Set all addresses before we do reassembly because sub-dissectors may set
their own addresses, and we don't want to override them again.
This fixes "Follow TCP Stream" and shows the correct IP addresses in the
Source and Destination columns when transporting IP packets.
Allocate the addresses in pinfo pool to avoid possible stack buffer overflow.
Bug: 13230
Change-Id: I3b81ccb02b38331add4773d9bb3d5e0f6dcf025e
Reviewed-on: https://code.wireshark.org/review/19201
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The protocol is actually nearly identical to ordinary Diffie-Hellman,
but the names are different, and the ephemeral keys are bytestrings
rather than integers.
Change-Id: I261b6426137dae12fe53686e74517080abd80bb3
Reviewed-on: https://code.wireshark.org/review/19210
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Parse the communication bits of a BGP Cease NOTIFICATION:
Border Gateway Protocol - NOTIFICATION Message
Marker: ffffffffffffffffffffffffffffffff
Length: 146
Type: NOTIFICATION Message (3)
Major error Code: Cease (6)
Minor error Code (Cease): Administratively Shutdown (2)
BGP Shutdown Communication Length: 124
Shutdown Communication: NTT will perform maintenance on this router. This is tracked in TICKET-1-24824294. Contact noc@ntt.net for more information.
Draft at https://tools.ietf.org/html/draft-ietf-idr-shutdown-01, sample
file taken from from http://instituut.net/~job/shutdown.pcap
Change-Id: I2ab633883cc69e560ff79cb6239e02fcffd71e10
Reviewed-on: https://code.wireshark.org/review/19144
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add "LE Set Extended Advertising Parameters" and
"LE Set Extended Advertising Parameters" commands parsing.
Change-Id: Ibcc9f145694e54710da3a11ade237f7132674366
Reviewed-on: https://code.wireshark.org/review/19234
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add plugin to autofoo and CMake build systems and fix errors found
Add plugin to Windows installer (optional component activated by default)
Change-Id: Id1b777bdee04e53076b3291f6fb68d5abad6985d
Reviewed-on: https://code.wireshark.org/review/19228
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Commit 66549a9cac added 3 new entries to
wka.tmpl, but used spaces instead of the default tab separator. This
inconsistency causes external tools that expect tabs in the manuf file
to behave unexpectedly.
The manuf file was re-generated after the fix to wka.tmpl.
Change-Id: I79bceac649e0fc29b3502fc2e074dcd513f29ff5
Reviewed-on: https://code.wireshark.org/review/19217
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissectors above infiniband (such as RPC dissector)
performs exact lookup on saddr, daddr, sport, dport. They are unaware
that underlying transport is infiniband which doesn't have src_qp in
packets. Due to which srcport remains uninitialized and exact lookup
fails.
In order to get them work seemlessly, this fix updates the sport
to src_qp (similar to destport to dest_qp). With this upper level
dissectors can perform direct lookup similar to TCP. Those which need to
access private data of unidirectional CM messages, can still continue to
perform unidirectional lookup as before.
It also fixes the issue where req_qp and resp_qp were swapped during
bidirectional conversation creation. This was caught during testing with
packet-rpc.c by Chuck Lever.
Tested protocols:
1. nfs-rdma over Infiniband with trace of Bug 13213
2. ICMP packets over Infiniband
3. NVMe fabrics over RDMA
Tested with trace of Bug 13201 for Nvme.
Bug: 13202
Bug: 13213
Change-Id: Ica1b6aae3ccaa6642dc3b3edfa9a5a4c335cc5da
Tested-by: paravpandit@yahoo.com
Reviewed-on: https://code.wireshark.org/review/19190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update our WinSparkle package to 0.5.3. This fixes a file deletion bug.
Note that WinSparkle now supports application shutdown callbacks, which
should let us fix bugs 9687 and 12989.
Bug: 13217
Change-Id: I4b5f325c6dc251ce167f7bd344bbf3ca5ad3fe14
Reviewed-on: https://code.wireshark.org/review/19230
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
QComboBox::setCurrentText() method is available in Qt5.x.
Older versions code won't compile with it.
Bug: 13235
Change-Id: Ia2e2713fefe0f2be01a0b77ff1ac39c9162fd0d1
Reviewed-on: https://code.wireshark.org/review/19219
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
It's GTK+-only, so it shouldn't be in ui/ui_util.h. Get rid of the
unused Qt packet list implementation of it.
Change-Id: Ia9f8fe2209939dff5244e6948c36f29509340f68
Reviewed-on: https://code.wireshark.org/review/19226
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Just directly call the packet_list_select_ routine from the GTK+ code.
Change-Id: I9146fb968c407d6186b146a86aa34678765f7352
Reviewed-on: https://code.wireshark.org/review/19225
Reviewed-by: Guy Harris <guy@alum.mit.edu>
the dynamic payload type defined. If so set the dynamic
payload_type_string to that dissectors name.
