Those routines exist on both Windows and UN*X, but they don't do
anything on UN*X (they could if it were ever necessary).
That eliminates some #ifdefs, and also means that the gory details of
initializing Winsock, including the Winsock version being requested,
are buried in one routine.
The initialization routine returns NULL on success and a pointer to a
g_malloc()ated error message on failure; report the error to the user,
along with a "report this to the Wireshark developers" suggestion.
That means including wsutil/socket.h, which obviates the need to include
some headers for socket APIs, as it includes them for you.
Change-Id: I9327bbf25effbb441e4217edc5354a4d5ab07186
Reviewed-on: https://code.wireshark.org/review/33045
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The MQTT documentation states "The Payload contains the Application
Message that is being published. The content and format of the data
is application specific."
Bug: 15738
Change-Id: Ie9d603049821fd7fe73add675a95245d5f27e0b0
Reviewed-on: https://code.wireshark.org/review/33020
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
It was a bad idea to bring back the border around inactive+selected packet
list items in g009283a6 because it will move the text some pixels down.
Revert this part because we now have support for customize the colors.
Remove the old "style_inactive_selected" handling because it has no effect.
Change-Id: I7599591a957a11d42964f7dc0981411cf3b28b4f
Reviewed-on: https://code.wireshark.org/review/32964
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
We only need to call WSAStartup and WSACleanup once, so do so. If we
encounter an error, report it using win32strerror.
Use win32strerror instead of FormatMessage in cap_open_socket.
Change-Id: I59868d6baecb1dfc98946dc68c2346b79436d2c7
Reviewed-on: https://code.wireshark.org/review/33044
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It prevents format checking; use "%s" as the format string.
Change-Id: Ic05ed64f4b2b6c243f072b0b306e0e06aa1eb3fd
Reviewed-on: https://code.wireshark.org/review/33041
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Generalise Audio Control subclass dissection to include undecoded data
expert info not only when the whole subtype is unknown, but also when
the descriptor was only partially dissected.
Ping-Bug: 15503
Change-Id: Id9d2d9c172e7c649a44290159cb74a9dfaab746c
Reviewed-on: https://code.wireshark.org/review/33037
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Make sure we link each application that calls WSAStartup with ws2_32.lib.
Pass version 2.2 to WSAStartup. Wikipedia says it was introduced in 1996,
so we should be OK.
Ping-Bug: 15711
Change-Id: I431839e930e7c646669af7373789640b5180ec28
Reviewed-on: https://code.wireshark.org/review/33033
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"initial_version" might not contain a valid QUIC version if the initial
packet is used to trigger version negotiation. This was observed with
quiche (on draft -18) which uses 0xbabababa. Change heuristics to detect
the new format instead.
Bug: 13881
Change-Id: I8f1dc466575f37a27ee579a6e3dd38e154c3fa5d
Reviewed-on: https://code.wireshark.org/review/33032
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
In ws_pipe_wait_for_pipe() on Windows, the WaitForMultipleObjects() waits
on the pending pipe connection events and process handle. If the process
handle is signalled, then it means that the process did exit without
connecting to the pipes.
The WaitForMultipleObjects() was not waiting on the process handle and thus
if the process did fail without connecting to pipes the Wireshark gui was
frozen for 30 seconds.
This change fixes the freeze by increasing the number of handles, so
WaitForMultipleObjects() is aware of the process handle.
Change-Id: Id13824a60baf4be7795cbe1d5ed1c7932edbff45
Reviewed-on: https://code.wireshark.org/review/33028
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The libpcap library on Windows can fill error buffer with localized
message obtained from system. The localized message is encoded in active
code page and can contain non-ASCII characters.
Bug: 15715
Change-Id: I7451c6831ae83503ddeb5314e172c76f3dab500e
Reviewed-on: https://code.wireshark.org/review/32993
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The functions loaded from dll are prefixed with "p_".
Use the dll functions where appropriate.
Change-Id: I7cf2c7dc0d04502fa7f922ca2822808bdc02f324
Reviewed-on: https://code.wireshark.org/review/33010
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Do not fully trust the output from neither pkg-config nor pcap-config.
These tools might provide bogus output. Instead, use their outputs as
hints to let CMake find the correct include and (static) library paths.
Correct some variable names (PCAP_STATIC_LIBRARIES and PCAP_INCLUDE_DIRS
*must not* be the result of find_path/find_library) and ensure that an
empty include directory from pkg-config does not result in an empty
PCAP_INCLUDE_DIRS variable that would break the build.
