don't create an expert info under if (tree)
Change-Id: I2c8f90483c434d708a97b621621ca123fc505edc
Reviewed-on: https://code.wireshark.org/review/10319
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
If a pcapng Name Resolution Block has options, they should not screw up the
pcapng reader and cause it to fail to read the file.
Bug: 11485
Change-Id: Ic27cba937b6d93a3d9ed92522ed6b39ae2daeb8f
Reviewed-on: https://code.wireshark.org/review/10307
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
RFC 6282 specifies special handling of the "Length" field in compressed
IPv6 extension headers. However, the Fragment Header does not have a
Length field, so this special handling does not apply - the second octet
should be treated as opaque data, and the header length is always 8
octets.
Bug: 11368
Change-Id: I28fcd66d96f58a5959bb669caf4244afaca9e67e
Reviewed-on: https://code.wireshark.org/review/10231
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Per the spec, it's always encoded in network order (4 separate bytes), and
thus should not be swapped on read.
Bug: 11484
Change-Id: I6a650896b324f42bfd2e05759c84e87ace733372
Reviewed-on: https://code.wireshark.org/review/10304
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
An IDB snaplen of 0 means no limit, so a Simple Packet Block's capture
length should be the same as its encoded packet length in such a case.
Bug: 11483
Change-Id: I8856d6c6a669a0048ea64b3adbd23c37a598431d
Reviewed-on: https://code.wireshark.org/review/10303
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
In CapturePreferencesFrame::updateWidgets() save and restore the default
capture device name because the first call (and only the first call) in
the loop with addItem() triggers on_defaultInterfaceComboBox_editTextChanged()
which unconditionally sets the default name as the first non-hidden device.
Bug: 10965
Change-Id: Ie93f84010a19e8144efa46ce889fb9064979e0e9
Reviewed-on: https://code.wireshark.org/review/9584
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
*Especially* don't stuff the amount of remaining data in a block into an
int that will then be passed to file_skip() as an amount to skip ahead,
as a Really Large Value will turn into a negative value and produce
various forms of bizarre and tricky-to-debug behavior.
Change-Id: I4d0a6b36fe50df84925690ad688a3ab0433ceb17
Reviewed-on: https://code.wireshark.org/review/10299
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Our event loop is nested when we read packets. Disable the main window's
central widget while we're retapping packets in order to minimize the
chance of ending up in an unexpected state while analyzing packets.
Note that we will probably want to disable more of the main window and
do so in other parts of the code.
Change-Id: I68a00fe43d2ac9e7c0749751abd1c10c47155b3b
Reviewed-on: https://code.wireshark.org/review/10293
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
That way, when we check for read errors, we don't run the risk of
thinking we have a read error after we get a write error.
Change-Id: Idb79822d30989b2529433878798c577a76eacca7
Reviewed-on: https://code.wireshark.org/review/10295
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the user applies a display filter in TapParameterDialog we're about
to start tapping. We need to set the display filter in the main window
but we shouldn't apply it.
Change-Id: I08bed5c7f470f1dbf32817a7d999f09d2c52f168
Reviewed-on: https://code.wireshark.org/review/10287
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
I now read 8.2.4.1.10 "Order field" in 802.11-2012 as saying that, in
management and QoS data frames, the Order bit shouldn't be set for
non-HT, non-VHT frames, so we can just test it for those frame types
without bothering to check the radio metadata to see if the frame is an
HT or VHT frame.
This handles cases where the radio metadata isn't complete, e.g. an HT
frame with a radiotap header but no MCS field.
Handle this for *all* QoS data frames when capturing.
Get rid of the "fixed-length link-layer header" stuff; it's not being
used.
Fix a case where we're appending text to a tree item without a space
separating it from the previous text.
Bug: 11351
Change-Id: I980f5b7509603b0c22c297fddc19434c08817913
Reviewed-on: https://code.wireshark.org/review/10288
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't treat an EOF at the beginning of a frame as an error.
Treat I/O errors as hard errors; treat short reads as an indication that
the file isn't an MPEG-2 Transport Stream file.
Treat the PCR for a given PID not going forward as an indication that
the file isn't an MPEG-2 Transport Stream file.
Bug: 11471
Change-Id: I42b5887049423f8265db9d121d7b5bd388e5b244
Reviewed-on: https://code.wireshark.org/review/10286
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not retrieve type and code base on the info column content.
Instead store type and code in pinfo structure and retrieve them in sequence analysis tap.
Change-Id: I71cd505d7faf713c2372731495d47b45928a41f8
Reviewed-on: https://code.wireshark.org/review/10280
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Artho <pascalartho@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
The GTK+ UI sequentially dissects and caches column strings for all rows
before sorting a column. Do the same in the Qt UI, which can improve
performance considerably.
Don't colorize packets when sorting in the Qt UI unless it's necessary.
