If the user presses the left arrow when a non-expaned proto tree item is
selected, jump to its parent item as described in the "Main Window
Navigation" section of the User's Guide..
Change-Id: Ie7478a2c292df9a225555f5539d7ba90ab5e132d
Reviewed-on: https://code.wireshark.org/review/25623
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Let's add an expert info, and set offset to the end of the current tvb.
Bug: 14379
Change-Id: Iaccf862c451eef58aaed11b26fceebf26bc2c818
Reviewed-on: https://code.wireshark.org/review/25619
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We explicitly allow the not to, and, for example, Simple Packet Blocks
in pcapng files don't have time stamps.
Change-Id: I6c8921cf092de7831d0a3d6dab8467388f4e6286
Reviewed-on: https://code.wireshark.org/review/25625
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Use "or" instead of a comma for alternate keyboard shortcuts.
Change-Id: I3f2abf63b4c437ca0fe439d91dfac44e24d9d8e5
Reviewed-on: https://code.wireshark.org/review/25624
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Not all do, so test the preference bits for them.
Change-Id: I62976f5d17de3611c4d2f9eb64a0763c0b698c8d
Reviewed-on: https://code.wireshark.org/review/25618
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Not everything wtap_read() returns is a packet.
Change-Id: I3784bbfa308da52f4c55db2a90f9b55f8bfbb2ef
Reviewed-on: https://code.wireshark.org/review/25617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
fixed an offset error for mqmo in gmo
Added value in comment when defining val_str
Change-Id: Ie29f65f96d2ffb96c0cc0623346432f1f8380168
Reviewed-on: https://code.wireshark.org/review/25604
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add support for collection commands
* SET/GET manifest
* DCP changes (mutation/deletion/system_event)
Add support for DCP delete_time, a new format for DCP deletion
Change-Id: Iec2000a40da37dcb1edf665a157dc7ab30d4c9d0
Reviewed-on: https://code.wireshark.org/review/25612
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The added comment only explains what the cause of the problem is,
and the subsequent workaround, without going into how this could be
properly addressed. Add some lines to add that information.
Change-Id: I74e4df0e0c4b41fe8d52d9abf2d15335d2b327d6
Reviewed-on: https://code.wireshark.org/review/25614
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Convert some passthrough XML comments left over from the DocBook →
AsciiDoc conversion to AsciiDoc / Asciidoctor comments.
Change-Id: Iaf44bcf0b8a3a383e735b2b4394722cbbb2bdff3
Reviewed-on: https://code.wireshark.org/review/25615
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Connect our recent file status signal using a Qt::QueuedConnection
instead of a Qt::BlockingQueuedConnection. As described at
https://woboq.com/blog/how-qt-signals-slots-work-part3-queuedconnection.html,
QueuedConnection makes a copy of the argument list while
BlockingQueuedConnection passess the list directly.
This fixes what appears to be a false positive reported by
ThreadSanitizer. Cross-thread signals are protected by a QMutex, but
qmutex_mac.cpp in the Qt5 sources uses a Mach semaphore. The
ThreadSanitizer manual says it supports pthread mutexes and compiler
atomic operations but doesn't mention Mach semaphores.
Change-Id: Icb8a63d7d0bdfe985ab8274757043ef45ae4bcde
Reviewed-on: https://code.wireshark.org/review/25576
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some blocks should be returned by wtap_read(), others are just processed
internally. Add a Boolean flag to wtapng_block_t, have the routines
that read particular block types set it appropriately, and have the read
and seek-read routines check that flag rather than checking for the
block types that should be returned. Pass a pointer to the
wtapng_block_t to packet type plugin read routines, rather than passing
it some members of the wtapng_block_t.
This means that 1) for new block types, we don't have to update any
tests and 2) plugin handlers for block types can indicate whether they
processed the block internally and the caller shouldn't see it or 2) the
block should be provided to the caller.
Bug: 14388
Change-Id: Iccc2031a277f55c7fa8b4f692c776b482b792b4f
Reviewed-on: https://code.wireshark.org/review/25609
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It either returns "OK" or "fail", so we might as well make it a Boolean.
While we're at it, in pcapng_open(), handle EOF/short read and "invalid
file" errors when trying to read the first block differently; for the
first of those, we don't need to free *err_info, and this may be a bit
safer in case *err_info didn't happen to be set to NULL somewhere along
the line.
Change-Id: If8135624e3efb7838dceeb28e30e5c8c4b064786
Reviewed-on: https://code.wireshark.org/review/25608
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It either returns "OK" or "fail", so we might as well make it a Boolean,
just as is the case with read routines for other block types.
Update some comments while we're at it.
Change-Id: I40b378d4e3c3cfb96687298b22a6f8f9f78d9240
Reviewed-on: https://code.wireshark.org/review/25607
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Switch from AsciiDoc's smart quotes markup to the quotes themselves. Use
double curly quotes in place of singles.