Change-Id: If3de90fb497d8163d92e4fe190a227159f0b6acb
Fixes: v3.1.0rc0-645-gc602119bcf ("Use pkg-config if possible; if not, use pcap-config if present.")
Reviewed-on: https://code.wireshark.org/review/32999
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
First try finding libpcap with pkg-config. If that fails (either because
the system doesn't have pkg-config or because it does but there's no .pc
file for libpcap), check for pcap-config and, if it's present, use that,
otherwise fall back on manually searching for it.
Pick up the code from tcpdump's FindPCAP.cmake.
Change-Id: I87963aaa7cccac0b5cd942f48eb5d08779695f92
Reviewed-on: https://code.wireshark.org/review/32992
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add extra fields to display the components of the layout
nfl_util for the files layout type. These components include
whether the layout is dense or sparse, whether the client
should send the commit to the metadata server or data server
and lastly the stripe unit size.
Change-Id: I8c054c68353eb5bd711b2f95d8dcf74ecc2aab03
Reviewed-on: https://code.wireshark.org/review/32952
Reviewed-by: Anders Broman <a.broman58@gmail.com>
proto.h:853:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
proto.h:866:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
Change-Id: I50a462c7a05f36ba60484980fd8ae9026effc047
Reviewed-on: https://code.wireshark.org/review/32922
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I9b0c6b118b5f866abc969a437bbd9b9a28271bf0
Reviewed-on: https://code.wireshark.org/review/32841
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The easiest way to trigger the crash was to forget the {display=...} in the
extcap config value sentence.
This change fixes the crash by simply ignoring invalid value sentences.
Bug: 15668
Bug: 15728
Change-Id: I2f41682460c3e08fa766046949f013247bc0a846
Reviewed-on: https://code.wireshark.org/review/32984
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When a stream index is explicitly given (as is done for items from the
Conversations statistics dialog), it does not have to query the stream
index from the packet list. Skip checking the packet list then.
Bug: 15672
Change-Id: I3f79e6a0997726535c38f9766b894b042ffbf916
Reviewed-on: https://code.wireshark.org/review/32972
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When extcap is started for capture, the argument call is appended to extcap
commandline if the associated value is not empty or the argument is boolflag.
Unfortunately such rule did not apply when constructing the arguments list
for selector reload action. This could lead to extcap being called with
the argument calls without required values (eg. multicheck, selector, string).
This change makes the --extcap-reload-option selector to not contain argument
calls for which the value is not available.
Bug: 15725
Change-Id: Ic2456c03b3eb7c7525d19e64ea02afd99ed5f6cb
Reviewed-on: https://code.wireshark.org/review/32967
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
IEC 60870-5-101 is the traditional serial version of '104. The headers are different but the ASDU dissection is identical.
Changes made to the '104 dissector to accommodate '101 are as follows:
- Added in a new protocol dissector 'iec60870_101'. This dissector handles the '101 header and calls the ASDU dissector when required.
- The existing '104acpi' dissector has been renamed to 'iec60870_104' to better align with the '101 addition
- The '104asdu' protocol has been renamed to 'iec60870_asdu' in order to make it more generalized between the two variants. Updated variable names and display filter fields as needed.
- 3 preferences exist in the iec60870_101 dissector to allow for configurable length of the COT, ASDU Addr and IOA fields. These are fixed their max length in '104 (2, 2 and 3 octets respectively) but are configurable in '101.
- The ASDU dissector has been modified to accept a data parameter that contains the fixed/configurable lengths of COT, ASDU Addr and IOA fields.
Bug: 15688
Change-Id: Ib0c918a40d24967caa8588067fa9e9a240af4ca5
Reviewed-on: https://code.wireshark.org/review/32802
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When gathering our dependencies, work around an issue with libbrotli's
install name similar to what we do with libssh.
Bug: 15730
Change-Id: I571746848e3343d81c286be66f6fe6510c698d6f
Reviewed-on: https://code.wireshark.org/review/32990
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It looks like PSIDs have a maximum length of 4 bytes. If we encounter an
invalid PSID, add an expert item to the tree and return.
Bug: 15604
Change-Id: I74e45a56bb0322d4ef95f87a5e2a11c32f43f00a
Reviewed-on: https://code.wireshark.org/review/32986
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Creating Job Object named "Local\Wireshark child process cleanup"
results in the job being shared between all Wireshark instances run
within a single session.
