If the capture does not contain any indication of the Key MIC Len or we
are making only one pass (such as with tshark) we can actually figure
out the Key MIC Len if we see the first frame of the four-way handshake.
We only use this approach if we used the default value for the Key MIC Len
and defer to other information if it is available. We also save the value
once we have figured it out and only try to figure it out on the first
frame of the four-way handshake.
If we cannot determine the Key MIC length from the first frame in the
four-way handshake we can use the second frame in the four-way handshake.
However, we also need to keep some extra state, specifically, whether or not
we have actually set the last AKM suite seen.
Bug: 16210
Change-Id: I28bc7dacbd34d03b24e66371f66b22853fa608d1
Reviewed-on: https://code.wireshark.org/review/35119
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Bug: 15360
Change-Id: Iceaa5c2336cfb58966ef12f4267fcd09ae48bfe7
Reviewed-on: https://code.wireshark.org/review/31234
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename Capture Interfaces to Capture Options to match its main menu
item. "Options" also more closely matches what the dialog actually does.
Fixup a help item URL while we're here.
Change-Id: Iec8bdfc9f7ae6fc4fd9e97bb366b63cff139f3a6
Reviewed-on: https://code.wireshark.org/review/35294
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- fix a few typos
- remove the intra N1, N1 to S1 and S1 to N1 mode NAS transparent
container functions: those are not real IEs and are already decoded
Change-Id: I73b4c3de4078a57e9471871d6ed47a08eb2a1fc0
Reviewed-on: https://code.wireshark.org/review/35286
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
It is directly the S1 mode to N1 mode container and not a 5GS message header.
Change-Id: I5d8045065977083d3e5e59692166615afb429e41
Reviewed-on: https://code.wireshark.org/review/35285
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
It's a "wmem version" of format_size (from wsutil/str_util.h).
Also improved the flexibility in formatting of format_size() to handle future
needs of format_size_wmem
Ping-Bug: 15360
Change-Id: Id9977bbd7ec29375bbac955f685d46e75b0cef2c
Reviewed-on: https://code.wireshark.org/review/31233
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is done to limit parsing errors.
Update documentation of function parameters to remove confusion with dissectors.
Bug: 16106
Change-Id: I6b2cd0badaaf6217fb80bdc411a86cad5e6b07ca
Reviewed-on: https://code.wireshark.org/review/35267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
More quickly includes glib.h which is required
Bug: 16083
Change-Id: Ib25877d0f9d5d9fa39ad4ac5b8991b6666fbe234
Reviewed-on: https://code.wireshark.org/review/35268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 16139
Change-Id: Ie5ad0025730257807b590f7ff9ac275ba27cce9e
Reviewed-on: https://code.wireshark.org/review/35266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibee2c6d120978bc87bc26b6237259e285f0e2f08
Reviewed-on: https://code.wireshark.org/review/35265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Decode the v1/v2.0 formats which are relevant for the upcoming
6.5.0 release.
Change-Id: Ie726f1ebd2457f6a36b096a0cd0bed9c94f713df
Reviewed-on: https://code.wireshark.org/review/35251
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Old representation was confusing because for instance it printed:
10.. .... = CHANNEL_CODING_COMMAND: 2
But 2 actually is CS-3.
Change-Id: Ie875a94297c0d154d7222f12115068876520c47a
Reviewed-on: https://code.wireshark.org/review/35259
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The WSDG is a mix of references to 32 and 64 architectures. Use 64
in more places.
Change-Id: Ifb4b3189912268808cfe8fdb5119f2177c815163
Reviewed-on: https://code.wireshark.org/review/35248
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
ByteViewText and ProtoTree only use mono_font_ in setMonospaceFont, so
there's not much use in declaring it private in each case.
Change-Id: I3ad986052f6e013988ce851420f7f6e7b47b7ea8
Reviewed-on: https://code.wireshark.org/review/35255
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The can specific data structure `struct can_identifier` is used as
supplementary data for higher level dissectors. This patch adds more
data to this struct and renames it accordingly to `struct can_info`.
More supplementary data is needed in order to dissect iso15765
correctly, since the header format depends on details on the underlying
CAN protocol (CAN 2.0B vs CAN-FD).
Change-Id: Id068cf38453f98b67a5ec470a22e7013548c5a14
Reviewed-on: https://code.wireshark.org/review/35246
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is no longer needed, as it is handled by setMonospaceFont
Change-Id: I9834bcd1a188cd6f1cb8ad1abe568a9a50d831bc
Reviewed-on: https://code.wireshark.org/review/35253
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
ProtoTree::setRootNode() is designed to update the model with the new
packet tree, and additionally expand tree items in its view. When the
current selected packet is changed, it must use this method to ensure
that collapsed trees are properly expanded. Fix this regression.
It was not entirely clear that framesSelected can no longer use previous
state, so document it explicitly. Remove the call to QTreeView::reset(),
it ends up calling QAbstractItemView::reset() which touches the
selection model that refers invalidated proto_node memory. The reset
function of the view is automatically called the model is reset, so the
call was not needed anyway.
