Dissection of "Class-specific Audio Control Interface Descriptor:
Selector Unit Descriptor" and "ENDPOINT DESCRIPTOR" for USB Audio
Device added.
The USB Audio class extended Standard USB Endpoint Descriptor 2
bytes further. A condition to check whether the interface class is
CLASS_AUDIO is added and the 2 bytes are dissected.
Change-Id: I63f1334df71b9e8cd92a299d533b732b0a13ace7
Reviewed-on: https://code.wireshark.org/review/36250
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The absolute radio-frequency channel numbers may overlap between
both DCS1800 and PCS1900 frequency bands. The purpose of the PCS
band indocator is to avoid ambiguity for the overlapping numbers.
Change-Id: I5c6e429e9c579d1e132994954a4d32f2f1bd6ca5
Reviewed-on: https://code.wireshark.org/review/36240
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
User can remove the previously set name, just by editing the current
name, and removing all text (empty string). Empty strings are skipped by
the name resolution code.
Bug: 11221
Change-Id: Id9c64885b5dd82fd72dd16b25a0f8046b8102a11
Reviewed-on: https://code.wireshark.org/review/36206
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not append separator to import directory path. Calling QFileInfo()
constructor with string ending in directory separator results in
creating QFileInfo instance for file with empty filename.
Bug: 16410
Change-Id: I4fe248fcdb0c0c67843652475ae58c2a473a9fa8
Reviewed-on: https://code.wireshark.org/review/36238
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Set usb conversation info vendor, product and version based on values
recorded in device product data. This results in USB dissectors that
register on VID/PID to get correct vendor, product and version
information if configuration descriptor is not present in the capture.
One such dissector is FTDI FT where the version is used to determine
chip type.
Ping-Bug: 11743
Change-Id: Idcc361861b616222e32fc0d8cef9f9dd687cf1e4
Reviewed-on: https://code.wireshark.org/review/36243
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Filipe Laíns <lains@archlinux.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Group command with parameters under its own subtree. Besides grouping,
this makes it possible to filter the command with specific parameters.
Ping-Bug: 11743
Change-Id: I4702a0cac6bd398a271c310185bf2670d352ba55
Reviewed-on: https://code.wireshark.org/review/36241
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Reviewed-by: Filipe Laíns <lains@archlinux.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Do not use QDir::separator() as a directory separator. QT internally
uses "/" as separator on all systems, including Windows. The zip files
were not unzipped into target directory because splitting path on
QDir::separator() in ProfileModel::cleanName() returned only one part
(there weren't any "\' in file name, only "/").
Qt documentation for QDir::separator() mentions:
"You do not need to use this function to build file paths.
If you always use "/", Qt will translate your paths to conform to
the underlying operating system. If you want to display paths to
the user using their operating system's separator use
toNativeSeparators()."
Bug: 16410
Change-Id: I9627684f58f4c1da24b6eec8958a2542fe07d915
Reviewed-on: https://code.wireshark.org/review/36237
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
When dissecting a trace containing the same FID multiple times (for
different file paths) Wireshark would get confused and show file path
of the latest occurence of the FID for all usage.
Example:
=> open req "\dir\lol.txt"
<= open rsp fid=0x123
from this point, 0x123 is "lol.txt", yet wireshark will show "bar.txt"
=> write req fid=0x123 data="foo"
<= write rsp ok
=> close req fid=0x123
<= close rsp ok
from this point, 0x123 is no longuer valid
=> open req "\dir\bar.txt"
<= open rsp fid=0x123
from this point, 0x123 is "bar.txt"
=> write req fid=0x123 data="foo"
<= write rsp ok
=> close req fid=0x123
<= close rsp ok
Wireshark displays "bar.txt" for all occurences of 0x123. This patch
fixes that and stores the interval (in frame numbers) in which each
FID is valid. From the first time the FID is seen to the time the
close is done.
Change-Id: I9027bb1756d1dbee0393b50786f49845b79f129c
Reviewed-on: https://code.wireshark.org/review/36192
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The assert mistakenly crashed the import
Bug: 16410
Change-Id: I385f4ba9b842f0f25d6ffe30db6065946fd55d84
Reviewed-on: https://code.wireshark.org/review/36233
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
This patch dissects the clock divisorset command. For the FT2232D it
will also calculate the clock based on the divisor.