Switch from XML entities to their direct equivalents where we can.
Switch from hex entities to decimal entities where we can't or it's not
convenient. (Asciidoctor PDF doesn't yet handle hex entities).
Change-Id: Iaf5ec33249e1c91b3d50b5d96251763243b72836
Reviewed-on: https://code.wireshark.org/review/25606
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If it's either going to be -1 or 1, and any value > 0 is "valid but
empty", that's just a Boolean, with -1 corresponding to false and 1
corresponding to true. Make it so.
Change-Id: Ib7418fe7573b5d2cd1e2ef5de601c0262c8d9de1
Reviewed-on: https://code.wireshark.org/review/25605
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Check for "is an error" rather than "isn't OK".
Change-Id: Ib8f4ac44f70d71ff44658801e01807344032dd60
Reviewed-on: https://code.wireshark.org/review/25603
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A short read isn't a clear error when you don't have a magic number and
are doing "does this look somewhat like a file of this type" test, it's
probably an indication that it's *not* a file of that type.
Change-Id: Iab2f32e7d169a777c50a36958eeb4e82a3809227
Reviewed-on: https://code.wireshark.org/review/25602
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Start using markup that is preferred by Asciidoctor but compatible with
both generators.
Add a missing "cpp" attribute and set a couple of Asciidoctor-specific
compatibility attributes.
Change-Id: Iff4c31362e4493b97a85f46db2c39b18c336536f
Reviewed-on: https://code.wireshark.org/review/25600
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Have pcapng_read_section_header_block(),
pcapng_read_section_header_block(), and pcapng_read_block() just return
errors when they get errors or get a non-SHB block; let pcap_open() turn
EOF, short read, and "bad file" into "not a pcapng file" rather than
"read error".
Change-Id: If018d21ffe3de3fe7eb1f8f2973f80f685c89274
Reviewed-on: https://code.wireshark.org/review/25601
Reviewed-by: Guy Harris <guy@alum.mit.edu>
These binaries are not intended for end-users.
Change-Id: I1e1ecd7424bbbe1b2935390e2daf7e3f1089ee28
Reviewed-on: https://code.wireshark.org/review/25594
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Found during fuzz test that the get_mq_pdu_len can return
a 0 length pdu. Fix to at least return tvb_reported_length_remaining
Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
Reviewed-on: https://code.wireshark.org/review/25574
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - to get it in host byte order, fetch it with
pntoh32(), which fetches a 32-bit value that's in network byte order,
and isn't necessarily aligned on any particular boundary, and returns it
in host byte order.
Change-Id: Ic512ab4b1e0f2815d9f0af0e33714f456a08a45d
Reviewed-on: https://code.wireshark.org/review/25589
Reviewed-by: Guy Harris <guy@alum.mit.edu>
There are events, there are reports, and there are "here's metadata that
doesn't correspond to something that happened at this point in the
capture"; IDBs and NRBs are the third type.
Change-Id: I89e4f9bf51dc1be5766e8df61c6337ed3e484577
Reviewed-on: https://code.wireshark.org/review/25587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This removes any knowledge of plugin types from
cmake/modules/WiresharkPlugin.cmake, so that it doesn't have to be
changed if we add a new plugin type. Revert to the second argument to
add_plugin_library() and install_plugin() being the subfolder.
Change-Id: I668ab90b28c73a8b12ca8e3e906b8de2f9395ca5
Reviewed-on: https://code.wireshark.org/review/25585
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way we don't have to change the script if we add new plugin
subdirectories.
Change-Id: Ic788807c723306e461b7c1f8721b48a46d4fff96
Reviewed-on: https://code.wireshark.org/review/25584
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't allow overriding of the block types we support in libwiretap - it
won't work anyway, as we check for those types first, and only look for
plugins for types we don't support.
Don't allow registering for any of the reserved types; if you aren't
going to use a local type, you have to get your type registered.
We *do* allow registering plugins for types that are registered but that
we don't support natively.
Change-Id: I2046d297b0503d3a77c83166b07ca226c0b18e82
Reviewed-on: https://code.wireshark.org/review/25583
Reviewed-by: Guy Harris <guy@alum.mit.edu>
And also indicate that perhaps the right solution was just to close the
CID as a false positive, as Coverity doesn't have a deep enough
understanding of libnl to know that the loop isn't guaranteed to be
infinite.
Change-Id: Ieb0651c803a5939fb54f2bc68bdf8c5485dafaf2
Reviewed-on: https://code.wireshark.org/review/25582
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The data for an address is *not* guaranteed to be aligned on any
particular boundary, so, for IPv4 addresses, don't assume it's aligned
on a 32-bit boundary - copy it with memcpy() and use the result of the
copy.
For IPv6 addresses, cast the data pointer to a pointer to a *const*
ws_in6_addr, so we don't throw away constness.