This is for RTP analysis to work if there is no setup information in the
file.
Change-Id: I7ae7b957cfa9eb6013f7d32d50563e2034210af6
Reviewed-on: https://code.wireshark.org/review/19220
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines can handle any single-byte character set whose characters
map to characters in the Basic Multilingual Plane; it could be used for
extended ASCII, but we have another routine for that, mapping only
characters with code points > 0x7f, so we just say "nonascii" rather
than "ebcdic".
Change-Id: I3d55b5d58e3e7ab08f3dfbfdb57a0301a30e71d4
Reviewed-on: https://code.wireshark.org/review/19214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have a routine that takes a 256-element translation table and uses it to
map various flavors of EBCDIC to Unicode. Have separate translation
tables for "common" EBCDIC (everything that's the same in all EBCDIC
code pages that include the original EBCDIC characters) and EBCDIC code
page 037. Add ENC_EBCDIC_CP037 for code page 037.
Change-Id: Ia882b3c0abef9e30eb54cd47396e6fa0d6342044
Reviewed-on: https://code.wireshark.org/review/19212
Reviewed-by: Guy Harris <guy@alum.mit.edu>
* kex_first_packet_follows -> first_kex_packet_follows
That's the name the spec (RFC 4253) uses.
* DH H signature -> H signature, DH host key -> host key
Neither the host key nor the H signature have much to do
with Diffie-Hellman. They're used in the same way in
every key exchange method that I know of, so their names
should be more generic.
* mpint_[ef] -> dh_[ef], mpint_[pg] -> dh_gex_[pg]
This is to make all key exchange method-specific fields follow
a consistent pattern with all names/abbrevs being prepended
by the method name.
Change-Id: Ic887fb92d8cbb6042e9b8e553cb5804db0ba4db8
Reviewed-on: https://code.wireshark.org/review/19199
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All the pseudo-headers encode the endpoint as per a bEndpointAddress in
sections 9.6.6 "Endpoint" of the USB 2.0 spec and the USB 3.1 spec, with
a 4-bit endpoint number at the bottom and a 1-bit direction at the top
with 0 = OUT and 1 = IN.
Show the FreeBSD endpoint address the same way the other endpoint
addresses are shown; the FreeBSD one is shown as a 4-byte little-endian
value, but only the low-order (first) byte is used, so just show that
byte.
Call that field the "endpoint address", with the lower 4 bits being the
"endpoint number" and the uppermost bit the "endpoint direction".
Change-Id: Ic7358c7fb6b6df2502315b590eb5178cecb321d9
Reviewed-on: https://code.wireshark.org/review/19200
Reviewed-by: Guy Harris <guy@alum.mit.edu>
For most of the fields, the blurb is just the name with "SSH" prepended,
which is not particularly useful. Replace a few of them with more
informative descriptions and remove the rest.
Change-Id: I15e95a42e897d09d3b6334022b32dd36f29e86a4
Reviewed-on: https://code.wireshark.org/review/19198
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Move the GSMTAP protocol related #defines to packet-gsmtap.h, as there
are other dissectors (like packet-gsm_sim.c and future dissectors) need
access to some of those #defines.
Change-Id: Ibb3517bd773be63b7e3cd30104a5351427e22ebf
Reviewed-on: https://code.wireshark.org/review/19185
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, sort the initializations of structure members by the order in the
structure, to make it easier to check that we've initialized them all.
Bug: 13231
Change-Id: Id2819940d916a5fd5a3f1bf2fc20bd3ee34a75f4
Reviewed-on: https://code.wireshark.org/review/19195
Reviewed-by: Guy Harris <guy@alum.mit.edu>
If configuring a extcap "value" sentence with {value=} then loadValues()
must not run in a infinite recursion trying to find it's children.
Change-Id: Ic2577b31d9312e8f6a099c4fe7c0672e801dbc89
Reviewed-on: https://code.wireshark.org/review/19192
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The header field ID variables are listed in a somewhat chaotic order,
making the list hard to comprehend and update. Group them according
to the part of the protocol the corresponding fields occur in, and
order the groups and the IDs within groups to roughly match
the protocol flow and message formats.
Change-Id: I915f508fd78ff89819c96d246c79d335de6a172e
Reviewed-on: https://code.wireshark.org/review/19154
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See if that lets the big file from bug 13226 pass the test under
Valgrind.
Change-Id: I76eb0c18809289e3b14ff8071402c31f70d93d42
Ping-Bug: 13226
Reviewed-on: https://code.wireshark.org/review/19189
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code was making the assumption that the ICMP data time will always
be greater than or equal to the frame time, but not earlier, but that
is not always the case and the heuristics can fail.
