They're not marshalled as a 64-bit integer in pcapng files, they're
marshelled as 2 32-bit integers, the first of which is the upper 64 bits
of the value and the second of which is the lower 64 bits of the value.
Bug: 12349
Change-Id: I2bde51ac11b2518ef2ddaecf43672c984f26081a
Reviewed-on: https://code.wireshark.org/review/15492
Reviewed-by: Guy Harris <guy@alum.mit.edu>
... only if we haven't figured it out yet
Do some other minor cleanup while at it.
Change-Id: I75d10b66a529c2043f17fced3e65f57ada993442
Reviewed-on: https://code.wireshark.org/review/15488
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
There's no need to build a string by reading byte-by-byte.
Change-Id: I23223ec1188acbd2591817d66cc8f15d4eb25427
Reviewed-on: https://code.wireshark.org/review/15486
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Use an offset variable, increment it as we walk through the packet. Use
tvb_reported_length_remaining() to see if we have more data.
Change-Id: I7048316ee418ff3e79e391295a29d9b221079847
Reviewed-on: https://code.wireshark.org/review/15485
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
which were copied from doc/packet-PROTOABBREV.c (or its predecessor)
Change-Id: I8f81d45cf7e9ad00378c965af663df8b64a9b591
Reviewed-on: https://code.wireshark.org/review/15484
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
As we know the field's length, we can skip to the next field even if the
length is invalid. There's no need to abort the dissection in this case.
Change-Id: I855427ca07f38c3041018a2d7ed9dbc15f1e9bd7
Reviewed-on: https://code.wireshark.org/review/15483
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
We either have a string or an integer. Use tvb_get_string_enc() to get
the string.
Change-Id: I84a83aed5eba57817e53bb194a8e01c273abf57a
Reviewed-on: https://code.wireshark.org/review/15482
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The result of shifting a 32bit value by 32 bits is undefined.
Avoid all of the shift operations. Use the appropriate functions to get
the value from the tvb.
It seems that a manolito integer can be up to 5 octets. Use data types
large enough to store the possible values.
Change-Id: Icc1b538dbd7cdb27700140e9e5b81458b1047537
Reviewed-on: https://code.wireshark.org/review/15481
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- Deal with short EnblocCallMessage coming from 7936
- SubscriptionStatReqMessage is shorter than previously known
- Use buttonType enum in FeatureStatV2Message and FeatureStatMessage
Change-Id: I0c4db5a0199ebb95bf807c858971d763faeef016
Reviewed-on: https://code.wireshark.org/review/15427
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I6a8ea98cf0f4a2172e73fc4dcad67f2dbf8d5be3
Reviewed-on: https://code.wireshark.org/review/15471
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The number of bytes allocated is small enough not to matter.
Change-Id: I44c2103a87bd41f21e61d0f27648266fdc2be557
Reviewed-on: https://code.wireshark.org/review/15470
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
QListWidget::takeItem removes an item from the list but doesn't free it.
Call delete instead.
Change-Id: I81b1315d0851518935f542c53455b283e26e5dc5
Reviewed-on: https://code.wireshark.org/review/15474
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add dissection of Diversification nonce (if QUIC Version >= 33)
Bug:11494
Change-Id: I448921db30174e47c30b3f60656ec3494f079c23
Reviewed-on: https://code.wireshark.org/review/15465
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I9a33c37658b48cf47d4f054658ac42fab99d7a43
Reviewed-on: https://code.wireshark.org/review/15466
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
type.
Change-Id: I7af0d89441b9ab87e9ed8dd0d52ca7f6ad82b896
Reviewed-on: https://code.wireshark.org/review/15458
Reviewed-by: Michael Mann <mmann78@netscape.net>
This is intended to aid possible future efforts with generic
block handling.
Change-Id: Iff915a8d0d8ed20ef89c20e0cf7967a3416318c3
Reviewed-on: https://code.wireshark.org/review/15451
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Check the current length before adding the digit and not after
While we are at it, also switch to strbuf wmem buffer instead
Bug: 12442
Change-Id: If3e80e8446f527fe8fb013fbd57828f5572ca5ee
Reviewed-on: https://code.wireshark.org/review/15441
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows for better expandability of future options
(and not having to add more boolean parameters or remove
obsolete ones)
Change-Id: I761bcfdbffe5b15c71dcd2a500e467b0f2c7a2fa
Reviewed-on: https://code.wireshark.org/review/15450
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug:11494
Change-Id: I3f0999049cd47f70154fdfbd3ca618c413dbea87
Reviewed-on: https://code.wireshark.org/review/15439
Reviewed-by: Michael Mann <mmann78@netscape.net>
We don't only try and dissector only handshake
Change-Id: I92576cb7a6d8d3390d4a95d8e81db06d8698a77c
Reviewed-on: https://code.wireshark.org/review/15438
Reviewed-by: Michael Mann <mmann78@netscape.net>
Added "Ctrl+Alt+C" as shortcut for packet comment.