When sorting in the Qt UI, let the user cancel the initial packet
dissection. Note that we'll need to replace std::sort in order to
cancel out of sorting.
Use a pre-allocated and pre-compiled GRexex when we prime columns. Note
that we probably shouldn't parse a regular expression there.
Cache the last result of proto_registrar_get_byname.
Note performance hot spots elsewhere in the code.
To do:
GeoIP in packet-ip.c is pretty slow.
Bug: 11467
Change-Id: Ib34038fee08ef0319261faeffc4eca01e52f4bd3
Reviewed-on: https://code.wireshark.org/review/10275
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Disable the main file close and reload actions while we're retapping,
otherwise many of our dialogs will crash.
Disable the TapParameterDialog filter entry while we're retapping. This
keeps us from enabling the "Apply" button when we shouldn't.
Don't prematurely disconnect our signals in WiresharkDialog.
Change-Id: Iaf507eb4503b9c296766f109f2b8c71343263982
Reviewed-on: https://code.wireshark.org/review/10274
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: I066b70cfd58f5fb3ffbcb2e238416747d9e7dd57
Reviewed-on: https://code.wireshark.org/review/10269
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This patch enables validation of response authenticator messages when
the shared secret is known.
The validation can be activated in the preferences.
It implements the validation protocol described in RFC 2865 page 16: Response Authenticator.
When an authenticator is invalid, the information is added in the header information.
It adds two flags for the display filter : radius.authenticator.valid and
radius.authenticator.invalid: since verification is not always possible we use
two flags to determine if the verification has been made or not, in the same way as
udp and tcp checksum validation is implemented.
The Authenticator field becomes a tree, and the value of the flags are visible in
this tree.
Change-Id: I33a664f2265c6248e106cee7904c754089d50445
Reviewed-on: https://code.wireshark.org/review/10216
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The remaining calls seem to fall into 3 categories:
1. passing it to tvb_find_line_end when -1 (for length) will do.
2. duplicating the checking of tvb_reported_length_remaining, which is already in use near the tvb_ensure_length_remaining call.
3. Those that (probably) need tvb_ensure_capture_length_remaining
Change-Id: I1e77695251e055644bcbbb89f3c181c65d1671ca
Reviewed-on: https://code.wireshark.org/review/10268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Emitting PacketDissectionChanged from a dialog on can render the main
window unusable on OS X. A workaround for this was added to the
preferences dialog in g8fc2327. Generalize the workaround and use it
elsewhere.
Fix the "Enabled Protocols" action name while we're here.
Bug: 11361
Bug: 11448
Change-Id: I89e98daaaedc877d3b13b0d33b6f3be033e323d7
Reviewed-on: https://code.wireshark.org/review/10271
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The check for Alcatel extensions in bootp/dhcp packets is very weak,
resulting in some false positives. Then when trying to parse the
suboptions, the result is an error on the packet.
This change eliminates some false positives by adding a test that the
vendor-specific option contents match the encapsulated format described
in section 8.4 of RFC2132.
Change-Id: Ie4188ff900426c2d80a5694fbba5c88385625a61
Reviewed-on: https://code.wireshark.org/review/10267
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Add cf_cb_file_retap_started and cf_cb_file_retap_finished to file.[ch].
Add their associated signals to CaptureFile.
Add registerTapListener and removeTapListeners to WiresharkDialog, which
collect and automatically remove tap listeners. Add beginRetapPackets
and endRetapPackets, which can be used to wrap critical sections so that
we don't delete ourselves while tapping. Don't cancel tapping on close
in WiresharkDialog.
Use beginRetapPackets and endRetapPackets in WiresharkDialog and
FollowStreamDialog. We will likely need to add them elsewhere.
Update comments.
Change-Id: I1788a6ade0817c31aa3419216df96be5e36b2178
Reviewed-on: https://code.wireshark.org/review/10261
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add ProgressFame::addToButtonBox, which violates the UX guidelines on
every platform we support by inserting a ProgressFrame into a
QDialogButtonBox.
Call addToButtonBox in the constructors of a bunch of dialogs.
Change-Id: I33ac5fd7a976ee6e0527de569a5c4b528980dae1
Reviewed-on: https://code.wireshark.org/review/10242
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
When parsing TDLS direct link packets the ToDS: 0 and FromDS:0
so the wireshark treats the 4th bit in QoS Control as "bit4", but it
should be treated as EOSP.
So changed the default case to EOSP and only when TODS is set
treat it as "bit4".
Change-Id: Ie2a73320dc9921aed4547e32836e6cd7d89ef109
Reviewed-on: https://code.wireshark.org/review/10250
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It wasn't working on my system: I kept seeing the old git revision
in '...shark -v' even after deleting version.h
Change-Id: I75f41a7afcee4b9384f33a56014e4af6b527fec5
Reviewed-on: https://code.wireshark.org/review/10265
Petri-Dish: Jörg Mayer <jmayer@loplof.de>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>