and XSLTPROC packages required if building any of
the HTML, PDF or CHM guides.
Don't attempt to build the release notes if ASCIIDOC isn't found.
Change-Id: Id61653a635f91cbaffa32fb26ddbdbc568b74528
Reviewed-on: https://code.wireshark.org/review/24483
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Created an AdminDeployment.xml file for use with the chocolatey
package for VS2015 Community Edition and updated the WSDG to
include it.
Bug: 14147
Change-Id: Id2a701067bf38874cf0bf534cca55dba9cfd30d4
Reviewed-on: https://code.wireshark.org/review/24464
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Avoid printing a noisy "option requires an argument" error when using
'-T' and '-F' as documented. Fix warning that started showing on macOS
with CMake 3.9.4 about CMP0058 since v2.5.0rc0-1180-g799f4f0e14.
Change-Id: Ie0cc352c6b0b2724997e7fe6b49fd5b1f02d1e07
Reviewed-on: https://code.wireshark.org/review/24404
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Ahmad Fatoum <ahmad@a3f.at>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
sort-and-group produces a comma-separated list, the last two entries are
separated by "and"
Change-Id: I3e6c153c764641664453c4d091fdb84bb308e689
Reviewed-on: https://code.wireshark.org/review/24366
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Replace the GPLv2+ blurbs in the doc and docbook directories with SPDX
headers as appropriate. This includes example code such as
packet-PROTOABBREV.c.
Remove dfilter2pod.pl and dfilter2xml.pl. We haven't used them since
2010.
Change-Id: I4adec02a9a4bc3e71e32bdf89f2754edaf696938
Reviewed-on: https://code.wireshark.org/review/24343
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 14152
Change-Id: If1d89afd5dbf62adae4cd84e3fc44bd37a8a2176
Reviewed-on: https://code.wireshark.org/review/24221
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I94da228cba6baf20a2cd02bafc9704492f2cfc9f
Reviewed-on: https://code.wireshark.org/review/23956
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Installs the WSUG to $docdir, unless the --disable-guides option is given
to the configure script.
This will open the Help->Contents menu action using the locally installed
guide. It will also point to the correct version for this Wireshark release.
The wireshark.org link only provides the guide for the master branch.
Change-Id: I9dd539c737cb3777dc1351707b9e45a3a6764aaa
Reviewed-on: https://code.wireshark.org/review/23906
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
1. Protobuf dissector supports the almost all basic protobuf types of
varint, sint, string, and so on.
2. Protobuf messages are not self-described protocol, for example,
varint in protobuf may be int32, int64, uint32, uint64, sint32,
sint64, bool or enum. Currently dissector will dissect field without
detail definition in common way, for numeric field it show uint32 or
uint64, for length-delimited field it just show as bytes. But user
turn the try_dissect_all_length_delimited_field_as_string or
show_all_possible_field_types options on, that dissect will show all
possible value for each field according to wire type. (for example,
a numeric field will parsed in int32, uint32, sint32, sint64 and so
on).
Ping-Bug: 13932
Change-Id: Idfe49307b1c84fe461603756f75daeb3e410a905
Reviewed-on: https://code.wireshark.org/review/23814
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename osx-app.sh to osx-app.sh.in and add the version to the plugin
path at configure time.
Instead up updating Autotools accordingly just remove the macOS
packaging targets. gf61c381b5a removed support for Autotools in
osx-app.sh and if anyone wants to build macOS packages I'd prefer that
they use the same toolchain as the buildbot.
Change-Id: Ide5205265bf8859a85b1afab68fa8f8285952bd3
Reviewed-on: https://code.wireshark.org/review/23839
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adds support for the SolarEdge inverter monitoring protocol. Based on the work
done by https://github.com/jbuehl/solaredge
bug: 14079
Change-Id: Ia0102c057e4cd27c187b01c7fd28053678f22727
Reviewed-on: https://code.wireshark.org/review/23653
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Print the SHA256, RIPEMD160, and SHA1 hashes for each file instead of
SHA1, RIPEMD160, and MD5. SHA256 seems to be the preferred file hashing
algorithm these days and MD5 is actively discouraged. Note that we might
remove SHA1 (which is also discouraged) as well.
