Make the output of "tshark -Tjson --no-duplicate-keys" more useful.
Note: connection information is only available under the first QUIC item
to avoid duplication of information.
Bug: 13881
Change-Id: I5e25b1f3936e259d621002151f4d76a3538c9aa4
Reviewed-on: https://code.wireshark.org/review/31817
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
fix warning found with clang and -Wdocumentation CFLAG
Change-Id: I9fc122012161c5942c08cb90a9aeda1da6185180
Reviewed-on: https://code.wireshark.org/review/31808
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide a way to retrieve key URIs ("pkcs11:" and in the future maybe
"system:") and validate the PIN/password for such keys. Additionally
permit validation of a RSA key file.
This will be used for the RSA Keys GUI dialog.
Change-Id: I4177a11cb9f4758d7564daae509e20a4a42623fa
Reviewed-on: https://code.wireshark.org/review/31794
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A commoly used convention when adding more then 1 protocols in
COL_PROTOCOL (using col_set_fence) is to separate them using the
'/' character. Some dissectors use ' ', others use '|'. Make them
all use '/'.
Change-Id: Ibcddd7500f637d96313b264122d48ac6bff1e96c
Reviewed-on: https://code.wireshark.org/review/31804
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In some functions the file showed
<ret_type><TAB><func name>
while in others
<ret_type><SPACE><func name>
All prototypes aligned to use the latter.
Change-Id: I47163824c9ae629c84df6d795192353eed5d5cca
Reviewed-on: https://code.wireshark.org/review/31803
Reviewed-by: Anders Broman <a.broman58@gmail.com>
One reason to use Wireshark is to diagnose protocol errors, so don't,
for example, treat too-short packets, in a TCP connection where we've
already seen rpcap packets, as not being rpcap packets. (Yes, that *is*
a bug, in the libpcap master, that I found and fixed.)
Change-Id: I9a81e5b9a2910331574164395302247a446e805b
Reviewed-on: https://code.wireshark.org/review/31809
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No need to allocate pointers for subtree indexes.
Change-Id: Ia1214e42d8220341454e1126878c217835788797
Reviewed-on: https://code.wireshark.org/review/31776
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The subtree indexes are only used in the dissector so it's not
needed to defer the deletion.
Change-Id: I33600897a186c078cc1021cde5a1d90054d475c8
Reviewed-on: https://code.wireshark.org/review/31800
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Free allocated strings before allocating new and in free callback.
Change-Id: If7bd0ee8455cf3c3e0c6300ce79e20557256eb8e
Reviewed-on: https://code.wireshark.org/review/31773
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The Unicast Schedule IE (US-IE) and Broadcast Schedule IE (BS-IS) may
define an explicit channel plan with the following fields in the channel
information fields:
24-bits - channel 0 frequency in kHz (little endian byte-order),
4-bits - channel spacing enumeration,
4-bits - reserved (must be set to 0), and
2-bytes - number of channels
Bug: 15451
Change-Id: If6923faca777343e17b0cb9012bb07d98b9bc194
Reviewed-on: https://code.wireshark.org/review/31745
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add missing group values. Update regex to match TELEPHONY_MTP3.
Change-Id: I709a416e30d79c2de69887548015a3c1ecfe5bab
Reviewed-on: https://code.wireshark.org/review/31779
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Put the function name in quotes.
Change-Id: I09be392a9bac3b56c13b82a554d17ea29695657c
Reviewed-on: https://code.wireshark.org/review/31790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
I guess "s" in "The function s" was supposed to be "%s", giving the
function name. Make it so, and properly fetch the function name.
Change-Id: I67287f24626fa0a2816fb2cf574e5d9ff58713bf
Reviewed-on: https://code.wireshark.org/review/31787
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This should be changed so that ieee1609dot2 is called with a struct as
data containing the psid. If needed it can be stored in actx->private
data.
