Remove the "-git" version extra default in CMakeLists.txt and
configure.ac, otherwise we end up with wireshark-2.1.0-git.tar.bz2,
Wireshark-win64-2.1.0-git.exe, etc.
Change-Id: I89b9beaa87ac475950e24a3111cf09e878a33ff7
Reviewed-on: https://code.wireshark.org/review/15784
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Many of our AsciiDoc "macros" are simple string replacements. Start
converting them to attributes.
Update the release notes.
Change-Id: I23d9ffd311f13a34c16cde3b4898b7f7bb8ba638
Reviewed-on: https://code.wireshark.org/review/15778
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
ERO subobjects have subobjects 0..127, while RRO have subobjects
0..255. Make this distinction when retreiving the subobject ID.
See RFC 3936, section 2.3.1.
Change-Id: Iae061c259c59b1cf585ce99d02dd0f6ca09a49c3
Reviewed-on: https://code.wireshark.org/review/15772
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Don't try to add expert items for size < 1 when this code isn't
executed for size == 0. (note: size is unsigned)
Change-Id: Ieb3d2593d4bb5f175ac368ef38571511b4f56f25
Reviewed-on: https://code.wireshark.org/review/15774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Prefix operators are supposed to be more efficient with iterators,
so lets use them instead of postfix operators.
Change-Id: I3090e4954c5cb67db47c88e2874b1a8ac52aa2cd
Reviewed-on: https://code.wireshark.org/review/15546
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Qt and GTK+ can have wildly different notions about the top-left
position of the main window, particularly in multiple-screen
configurations. For example, on OS X with the following monitor
arrangment:
g .---------.
| |
| |
q--------.| |
| |`---------'
| |
`--------'
GTK+ positions windows relative to 'g' and Qt positions windows relative
to 'q'. As a result it's easy for one UI to clobber the settings of the
other.
Split the geometry_main_x and geometry_main_y recent settings into Qt
and GTK+ versions.
In the Qt UI, try moving the main window onscreen before falling back to
the default geometry. This keeps us from losing our size settings.
Add a link to a Qt geometry bug.
Change-Id: If7ae0dcc1719e646299ee3bbf1c88743f655c9a0
Ping-Bug: 12389
Reviewed-on: https://code.wireshark.org/review/15775
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The data is not applied anywhere, just stored. The first Section Header block
is still the only one that is used to read a pcapng file.
Change-Id: If9546401101d2fe79b2325bacbd597b92127e86e
Reviewed-on: https://code.wireshark.org/review/15705
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way you get dropdown suggestions for filter completion.
Change-Id: I2b9d417ca50559ffdc8bd3f7f0e1bbc185c1384d
Reviewed-on: https://code.wireshark.org/review/15592
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The expert info refers to encoding_id not being zero. So then
test for it.
Change-Id: I6692f0b6ac0275328bc84741d9ded094bdf25e31
Reviewed-on: https://code.wireshark.org/review/15769
Reviewed-by: Anders Broman <a.broman58@gmail.com>
... at least for files for which have file extensions, including the gzip'd
versions of these files.
Add .pkt (Savvius) file extensions to our freedesktop.org registrations.
Change-Id: I0fb72909a1e9e3073451de06a64503fcfc6b57ed
Reviewed-on: https://code.wireshark.org/review/15694
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
In the Capture Interfaces dialog, make sure we have exactly one of a
"not applicable" dash or a checkbox. Otherwise if your interface falsely
reports that it supports monitor mode you might end up with both.
Change-Id: I9b256f1ef0e8ff32626e7f2b526130f3c110d142
Reviewed-on: https://code.wireshark.org/review/15761
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Fix a bug in proto_tree_set_uint64() which caused fields to be sign extended.
(This only showed up when a non-zero bitmask was present.)
Change-Id: Ibcc986e3d42f97348966ea66c2ae9fca73b09992
Reviewed-on: https://code.wireshark.org/review/15764
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This check only works on the GTK UI's "Details" window. And it
only can check version numbers. So there's no way for this code to
be able to differentiate Npcap from WinPcap. And Npcap uses a very
small version like "0.07", which makes itself not welcomed by this
checking code.
Change-Id: I861e9decd123e7d30547789c0488043616b17032
Reviewed-on: https://code.wireshark.org/review/15304
Reviewed-by: Yang Luo <hsluoyz@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Dissector has always been able to cope with unknown record types so pass them
through (and call the data dissector from the ERF dissector in this case).
Previously was stopping processing on the first unrecognized record which is
very unhelpful for otherwise valid files that have new types mixed in.
Remove ERF type check altogether from open heuristic as ERF type could be past
48 in future and with more extension headers bit any byte value could be valid.
Also allow setting ERF_RECORDS_TO_CHECK to 0 to force skipping the heuristic.
Change-Id: I8331eef30ba2e949564f418b3100bd73b8f58116
Reviewed-on: https://code.wireshark.org/review/15361
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make sure audio_stream_ is non-NULL before we try to use it. Delete
audio_stream_ more gracefully and add a note about mutexes on OS X and
Windows.
Bug: 12166
Change-Id: I12e76c49e631bc1de813c5c7d82c7d928c71237e
Reviewed-on: https://code.wireshark.org/review/15759
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also make it use ws_inet_ntop6() (rather than implementing the string
conversion ourselves).
Remove ip6_to_str_buf_len().
Change-Id: I1eff3a8941e00987c2ff0c4dcfda13476af86191
Reviewed-on: https://code.wireshark.org/review/15692
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Many AFS packets have empty payloads, and Wireshark marks these as
"Malformed Packet" even though they are normal.