Change-Id: I74d972ae5f3484c83175cd3f3c7a55f99c171e20
Reviewed-on: https://code.wireshark.org/review/23761
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add links to the online man page for each tool. Make sure tshark
generates pre-commit-compatible output on Linux.
Change-Id: I00d2973475f27460065bc8a65471abef152ded33
Reviewed-on: https://code.wireshark.org/review/23754
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GRPC dissector register it self to media_type dissector table using
patterns "application/grpc", "application/grpc+proto" and
"application/grpc+json".
GRPC stack (at least in grpc-java) can send JSON over GRPC using
content-type = "application/grpc" which normally means default protobuf
format. A preference is added to detect the message body, if it starts
with '{', and ends with '}', will force to use JSON subdissector instead
of searching in 'grpc_message_type' table.
Ping-Bug: 13932
Change-Id: I910961ca06370e678d19b78cac533ca566d87628
Reviewed-on: https://code.wireshark.org/review/22891
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The editcap man page says that you can pass in -F and -T without
arguments in order to get a list of valid capture and encapsulation
types. Instead of treating these as errors just print the information to
stdout and return 0.
Adjust the docbook _tools_help targets accordingly.
Change-Id: I590cbd59059dd8965299bef4434f522eff8a4e2c
Reviewed-on: https://code.wireshark.org/review/23741
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add a CMake target that dumps the help output for our command line tools
to individual files. Include those files in the tools appendix instead
of pasting them in manually.
Fixup the output of some tools so that they pass the pre-commit checks.
Change-Id: I925f24818422a190927a96531c21f4d16d3fe5b5
Reviewed-on: https://code.wireshark.org/review/23737
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add support for dissecting the old-style Broadcom tag with Ethertype 0x8874,
this was supported by switches like Broadcom BCM5325. Newer switches use a
different tag format (with no Ethertype) which will be supported later.
Change-Id: Iec26f8d13058399a35fb258ccadc48f7f5ac8474
Reviewed-on: https://code.wireshark.org/review/23592
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add flow graph functionality to tshark through -z option.
Output is same as ASCII format saved from GUI.
Change-Id: Iee0bfea7215858e6488b4728581be28287e9ea1a
Reviewed-on: https://code.wireshark.org/review/23652
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Relax requirements for upgrades and make running side-by-side installations
more convenient.
Change-Id: I5299eed005a4748c54465dec90f477adb577e056
Reviewed-on: https://code.wireshark.org/review/23619
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Installing machine code to XDG_CONFIG_HOME is problematic.
Use ~/.local/lib/wireshark/plugins instead.
XDG_CONFIG_HOME should be architecture independent. This allows copying the
configuration between different architectures safely.
Reference: https://www.freedesktop.org/software/systemd/man/file-hierarchy.html
Change-Id: I1b18f64aab4dd351d611cfbea3b9333f23c98bfa
Reviewed-on: https://code.wireshark.org/review/23498
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Wireshark patch releases (X.Y.Z) are binary compatible so reflect
that in the plugin installation path.
By installing to $pkglibdir/plugins/X.Y out-of-tree plugins don't
need to be reinstalled with every patch release.
Change-Id: I9d1728e6fb12bcb51d2a723af22c750cb7a966cf
Reviewed-on: https://code.wireshark.org/review/23497
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
To be continued incrementally to fix gaps and omissions.
If we are willing to reorganize the source tree to have one or two header
include folders this could be simplified considerably.
It would also force developers to give more consideration to API issues,
which is a good thing.
See also e7ef19efc0.
Bug: 14062
Change-Id: I0759da2f9793cfb5cf92c9e231457bba43df4353
Reviewed-on: https://code.wireshark.org/review/23548
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Change-Id: I5b14a6ae815e9e6e9c1705a8e38945e19dba479a
Reviewed-on: https://code.wireshark.org/review/23554
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: João Valverde <j@v6e.pt>
Install public headers required to build plugins for libwireshark (taps and
dissectors).
The source tree is organized to serve the CLI/GUI parts of wireshark.
Plugins are built in tree. This change is intende to allow plugins to be built
out-of-tree but we want to avoid dumping all headers into /usr/include.