Change-Id: Iccef08a93fd090eb586401b2999684eee2afb382
Reviewed-on: https://code.wireshark.org/review/31775
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
4 digits values could overflow the destination buffer. Skip them
since they're invalid and can only from tainted data.
Bug: 15447
Change-Id: Ice6d4f144597499483160ecaa63702025ab86f61
Reviewed-on: https://code.wireshark.org/review/31751
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The filename is included in the error message from Lua so we don't
need to display this twice.
Change-Id: I00aa7255ff24b07b9f45a8e814a97b61c35936e1
Reviewed-on: https://code.wireshark.org/review/31768
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If a display filter contains a set for the set membership operator and
an error occurs, then gen_relation_in() (called via dfw_gencode() will
not take ownership of the set and a memory leak occurs.
Fix this by implementing a free callback for STTYPE_SET nodes which
frees unclaimed data. Add tests to verify the effectiveness, ASAN no
longer complains after this fix.
Bug: 15442
Change-Id: If37cf047660464b2d0304748034d0bc22111e5d6
Reviewed-on: https://code.wireshark.org/review/31758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A display filter can contain values such as strings, numbers, etc. These
are internally stored in a fvalue_t structure. While compiling a display
filter, it will store a fvalue_t in a node of type STTYPE_FVALUE.
These nodes are created while parsing the dfilter in dfilter_compile().
If the semantic check and conversion (dfw_semcheck()) succeeds, it will
transfer the values of the parsed tree to dfw_gencode(). After that,
dfwork_free will dispose the tree while a compiled dfilter code remains.
When the dfilter code is destroyed, it will free the values too.
However, when dfw_semcheck() fails (for example, due to an illegal
filter such as "len(badname)==1"), it will skip "dfw_gencode()" and
consequently the fvalue data is not transferred nor freed. Fix this by
always freeing the data (unless the data was stolen by dfw_gencode()).
Fixes a memory leak reported for case_dfunction_string::test_fail_2
which was detected by ASAN.
Bug: 15442
Change-Id: I9b1cb613659890c8ddcfa57f11f9d3f61a51a3f9
Reviewed-on: https://code.wireshark.org/review/31757
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Error messages without a stack trace are rather hard to debug for more
complex Lua dissectors. Be sure to append one, it will look like this:
tshark: Lua: Error during loading:
/tmp/kdnet/kdnet.lua:13: bad argument #3 to 'proto_field_constructor' (Display must be either base.NONE, base.DOT, base.DASH, base.COLON or base.SPACE)
stack traceback:
[C]: in function 'proto_field_constructor'
/tmp/kdnet/kdnet.lua:13: in function 'add_field'
/tmp/kdnet/kdnet.lua:35: in function 'add_fields'
/tmp/kdnet/kdnet.lua:242: in main chunk
It would be nice to reuse the error handler for dissector calls as well,
but I am not sure whether this works with absolute indices which are
used almost everywhere in wslua.
Change-Id: I89b2dcd360fce3865e1bf052b9fe03e888aae167
Reviewed-on: https://code.wireshark.org/review/31763
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The loop to remove all matching callbacks was skipping every second
entry which would give some leaks when reloading Lua plugins.
Add funnel_cleanup() to be called in epan_cleanup() at shutdown
to remove all allocated menu entries.
Change-Id: I3a50ba2070c8675fee1385f25e9e109db57c2dc5
Reviewed-on: https://code.wireshark.org/review/31769
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
That would prevent subsequent protocols to clear it, resulting in multiple
definitions in that column.
An example is NFS as next protocol. When contains multiple NFS operations,
COL_PROTOCOL contains NFSNFSNFS...
Bug: 15443
Change-Id: Idf9469873164160dc4795589c61c342ce019521b
Reviewed-on: https://code.wireshark.org/review/31755
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Fixed issue with incorrect item end being set for the
grouping header if it includes a KA certificate.
Length was subtracted first (set to 0) and therefor the
offset would remain unchanged.