Test: open test/captures/tls13-rfc8446.pcap, expand TLS, TLS Record, and
select "Content Type". Change from frame 1 to 2, and then 3. Observe
that the expanded state remains constant with no flickering. In frame 3,
observe that the tree remains expanded even if no item is selected.
Change-Id: I0c820711f1a62aa51ac100f8ac5c89265c51eb18
Fixes: v3.3.0rc0-6-gcfee0f8082 ("Qt: Remove frameSelect signal")
Reviewed-on: https://code.wireshark.org/review/35230
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add D-PATH Attribute as described in
draft-rabadan-sajassi-bess-evpn-ipvpn-interworking
Bug: 16238
Change-Id: If40699304fca1409a195b83075dd40c6769c2df4
Reviewed-on: https://code.wireshark.org/review/35223
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Verified with fizz-tls13-draft-23-26-rfc8446-dsb.pcapng from the bug.
Decryption of early data, handshake and application data for almost all
versions (draft 23, draft 26, RFC 8446) is working. Only early data
decryption for draft 23 fails because the draft version is not yet set
during trial decryption before the Server Hello is received. That is
such a rare case however, do not bother fixing that.
Bug: 16175
Change-Id: Ie9046bf3f04c40b9c8fa2128f06844d2e7bd3e6d
Reviewed-on: https://code.wireshark.org/review/35245
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peer identification failed because the MAC1 value did not check out.
Fix the computation in case the reserved bytes are overwritten after the
original protocol has run.
Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f
Reviewed-on: https://code.wireshark.org/review/35219
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead of just visually marking a field after switching packets, make
sure that it is also focused such that arrow up/down keys select the
expected fields instead of the root node (the Frame layer).
Change-Id: Ic16462198fb2189496f0cceeb5a5e885673636d2
Reviewed-on: https://code.wireshark.org/review/35236
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: I537fbb26681555d0cd303d4b614bc016e935eb70
Reviewed-on: https://code.wireshark.org/review/35225
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Put short descriptions after the amendment name, in parentheses.
Fix a typo in the 802.11d entry while we're at it.
Change-Id: I87d84678f30abe40c4b130cf0a9355bb5da99df4
Reviewed-on: https://code.wireshark.org/review/35229
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Set it as the PHY type if we see the HE field in a radiotap header, and
report that PHY type as "802.11ax" in the generic radio metadata
dissector.
Change-Id: I181d2717d82bdca73e04b6111b2483ca099d48bb
Ping-Bug: 13207
Reviewed-on: https://code.wireshark.org/review/35227
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default shell in macOS 10.15 is zsh[1]. Bash appears to be included
for now, but it might be a good idea to start migrating away from it
just in case it's removed at some point in the future.
[1]https://support.apple.com/en-ca/HT208050
Change-Id: Ibe4338105d8fa1a590f84543489255ade71920d6
Reviewed-on: https://code.wireshark.org/review/35216
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Change-Id: Idbc67da75ad75803a01f17ae3ff6f8f677670db8
Reviewed-on: https://code.wireshark.org/review/35191
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adding two more versions which are seen when UTC timestamping is used
Bug: 16226
Change-Id: I27f10f6df4595598d82257fe870de8ce95ecae64
Reviewed-on: https://code.wireshark.org/review/35185
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
/Volumes is hidden on macOS, which means that it doesn't show up in Qt's
non-native file dialog. Add a constructor to WiresharkFileDialog that
adds /Volumes to the file dialog sidebar. Make CaptureFileDialog and
ExportDissectionDialog subclasses of WiresharkFileDialog.
Bug: 13840
Change-Id: I4d7da3948b203eb11fb64fa056eb42a448edf914
Reviewed-on: https://code.wireshark.org/review/35201
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Recognize Cloudflare Warp traffic which may use non-zero bytes for load
balancing purposes. This is an extension of the WireGuard protocol, it
is not understood by official implementations which require the reserved
bytes field to be zero.
Change-Id: Iff789b538ab8477d8b5014302569264823d92358
Reviewed-on: https://code.wireshark.org/review/35215
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The "Preferred AC" field in the "Trigger Dependent User Info"
subfield of the Basic Trigger frame uses the "ACI-to-AC encoding"
described in Table 9-136 of the 2016 IEEE 802.11 specification. The
802.11ax specification refers the reader to this table when describing
the "Preferred AC" field.
Change-Id: I81ca3280c2865bc87fc4a8ddb63b5e8f7255d414
Reviewed-on: https://code.wireshark.org/review/35190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The update_tools_help CMake target is periodically run, but the output
of `wireshark -h` was previously not included.
Bug: 16166
Change-Id: Ib7aac89ff31d7b7c7033496b512d97bfbd727aaa
Reviewed-on: https://code.wireshark.org/review/35205
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tamir Duberstein
Pau Espin