When two or more Wireshark instances were running, debug message appeared:
"Could not assign child cleanup process: Access is denied. (5)"
As the child process was not assigned to a job, it was possible that the
child process was still active even after Wireshark did terminate.
This fixes the issue by creating unnamed job object which is not shared.
Change-Id: I59adc2aacff0151802163f155d68cbc8022c1479
Reviewed-on: https://code.wireshark.org/review/32985
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Even though the three route subobjects type values overlap (mostly),
the range for RRO subobjects is not limited by an l-bit. For regular
type values this makes no difference, there is a difference for the
private subobjecs of an RRO. With the restriction on type value in the
code the private subobjects of RRO could never be reached.
Removing the type value limitation for RRO solves this. While at it
remove the superfluous rsvp class check for these high type values.
Change-Id: I63941085919902ab74f4b4b7ea74b2d362512da6
Reviewed-on: https://code.wireshark.org/review/32969
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
It's not used unless we have either zlib or libbrotli, so don't define
it if we have neither of them. This fixes no-zlib/no-libbrotli builds.
Change-Id: I97358c9197a2ab789f85498cc4e40d301ecb792d
Reviewed-on: https://code.wireshark.org/review/32975
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Adding defragmentation of control and access layer messages.
Adding dissection of Friend Update and Heartbeat control messages.
Bug: 15722
Change-Id: Ib6d8899a2d089dfa3b3eee6cd3e5248b8dc26aff
Reviewed-on: https://code.wireshark.org/review/32948
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's what sets {package}_FOUND.
Combine two "do this if zlib was found" blocks.
Change-Id: I55062a11c7ae7e6f32886615a0201df55f700d1e
Reviewed-on: https://code.wireshark.org/review/32974
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If we didn't find zlib, don't look for its version number in zlib.h, and
don't look for inflate() or inflatePrime() in the library.
Trim off some trailing blank lines while we're at it.
Change-Id: I834a9a76928a00cf5e182bd4224ebc91d36d69a4
Reviewed-on: https://code.wireshark.org/review/32973
Reviewed-by: Guy Harris <guy@alum.mit.edu>
RFC7427 describes the Digital Signature Authentication for IKEv2. This
consists of the Signature Hash Algo Notify and a new format of the
authentication data. The Notify was already present. This patch only adds
the capability to parse the new format of the authentication data.
Change-Id: Id1949397c1a2caa9898ecf44ecd580b5417d3343
Signed-off-by: Dr. Lars Voelker <lars-github@larsvoelker.de>
Reviewed-on: https://code.wireshark.org/review/32913
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
On UNIX, when statically built, libxml2 can depends on other libraries
such as lzma. These dependencies are already retrieved through
pkg-config so append them to LIBXML2_LIBRARIES otherwise static build
will fail
Change-Id: I362064969488ec53042aa323eadb54fef026d8a5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-on: https://code.wireshark.org/review/32968
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Lack of handshake reassembly caused Certificate handshake messages to be
reported as "Encrypted Handshake Messages" and broke decryption in some
cases. Fix this by properly tracking handshake fragments and delay
dissection until all fragments are available.
Now when a fragmented Handshake message is found:
* The first fragment will have "(fragmented)" appended to the record
tree item as well as the "Handshake Protocol" item.
* "Reassembled Handshake Message in frame: X" is added for fragments.
* The last reassembled handshake message will be displayed together with
a fragment list.
Note: Previously, handshake records with a message length larger than
the available data was assumed to be encrypted. This restriction had to
be lifted, but can now cause false positives (reporting encrypted data
as unencrypted handshake fragments).
The provided capture is not minimal but should be comprehensive as it is
generated with randomly sized TLS record and TCP segment lengths using
`./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and
https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py
(A copy of this script is attached to bug 3303.)
Bug: 3303
Bug: 15537
Bug: 15625
Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764
Reviewed-on: https://code.wireshark.org/review/32857
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
On UNIX, when statically built, pcap can depends on other libraries such
as -lnl-3. Add a call to pkg-config to find them and append them to
PCAP_LIBRARIES (and so to CMAKE_REQUIRED_LIBRARIES) otherwise all
check_function_exists calls will fail
Change-Id: I98361c05553738d015310fae76c17dfc08e131ff
Ping-Bug: 15713
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-on: https://code.wireshark.org/review/32946
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When reading the keyring xml file stop reading the name early enough
not to overrun the name buffer.
Change-Id: Ia98ddcd37b17e9865e24ef53a9146d85af1ae30f
Reviewed-on: https://code.wireshark.org/review/32954
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>