Change-Id: I23ab1620613af821ee5a41fc29b83e6d4b08430e
Reviewed-on: https://code.wireshark.org/review/31764
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The Colmetadata handling for TEXT, NTEXT, and IMAGE types was incorrect for
TDS 7 versions before TDS 7.2. In addition, the macros using for testing
versions were incorrect.
Clean up max length display to agree with Microsoft specification (as best
as I can understand it).
Bug: 3098
Change-Id: I8254649fd3de97c103078ceaac1557fde3569ded
Reviewed-on: https://code.wireshark.org/review/31734
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Moved FabricInfoRecord ett to right location.
Change-Id: I97dd540e9929126648a0c690f54f2caa88838365
Signed-off-by: Goldman, Adam <adam.goldman@intel.com>
Reviewed-on: https://code.wireshark.org/review/31716
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The single byte within the ZWP could be retransmitted with the next
segment, this is perfectly acceptable behavior. Do not flag these new
segments as retransmissions or Out-Of-Order.
Bug: 15427
Change-Id: I76db2b7a2b684c8c78fa24c9c4b457e1833d12b7
Reviewed-on: https://code.wireshark.org/review/31731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fixes memory leaks reported by ASAN for the test_wslua_pinfo test.
Change-Id: Id7e79e63559db1e7f8b27d566048eab9268d9237
Reviewed-on: https://code.wireshark.org/review/31754
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a ProtoField object was created, but not linked to a Proto, then some
fields (name, abbrev, blob) could leak. Fixes ASAN test failures for
four wslua tests.
Change-Id: I570ea154153b505ba81edb2bbf538e6dc1438728
Reviewed-on: https://code.wireshark.org/review/31750
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Proto objects were only freed while reloading Lua plugins, be sure to
release these on program exit too. Fix missing deallocation of heur_list
(matches per-protocol cleanup in proto_cleanup_base).
Be sure to keep a reference to the "Pref" object after registering it to
a Proto, otherwise it could be garbage-collected early, resulting in
memleaks (because the preference was still in use).
Fixes a lot of memory leaks reported by ASAN for tests, ten tests were
affected by Proto_new leaks, four were affected by the new_pref leaks.
Change-Id: Ica52718849a33eda614775f533dc0fcefec9cc74
Reviewed-on: https://code.wireshark.org/review/31746
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Change the "Field" type to actually point to a structure. Do not cheat
and overload the pointer to mean "char*" in one context, and
"header_field_info*" in another. It was very confusing.
Implement Field__gc to free the Field structure that was allocated in
Field_new. This fixes the memory leak in Field_new.
Now the test_wslua_field test passes when executed with ASAN and a bunch
of other wslua tests also improve.
Change-Id: Ibc4318b76bb893151fd40c3fbc595402fba7a60a
Reviewed-on: https://code.wireshark.org/review/31743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
luaL_optinteger will raise an error when the argument is an invalid
number. Delay the allocation to avoid a leak. Fixes the
test_wslua_nstime test under ASAN.
Change-Id: I6856fd218897565a60786d820f43192b41d489f2
Reviewed-on: https://code.wireshark.org/review/31744
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fixes leaks of allocations from dissect_key_exch as detected by ASAN
while running the following tests:
test_ikev1_simultaneous
test_ikev1_unencrypted
test_text2pcap_ikev1_certs_pcap
test_ikev1_certs
Change-Id: Ifc102539efadd33d1b9d9921bcdbb35dfd31927f
Fixes: acfe071eb6 ("Add decryption support.")
Reviewed-on: https://code.wireshark.org/review/31740
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Since v2.9.1rc0-528-g31aba351e2, it is clear that wtap file formats
should free earlier comments before writing a new one. Do so.
Fixes leaks reported by ASAN for test_wslua_file_acme_reader.
Change-Id: Iafb643f01f5973f2d3b88f244ee70e8c0c451080
Reviewed-on: https://code.wireshark.org/review/31738
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>