To be continued incrementally to fix errors and omissions.
Change-Id: Iaa0def0ba3de4b456a29114c315544d2d64fa748
Reviewed-on: https://code.wireshark.org/review/23374
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Bug: 14039
Change-Id: Ic19c77bb091cd8ee8f824b82463d8b4bae37f625
Reviewed-on: https://code.wireshark.org/review/23437
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tibia (https://tibia.com) is a Massively Multiplayer Online Role-Playing
Game (MMORPG) by Cipsoft GmbH.
This patch provides login protocol (session layer) support for Tibia
versions 7.0 (Dec. 2001) till current 11.42 (2017-08-12).
Most importantly, RSA-encrypted login packets are parsed and symmetric
XTEA session keys are extracted.
Bug: 13959
Change-Id: Id9d0dfa283cc604d66a6e6d1f3811cdcd7ff99db
Reviewed-on: https://code.wireshark.org/review/23054
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Normally a .cap file contains a network type that when masked with 0xFFF
will convert to a pcap LINKTYPE_ value. However, Microsoft Analyzer
used 0xE080-0xE08A for their own purposes within a .cap file.
Add support for the WPFCapture formats and give a "not supported" error
message to the few left unsupported.
Bug: 10556
Change-Id: I321a75ce769fdec75bdc6b595936c25932950a97
Reviewed-on: https://code.wireshark.org/review/23386
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 4221
Change-Id: I59aff777c364af1a064e1e99ea9ac6692a4cedfa
Reviewed-on: https://code.wireshark.org/review/23333
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.
Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change the name of the button macro to "btn" in order to be compatible
with AsciiDoctor.
Change-Id: I673e0fe0ae7b343abeb1afba0b9b11402efdf0d6
Reviewed-on: https://code.wireshark.org/review/23187
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create a common_src directory for common guide content. Add a
typographic convention section. Update some of the content accordingly.
Change-Id: I4f69c0f52a985c48e07fa0628b19734ec691f74e
Reviewed-on: https://code.wireshark.org/review/23131
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Switch the Command Prompt instructions back to using the
platform-specific variants. Switch back to setting WIRESHARK_BASE_DIR.
Change-Id: Ie9f865e5fac1312f2eb3762e439d53ab9a038bd4
Reviewed-on: https://code.wireshark.org/review/23112
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The old URL fetched VS 2013 when I tried it; update to a link that
fetches VS 2015.
Change-Id: Ib33e8f09bef51a532c986e70ae6ac5d9d1f1dabe
Reviewed-on: https://code.wireshark.org/review/23094
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The protocol help feature was completely removed in g09efa5fb8b and
deprecated long before that.
Change-Id: Ia0bde785002025c0cf9e3f783a5cad7f784938a2
Reviewed-on: https://code.wireshark.org/review/23076
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Including attributes in Public Action frames and those that can appear in GAS
frames.
Change-Id: I8d2a717984295592952b8fff82879197ace2a4b2
Reviewed-on: https://code.wireshark.org/review/22615
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Have a separate section, before all the others, giving the top-level
directories under which those folders are placed, with names for use in
later sections.
Update the example personal application data folder on Windows to the NT
6.x-and-beyond standard.
Don't give the pathnames for configuration files in the table, just give
the name and the description.
For the global files, distinguish between macOS and other Unix-like
systems, and, for the latter, mention both /usr/XXX and /usr/local/XXX.
The preferences file isn't "wireshark.conf", and hasn't been that for
quite a while.
For all the configuration files, give the details of personal vs. global
files - they're different for different files.
Have separate sections for configuration files and plugin folders. For
plugin folders, note both the use of the top-level plugin folder for Lua
scripts and the use of the per-Wireshark-version subfolder for compiled
plugins.
Use fixed-format text for the non-variable parts of pathnames, and
italics for the variable parts.
This should, among other things, make it easier for other documents,
such as the Lua documentation in the Wireshark wiki, to refer to folders
such as the configuration file and plugin folders.
Change-Id: I133c1e159e992827458bee64c4f37be5b50f9b6f
Reviewed-on: https://code.wireshark.org/review/23060
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update the Windows section for Visual Studio 2015. Copy the content from
README.cmake to its own WSDG section and remove README.cmake.