Change-Id: I0e00263f594d7778c3bd9b98e4336cb201c1f3d5
Reviewed-on: https://code.wireshark.org/review/25580
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the second argument to add_plugin_library() and install_plugin() be
a plugin type - currently, either "epan" or "wiretap" - and, based on
its value, set the subfolder and required libraries in
add_plugin_library() and the subfolder in install_plugin(). If it's not
one of the known values, fail.
Change-Id: I556863772c59330d2854fbb4673f544f8359dcd2
Reviewed-on: https://code.wireshark.org/review/25579
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We now have "epan" and "wiretap" subdirectories of the plugin directory,
with the first containing libwireshark plugins and the second containing
libwiretap plugins. Look for plugins in those directories, rather than
in the top-level plugin directory.
Bug: 14389
Change-Id: Ia3bd4d27e82215207e7a7dcfc8f91042bbc61737
Reviewed-on: https://code.wireshark.org/review/25577
Reviewed-by: Guy Harris <guy@alum.mit.edu>
dmp_long_id_hash_table is wmem_map autoreset on file scope.
Don't put there g_strdup() data.
Valgrind log:
==15134== 8 bytes in 2 blocks are definitely lost in loss record 3,988 of 49,961
==15134== at 0x4C29C4F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15134== by 0xA94E405: g_malloc (gmem.c:97)
==15134== by 0xA966C4E: g_strdup (gstrfuncs.c:356)
==15134== by 0x6CFC301: dissect_mts_identifier (packet-dmp.c:2684)
==15134== by 0x6D01A8F: dissect_dmp_envelope (packet-dmp.c:2935)
==15134== by 0x6D01A8F: dissect_dmp (packet-dmp.c:3909)
Found by oss-fuzz.
Change-Id: I7c3896a9b64c25035fbe8b4ef6130cd693a515db
Reviewed-on: https://code.wireshark.org/review/25575
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
See Volume 9, version 1.2, sections "6-2.7.1.1" and "7-1.1"
1. Pass Connection Point from FwdOpen to Motion dissector, since that is now needed to parse I/O payload.
2. Move Run/Idle Header function to CIP dissector, since it's a CIP feature, not ENIP.
3. Add a protocol so that Format Revision 3 can be dissected without the Forward Open in the capture.
4. Minor: Highlight more bytes in some EPATH parsing.
5. Minor: Renaming some things to match spec wording.
Change-Id: I93626a6492be2675206d38c04fa1c7ce534c04ca
Reviewed-on: https://code.wireshark.org/review/25570
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
QStrings are implictly shared as described at
http://doc.qt.io/qt-5/implicit-sharing.html. This is normally useful,
but RecentFileStatus is passed a QString before it does its work in a
separate thread.
Make a deep copy of the filename in order to ensure local ownership and
to avoid having to fool around with a QMutex (which might not be
recognized by ThreadSanitizer[1] or Helgrind[2]).
Remove getFilename since it was unused.
[1] https://github.com/google/sanitizers/issues/460
[2] http://valgrind.org/docs/manual/hg-manual.html
Change-Id: I5b5c329505ed8c02d30043a2a6d1ded625924b9f
Reviewed-on: https://code.wireshark.org/review/25572
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Valgrind report:
==642== 14 bytes in 1 blocks are definitely lost in loss record 5,705 of 49,814
==642== by 0xA966DCC: g_strdup_vprintf (gstrfuncs.c:507)
==642== by 0xA966E88: g_strdup_printf (gstrfuncs.c:533)
==642== by 0x6D523F4: dissect_object_mapping (packet-epl.c:4216)
==642== by 0x6D56394: dissect_epl_sdo_command (packet-epl.c:3862)
==642== by 0x6D56394: dissect_epl_asnd_sdo (packet-epl.c:3572)
==642== by 0x6D59BC5: dissect_epl_asnd (packet-epl.c:3053)
==642== by 0x6D59BC5: dissect_eplpdu.part.21 (packet-epl.c:2627)
Found by oss-fuzz/5907.
Change-Id: I6f4d2cea761581260af396c848ab1fded5641b44
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5907
Reviewed-on: https://code.wireshark.org/review/25573
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Avoid turning off actionGoAutoScroll when going to the first packet
when starting a new capture.
Bug: 14257
Change-Id: I676139696cf4917b779c5fd390d7a22fb373a6b5
Reviewed-on: https://code.wireshark.org/review/25568
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
We've added more fields, increment the pre-allocation amount.
Change-Id: Ia5f1aab7a2fa120049162d17a63f99bf21a3fe37
Reviewed-on: https://code.wireshark.org/review/25566
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When debugging with at least Xcode the AUTHORS file is missing,
so ensure we don't divide by zero when this happens.
Change-Id: Idd7cdf8137998c872f80108662fbb8a133110af2
Reviewed-on: https://code.wireshark.org/review/25567
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>