Calculating the clock for newer chips requires more context that what we
currently have. The master clock is 60MHz by default but can be
configured to 12MHz for compatibility with older chips. We need to track
the "Divide by 5" commands (0x8A/0x8B) to be able to claculate the
clock.
Ping-Bug: 11743
Change-Id: Ica3acfa97b4db38c2f28bb14cb1e0576d9b5139e
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Reviewed-on: https://code.wireshark.org/review/36167
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Tomasz Moń <desowin@gmail.com>
When smb2_session_info() was factored out a bug was introduced where
instead of appending text in the parent it appended text in the new
sub item, showing it twice. Fix that by appending to the parent item
instead.
Change-Id: I87c681cd5ea233b3a8c451d0dde2cd2ddf8da48e
Reviewed-on: https://code.wireshark.org/review/36191
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Corrected IE name
Added DSCP value
Change-Id: I7d68ade1ff6292727d55294b73278be34c31d4e9
Reviewed-on: https://code.wireshark.org/review/36223
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The BT ATT protocol dissector has a dissector table for the
`btatt.handle` field so that is is possible to register subdissectors.
But registrating the subdissector via `btatt.handle` field has no
effect. Instead, it has to be registered via `bluetooth.uuid` field.
In some cases, the BT ATT dissector doesn't call its subdissectors when
it is registered via `bluetooth.uuid` field: It is when no frame
connects the BT UUID to the handle.
This fix now calls the registered subdissector of the `btatt.handle`
field if any.
As an improvement, duplicate code could be removed for BT GATT
subdissectors because dissect_btgatt() extracts already the UUID from
the short name and then calls dissect_attribute_value().
The BT GATT subdissectors will be shown as subtree as before because its
implementation is in the same file. All other subdissectors will get its
own root tree as it is common for new protocol layers.
Bug: 16371
Change-Id: I99393e51e949a6488014f175c09a44743ce353a2
Reviewed-on: https://code.wireshark.org/review/36176
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the case CAN-FD is used as a transport, the header of ISO15765
changes for first frames (ISO 15765-2:2015). In my previous commit
"Add support for first frames with CAN-FD" (54010d4093) I added
support for *single frames*.
This patch really adds support for ISO 15765-2:2015 first frames, also
known as jumbo frames. Documentation is available in this presentation,
on slide 24:
* http://s3.eu-central-1.amazonaws.com/cancia-de/documents/proceedings/slides/hartkopp_slides_15icc.pdf
Change-Id: Ic97a3c71ee1df4d133dbfb04a1c781fa66739cf0
Reviewed-on: https://code.wireshark.org/review/36189
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If read from capture file fails, set a flag that result in subsequent
read attempts to not display alert box on read failure.
This solves endless "An error occurred while reading the capture file"
error when the underlying trace file becomes unavailable. Now it is
possible for the user to close the capture file.
Bug: 4811
Change-Id: I411bbb3fb717bc994ab1f5e3805e2c8b4ee09c5e
Reviewed-on: https://code.wireshark.org/review/36114
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Improve dissection of "Class-specific Audio Streaming Interface Descriptor:
Format type descriptor" by performing dissection for FormatType 3.
Conditions for checking Number Channels=2, Subframe Size=2 and
Bit Resolution=16 are added.
Else they are added to expert info.
Change-Id: Ie8b005ccadda39c653782fc38280ce21cf2ca0a8
Reviewed-on: https://code.wireshark.org/review/36185
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Run our software update checks in the foreground.
Post NSApplicationWillTerminateNotification prior to exiting the
application. This *should* start the automatic updater if a new version
of Wireshark was downloaded in the background, but is difficult to test
without a fully signed and notarized application bundle.
Bug: 16416
Change-Id: I212dbb42e1cafff713ff195b448c2799750bc6ac
Reviewed-on: https://code.wireshark.org/review/36221
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When adding or removing a filter, the currently selected packet
is deselected. beginResetModel/ endResetModel were used which
reset the QModelIndex, now changed back to dataChanged/
headerDataChanged as before.
Bug: 16414
Change-Id: Ia8fa91e3378bdc0792382184e75e59900397e8b9
Reviewed-on: https://code.wireshark.org/review/36204
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Automatic software updates are now supported in macOS as well.
In the file, the channel name doesn't have UPDATE_CHANNEL_ in front of
it; it's just DEVELOPMENT or STABLE.