Eliminate these false alarms by using tvb_reported_length_remaining when
adding items to the tree.
Change-Id: I4f134fef36b8bb7f99224f02fea9cf29117fb36a
Reviewed-on: https://code.wireshark.org/review/15754
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idcbe44bfe0730e42a30107414a7912a6aa50f411
Reviewed-on: https://code.wireshark.org/review/15757
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add zoom in and zoom out actions. Changes only affect the X axis (the
spacing between the dashed lines).
Bug: 10693
Change-Id: I145e8501239f26e1be6135bffabdebec14f262c1
Reviewed-on: https://code.wireshark.org/review/15746
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Basically a copy/paste of the existing hf_ functionality, but looking for ei_ variables instead.
Change-Id: Ic9a34f6bd5dee895fc858bb9631c00271a86486b
Reviewed-on: https://code.wireshark.org/review/15717
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Put direction indication label and checkbox in a HBox to align vertical.
Change-Id: I2aa7846aef25e9f080349e9dfef5c191b8d323e3
Reviewed-on: https://code.wireshark.org/review/15742
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Make the netfilter rules more sensible as described in bug 2482.
Switch to long names while we're here.
Ping-bug: 2482
Change-Id: I9e44c4ed88ed83ff1d7d478acea83fa0c2af5cac
Reviewed-on: https://code.wireshark.org/review/15701
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Done for performance improvements.
This could probably be done in checkAPIs.pl, but this was just
a quick manual check with grepping.
Change-Id: I91ff102cb528bb00fa2f65489de53890e7e46f2d
Reviewed-on: https://code.wireshark.org/review/15751
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
ei_dnp3_buffering_user_data_until_final_frame_is_received is #if 0ed
out in the code, so reciprocate that to the declaration/array.
Change-Id: I65dc6bb6f93f736e3adc4f4134f3bdca1f890bf9
Reviewed-on: https://code.wireshark.org/review/15749
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Use it for OPT_COMMENT in the SHB, as there may be ore than one instance
of OPT_COMMENT in an SHB.
Also, use wtap_optionblock_get_option_string for OPT_SHB_HARDWARE,
OPT_SHB_OS, and OPT_SHB_USERAPPL; they're specified as "only one
instance allowed".
Change-Id: I23ad87e41e40b7ae1155e96c0523a6f8caad5204
Reviewed-on: https://code.wireshark.org/review/15750
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't put them in the summary structure; the summary routines should
calculate summary statistics, not dig up every bit of information that
*could* appear in a summary.
Instead, have the GUI code call wtap_file_get_shb() to get the SHB
information and call wtap_optionblock_get_option_string() to fetch the
option values.
Move the option code definitions into wtap_opttypes.h, as they're used
by the API.
Change-Id: Icef11f5fb30fdc3df1bb0208aae9ed0aebaf0182
Reviewed-on: https://code.wireshark.org/review/15748
Reviewed-by: Guy Harris <guy@alum.mit.edu>
and fix Bad cookie text
Change-Id: Ie9e2629a9f6cff4e2a35fcf4bf399858dd21c5ef
Reviewed-on: https://code.wireshark.org/review/15721
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I97d7a97f923baa655d043647a16d6eb4f356d899
Reviewed-on: https://code.wireshark.org/review/15729
Reviewed-by: Mike Morrin <morrinmike@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5a6133cb0ec0bf8807bb3bdfa3721657420b53a2
Reviewed-on: https://code.wireshark.org/review/15730
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The enhanced checkhf.pl in https://code.wireshark.org/review/#/c/15717/
validates ei items in addition to href items. This patch addresses the
false positive ERRORS reported by the enhanced checkhf.pl for a "cosmetic"
issue (missing space after { in ei array entries).
Change-Id: I87876ce2cfa4b0e11cb22f457bd9ab025d939e5c
Reviewed-on: https://code.wireshark.org/review/15739
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
From https://groups.google.com/a/chromium.org/d/msg/proto-quic/HKwPvmpV-rw/svYt4cLNMwAJ
Changes:
1) Entropy is deprecated. Received entropy byte is removed from ACK FRAME, and sent entropy byte is removed from STOP_WAITING FRAME.
2) ACK FRAME now reports the largest packet number observed so far followed by received packets ranges (rather than missing packet ranges).
3) Private flags byte is removed from packet header
Change-Id: I6a84a3019ee529f31638f8bf6d0cb77e4a8a3f90
Reviewed-on: https://code.wireshark.org/review/15480
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before there was a wrong dissection of parameters that wasn't
predictable because of the wrong offset. This could lead to anything.
Now, it shows an expert warning indicating that the RTPS packet
doesn't contain all the bytes specified by the parameter but it shows
properly the parameterId and the length. In order to parse properly
the whole PID_EXTENDED parameter we'd need to handle fragments. That
is not the purpose of this commit.
Change-Id: I0f3f0f1d309d43a530047f510169fb07983a9fb6
Reviewed-on: https://code.wireshark.org/review/15698
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ERROR: NO ARRAY: epan/dissectors/packet-amqp.c, ei_amqp_amqp_1_0_frame_length_exceeds_65K
Missing a space after { (need fix check ?)
Change-Id: Idce3b270c53feb7fc12e8c82fb87932faa1e468d
Reviewed-on: https://code.wireshark.org/review/15728
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 11788
Change-Id: I3f4df884d98903222de8a340de6a08e680687b0a
Reviewed-on: https://code.wireshark.org/review/15727
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Guy Harris