Added "Ctrl+Alt+Shift+C" as shortcut for capture comment (GTK)
resp. for Capture File Properties (QT)
Bug: 12410
Change-Id: I1ba61a38829c35f3bb166a94cda4bec3901c7ef1
Reviewed-on: https://code.wireshark.org/review/15300
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Set len and caplen in pcap_read_post_process to actual wlen/payload length like for native ERF.
This fixes padding incorrectly showing as an Ethernet trailer or equivalent as
well as packet length calculations being incorrect.
Fix up rlen when writing ENCAP_ERF so it isn't longer than the actual record
length. This differs from native ERF behaviour which pads the record instead
but there is currently no non-hackish way to do this for pcap/pcap-ng.
Note: This means records captured from a DAG card in Wireshark (or old
PCAP(-NG) files opened) will have padding stripped when saved as PCAP(-NG) and
thus cannot be transmitted when converted to native ERF without aligning first.
However, if the file is saved as native ERF originally the padding will be
preserved (and zeroed). Given that extension header write support was very
broken and transmission of PCAP(-NG) is not supported without conversion this
is not expected to have been common.
Ping-Bug: 3606
Change-Id: I49dce03984d7f07431b6eb7e16a993aeb571f288
Reviewed-on: https://code.wireshark.org/review/15359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Wiretap support had already been added for old type variants COLOR_HASH_ETH and
COLOR_HASH_POS, dissect them like the other variants.
Change-Id: I60b83c50a258a27c31a498382c276bc4f4a34cbb
Reviewed-on: https://code.wireshark.org/review/15397
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug:11494
Change-Id: I51f19c2e09f9503fa8a6a34933048bce3fef2803
Reviewed-on: https://code.wireshark.org/review/15419
Reviewed-by: Michael Mann <mmann78@netscape.net>
we expect to find packet-tcp.h in the same directory as our dissector
Change-Id: I1bf027afbf810708e9f1428442d41b79708738cd
Reviewed-on: https://code.wireshark.org/review/15426
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
ccm_data can't possibly be NULL at this point
Change-Id: I30dcf902573a54e7efed864339f05e98bb666b20
Reviewed-on: https://code.wireshark.org/review/15425
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
cast one of the factors to uint64 to make sure that the calculation uses
uint64 and not uint32 which may overflow
Change-Id: Iec14f870a694008f5a734294d9154117b6c64b78
Reviewed-on: https://code.wireshark.org/review/15346
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Fixed warnings about Dead store / Dead assignment found by clang
analyzer.
Fixed encoding to be compatible to hf-type.
Change-Id: Iba93abe21f87029d53cd1db111b372cd4bd76229
Reviewed-on: https://code.wireshark.org/review/15418
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The speex headers use some CPP magic to rename the API.
Using the public names in the calling code reduces obfuscation and
allows linking with libspeexdsp.so also.
Change-Id: I10c6cd2de6b237400224d3db6a9995e646747311
Reviewed-on: https://code.wireshark.org/review/15400
Petri-Dish: João Valverde <j@v6e.pt>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
QListWidget::takeItem does nothing if the row is invalid. This is the
case when we pass it ::count(). Make sure that we remove a valid row and
that our loop will terminate.
Follow-up to g174dc98.
Change-Id: I7e695cc04b2f3b5c28a8cc70af0579d787ff8737
Reviewed-on: https://code.wireshark.org/review/15417
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
checkAPIs complains that the system member of the kingfisher_packet_t
structure shadows a system variable.
Althoguh this is a false positive, rename the variable to keep
checkAPIs happy.
Change-Id: Ia356dea5abb3ed93d10c5057f55786e2f28cec11
Reviewed-on: https://code.wireshark.org/review/15414
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Was fixed to pass. Let's keep it that way.
Change-Id: I49b532b6f1df2430b3912f8f1e9d518caff17d2c
Reviewed-on: https://code.wireshark.org/review/15413
Reviewed-by: Michael Mann <mmann78@netscape.net>