Remove the PowerShell sections. Our required version (2.0) ships with
every supported version of Windows. Remove the sed section.
Change-Id: Id37c6e71bacc247a3ed1992adb1408ec13f6a187
Reviewed-on: https://code.wireshark.org/review/22940
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This will leave more room for messages on smaller screens. Set the
default OFF because this is probably only useful for developers.
Group Status Bar settings in the Layout frame.
Change-Id: Iea9a55b6c088aac10ee7680b1e8a882ed00c73be
Reviewed-on: https://code.wireshark.org/review/22824
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The information about the selected packet number is available from
the Number column and from the Frame entry in the Packet Details
so make the entry in the status bar optional.
Also remove duplicate "Packet:" entry, add the UTF8_MIDDLE_DOT
separator and rename the prefix to "Selected Packet:".
Bug: 13902
Change-Id: I0e7ba884bdcbdc87a5738223ef92f52e4ac195e5
Reviewed-on: https://code.wireshark.org/review/22807
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Rename "enterprises" to "enterprises.tsv" so that its format is a bit more
obvious and so that double-clicking the file might do something useful.
Add it to the Windows packages.
Change-Id: I5ef54a04ce1b4926aa4535e756e04b3e2a56d463
Reviewed-on: https://code.wireshark.org/review/22616
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"enterprise-numbers" is converted to tab-separated values and renamed
"enterprises". Unused fields are stripped.
PENs are stored in a hash table loaded at run-time.
User "enterprises" file is loaded from the personal config dir.
Misc make-sminmpec.pl improvements and fixes.
Note: names of type "Entity (formerly ...)" have the formerly part commented out for a cleaner output.
Change-Id: I60c533afbe3e399077fbf432088064471ad3e1e2
Reviewed-on: https://code.wireshark.org/review/22246
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
The filter expressions data was shoved into the preference file in a
very loose, non-arrayed form. It's much easier to manage in code
(and for users in a separate file) as a UAT.
The GTK GUI was hacked to use the existing UAT dialog rather than
rewrite the pref_filter_expressions.c to support a UAT. Should
be okay since it's deprecated.
Change-Id: I688cebb4b7b6594878c1398365e79a205f1902d9
Ping-Bug: 13814
Reviewed-on: https://code.wireshark.org/review/22354
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make the "matches" operator case-insensitive by default. Case
sensitivity can be switched back on using "(?-i)".
It might be nice to make "contains" case-insensitive as well, but we'd
need a caseless version of epan_memmem.
Change-Id: I5e39a52c148477c30c808152bcace08348df815a
Reviewed-on: https://code.wireshark.org/review/22330
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The spurious retransmission check operates on the last-seen
acknowledgment in the reverse direction. Adjust the analysis logic so
that it is checked independently of the forward sequence number.
Update the documentation accordingly.
Change-Id: I3714f44398501a581f967c61e119fe95f90209b1
Reviewed-on: https://code.wireshark.org/review/21769
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial implementation of LoRaWAN dissector based on LoRa Alliance specification.
Features:
- Frame dissection for fields as per documentation
- Payload decryption
- MIC verification
Not implemented:
- Region specific information (frequencies etc)
- Statistics
Bug: 13775
Change-Id: I6031755dfd582dd78ed7c2566cdb390c577c9078
Reviewed-on: https://code.wireshark.org/review/22017
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
With this commit, tshark will mimic the packet coloring present in the
Wireshark GUI whenever "--color" is passed. This initial commit only
adds such support for the standard text output format. A future commit
could potentially broaden this support to other output modes (such as
"-V" mode).
Bug: 5158
Change-Id: I59329e32475b0c67e28802e79610544d4868ea2d
Reviewed-on: https://code.wireshark.org/review/21325
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add support for handling LoRaTap (https://github.com/eriknl/LoRaTap) DLT in
wiretap and add dissector for LoRaTap headers.
Exposes Syncword for subdissectors to dissect frame payload.
Change-Id: Ie4ba2189964376938f45eb3da93f2c3376042e85
Reviewed-on: https://code.wireshark.org/review/21915
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Gerald Combs
Harald Welte