Change-Id: I11a8e10b3c0ee6c4eec2568bf94d42c4098b82a5
Reviewed-on: https://code.wireshark.org/review/36207
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We generate sessions for all packets, no need to skip Tree Connects.
Change-Id: I4a99d26f0ded12cc3de2f07489fb4994a43743a5
Reviewed-on: https://code.wireshark.org/review/36190
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Initial support for TEAP (Tunnel Extensible Authentication Protocol)
defined in RFC7170.
Only partial support implemented. Mainly the parts needed to discover
the carried EAP payload when establishing IEEE802.11 EAP-TEAP
connections.
Bug: 16379
Change-Id: Ic2b31d0b871b430792a371cd09926811e350c32b
Reviewed-on: https://code.wireshark.org/review/36104
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Run Wireshark tests on macOS only if SECURITYSESSIONID. If this isn't
reliable enough we might be able to get away with running a small UI
utility, e.g. `pbpaste > /dev/null`.
Change-Id: Ieccb87bcc1312f02c22ec2905a80437bf136d964
Reviewed-on: https://code.wireshark.org/review/36195
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move the files hashtables from the conversation to the session object
so that it can be shared across TCP connections.
In a multichannel capture, this lets file opened on one channel be
accessible in another channel.
Change-Id: Ic8909b590e7f6614d8d92422c0c1641d521240e3
Reviewed-on: https://code.wireshark.org/review/36184
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In a multichannel capture a session can be shared across multiple
conversation.
Adds a global per-file autoreset hashtable named smb2_session.
This change already makes decryption works since the session
decryption keys can now be shared.
Change-Id: I8991aa2afc4dcbe0bc88f4302c3f09ed61ab85ff
Reviewed-on: https://code.wireshark.org/review/36183
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add new HELLO
* open tracing
* preserve TTL
Add some flex frame dissection
* impersonate (user name)
* preserve TTL (validate len is 0)
* open tracing has no further dissection
Change-Id: Id8ca22fbd7ba52ff04a9dcc062e8ce15f4b0ccaf
Reviewed-on: https://code.wireshark.org/review/36127
Reviewed-by: Dave Rigby <daver@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The GOOSE dissector included Wireshark is using the GOOSE message
definition that was described in an older version of the IEC 61850
standard. To be precise, the current field names in Wireshark
corresponds to the Edition 1 of the IEC 61850 standard.
This GOOSE message definition is defined in Table 23 of the
IEC 61850-7-2:2003.
In this release (IEC 61850-7-2:2003) there is a field name called: Test.
However, in the new version of the IEC 61850, the Edition 2 of the
IEC 61850 standard, the Test field was renamed to Simulation.
To be precise, the new GOOSE message definition is defined
in Table 43 of the IEC 61850-7-2:2010.
Bug: 16402
Change-Id: I407987d7f4564b5bafa0c9217756c3f9f23918f6
Reviewed-on: https://code.wireshark.org/review/36175
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: If0f7198615de9bf03c2f905b9a56c4531aa4be5e
Reviewed-on: https://code.wireshark.org/review/36143
Reviewed-by: Jason Cohen <kryojenik2@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove "Wireshark.*", since that makes tools like ag and rg skip
packaging/wix/Wireshark.wxs. Add a note about this.
Remove other no-longer-relevant entries.
Change-Id: Ib3841249aef2018ca2ef0285a5d0ea799c54d310
Reviewed-on: https://code.wireshark.org/review/36145
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those fetch gint and guint values, respectively, rather than values with
specified sizes in bits.
This should squelch Coverity CID 1457357.
Change-Id: Ia8f100bd3fe90c266e24a4346f80b2667c653b93
Reviewed-on: https://code.wireshark.org/review/36177
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix the dissector error of RTP over TCP(RFC4571)
Bug: 16392
Change-Id: I517daee0cf1ff47484d9b5ea5007ecde9fe16a44
Reviewed-on: https://code.wireshark.org/review/36091
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Switch list of manually resolved names from a list to a map
(IP Address --> Custom Hostname)
2. If an address was already in the list, just update the old entry.
Previously this added a new entry anytime somebody would edit a
hostname.
3. Display the previous hostname in the GUI
4. Remove unused manually_resolve_cleanup()
Bug: 11221
Change-Id: I42d5b6267eb6613bdf7783865bc2d30d6bda1147
Reviewed-on: https://code.wireshark.org/review/36059
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>