Bug: 13161
Change-Id: I4bc7bd8d22d717d3b1f08afdd651f8a70cb7aef2
Reviewed-on: https://code.wireshark.org/review/19157
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ie13e23232e183818b813e391274d75415b3fee83
Reviewed-on: https://code.wireshark.org/review/19181
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Bug: 12824
Change-Id: I4b857f3cc488867d8ee7487c1f978edf639988f8
Reviewed-on: https://code.wireshark.org/review/19182
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This function can be used by code outside ui (eg. extcap).
Ping-Bug: 13218
Change-Id: Ic11f7acebefeaf777692df044ebff9b1bc387aa3
Reviewed-on: https://code.wireshark.org/review/19178
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
what happens.
Change-Id: Ib64c127ef5e2ba3fe57301c7ac7c75fd1d0e0d27
Reviewed-on: https://code.wireshark.org/review/19176
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Libgcrypt prints all log messages to stderr by default. On Windows the
slow_gatherer routine logs
NOTE: you should run 'diskperf -y' to enable the disk statistics
if DeviceIoControl(..., IOCTL_DISK_PERFORMANCE, ...) fails. We don't
depend on cryptographically secure random numbers and the message is
needlessly confusing. Add a log handler that ignores less-severe messages.
Change-Id: If40a691ea380364457dfdf126b9bf33ac2672d3a
Reviewed-on: https://code.wireshark.org/review/19155
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A plugin to calculate response, service and spread time values based on
the RTE model.
Bug: 12892
Change-Id: I47d7e5354fc269916851a318fef10b826897eaf8
Reviewed-on: https://code.wireshark.org/review/17750
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I643825baa09bf1b6b54515dc109669c0cb1e2cd7
Reviewed-on: https://code.wireshark.org/review/18800
Reviewed-by: Franklin Mathieu <snaipe@diacritic.io>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Cleanup code to use uniform whitespace to make it more readable.
Also added brackets to unbracketed one line conditional statements.
This was done using "astyle -A1cHjk3pU".
Change-Id: Iebe96c488c843ce1d790ede0016eb9df025e98a5
Reviewed-on: https://code.wireshark.org/review/19133
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, remove the "make sure we're not fetching a bogus structure" tests.
Add a comment explaining how a compiler bug where it's overly optimizing
a combination of tests could cause the valgrind errors we were seeing,
so we're zeroing the entire structure, padding included, to avoid that.
Change-Id: I24f94b2cbceec5234c1da82b891f609648075839
Reviewed-on: https://code.wireshark.org/review/19149
Reviewed-by: Guy Harris <guy@alum.mit.edu>
while at it extend IE value_strings.
Change-Id: Iea592aca088384c381843be7255922db2ade393a
Reviewed-on: https://code.wireshark.org/review/19145
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Do not just decode the payload type for RTP/AVP, but also all RTP
transport types.
Add RTP/AVPF (same as normal RTP/AVP, but with additional RTCP formats).
Similarly, add RTP/SAVPF and the two DTLS variants. Add references to
the relevant specifications and order per IANA registry.
Tested with dtls-srtp-ws-sip.pcapng, now the payload types under the
"m=" tree have names and frames that were previously reported as RTP
show up as SRTP. Frame 442 now shows "Encrypted RTCP Payload" warning
instead of decoding it as garbage.
Change-Id: I06893f385ec270391f8891e72a364d08d2354a0a
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/19139
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix build error:
ui/qt/moc_rtp_player_dialog.cxx:87:76: error: ‘currentOutputDeviceName’ was not declared in this scope
case 0: *reinterpret_cast< QString*>(_v) = currentOutputDeviceName(); break;
Change-Id: I065862540e775c3e965cb5d3ae4c53bd8d505bdd
Reviewed-on: https://code.wireshark.org/review/19142
Petri-Dish: Michal Labedzki <michal.labedzki@tieto.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit 92a2c184b0.
Actually, that address *is* attached to a pinfo structure.
Change-Id: I183135f9cf10a6714045091d2ae02d2799093bae
Reviewed-on: https://code.wireshark.org/review/19143
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Nit: Make it easier to see the transition between the end of the
RPC-over-RDMA transport header and the start of the RPC header.
Calculate the selection size of the RPC-over-RDMA header
properly, including the size of the chunk lists.
Change-Id: I84bc7d970a95e8f50a21a45ded386322711b6512
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-on: https://code.wireshark.org/review/19034
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Value 1 incorrect. Remaining enumerations correct
Change-Id: I31939fabded6c4eab13c5b61bbdd4f61b962f0e0
Reviewed-on: https://code.wireshark.org/review/19137
Reviewed-by: Michael Mann <mmann78@netscape.net>
This reverts commit e2c26ff90c.
*That* address isn't attached to a pinfo structure, it's used to create a conversation, and a copy is made of it, using file scope. So that's not the cause of this problem.
Change-Id: I07ce091e678c42c30080cd00fd17cd1584f473ad
Reviewed-on: https://code.wireshark.org/review/19138
Reviewed-by: Guy Harris <guy@alum.mit.edu>