We don't show the expert info icon when not having a capture file,
so this should not be enabled when emitting redissectPackets().
Change-Id: I6ae6124ed9f69c214a2beadbdc670b15dfe3d060
Reviewed-on: https://code.wireshark.org/review/11937
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I9c7d1c092bbae896ec0c2832617891346927f2e1
Reviewed-on: https://code.wireshark.org/review/11932
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Hide the menu item if built without Lua.
Change-Id: I316cddd55064da590eb4167b495a7fb00a41581f
Reviewed-on: https://code.wireshark.org/review/11931
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Added a check for a valid cf->edt before calling epan_dissect_free(),
as this will give an unintended assert.
This is related to da71ccbf77.
Change-Id: I7f7ceb1b25cfa2400063947f674df10ed6a93e9d
Reviewed-on: https://code.wireshark.org/review/11934
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
* Added 3 missing TLVs from Type 29 UCD.
* Added to dissector the TLV Type and TLV Length as I want
to be able to add filters on this information as an user.
* Changed some variable names as I wanted it to be unified between
the Type 2 UCD (ucd.c) and this file. There are another two types of
UCD messages (which I hope I will add) and keeping variables
similar helps a lot.
* Added the expert info.
Change-Id: I808a2e710f7348eb046e0afdaa609fa28b3a18ca
Reviewed-on: https://code.wireshark.org/review/11913
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping-Bug: 11650
Change-Id: I1e6418afe1d02da9f30c429c0220932d74344b8d
Reviewed-on: https://code.wireshark.org/review/11775
Reviewed-by: Michael Mann <mmann78@netscape.net>
tvb_new_real_data() will leak memory.
Also fix endianness because use of GUINT64_SWAP_LE_BE() assumes
platform is little endian.
Change-Id: Ic90d568e585e08674638519c11bd5deb4358bff1
Reviewed-on: https://code.wireshark.org/review/11540
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id0c583eacbef01d9dbdb54c27893d44cc32d9a31
Reviewed-on: https://code.wireshark.org/review/11680
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When dragging the UI, this somehow causes a great lag. Then by
spam-clicking on the Stop button, a double free seems to occur.
Fix this by moving the audio cleanup to the outputStateChanged callback
as documented at https://doc.qt.io/qt-5/qaudiooutput.html. Note that
calling stop() in the IdleState also triggers a change event, resulting
in the desired cleanup.
Stop streams before the dialog is closed (via accept/reject). This
*cannot* be done in the destrutor of RtpPlayerDialog because destructing
QAudioOutput processes events from the event queue, resulting in
preature destruction of other objects... crash.
Change-Id: I6bfb33c9396e9bc1ffd346519d22390a97b6bdaf
Reviewed-on: https://code.wireshark.org/review/11894
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
...otherwise we won't copy it to ${CMAKE_BINARY_DIR}/run/Wireshark.app on
OS X, which means our flag icons won't be displayed.
Bug: 11697
Change-Id: I26cd6a2dd13be35f9a80fd93adc8248848df5978
Reviewed-on: https://code.wireshark.org/review/11923
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Listeners should not be deregistered in __gc because they will go out
of scope while in use. Instead free allocated data when deregistering
the Listener (Listener.remove() and Reload Lua Plugins).
Bug: 11722
Change-Id: Iadf6506757df06e476ac3cac38c05f1d1d497dc4
Reviewed-on: https://code.wireshark.org/review/11924
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
S-blocks have a block number exactly like I-blocks,
give the hf variable a more generic name
Change-Id: I25774496f88bd27b1978662e4a781ddeb5e44b45
Reviewed-on: https://code.wireshark.org/review/11920
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Make fillDiagram() a slot and call it after the dialog is visible.
Use the activated() signals instead of currentIndexChanged() for our
comboboxes. The former is only emitted as a result of user interaction
and the latter is always emitted when the value changed. This was a
problem for flowComboBox since initializing its value resulted an extra
call to fillDiagram().
Add a progress frame.
Change-Id: I17bcf5c990363ee758be9e3a0604dde34fc34f2d
Ping-Bug: 11710
Reviewed-on: https://code.wireshark.org/review/11897
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
make sure that we don't treat an S-block as a uid command
Change-Id: Ibe001cd346eff462040df5259c7a88fa7f94bf78
Reviewed-on: https://code.wireshark.org/review/11918
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Don't set WA_DeleteOnClose. This keeps the dialog from deleting itself
when we're inside a nested event loop (i.e. when we're reassembling
(TCP) or retapping (UDP or TLS)).
Make sure our beginRetapPackets() and endRetapPackets() calls are
balanced. Move updateWidgets() calls to follow() so that we update on
the first run.
Bug: 11711
Change-Id: Id585be410a315b914b27f1a116d451c863087b00
Reviewed-on: https://code.wireshark.org/review/11892
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
handle the ..._CRC_DROPPED events
use pinfo->p2p_dir to store the direction
pass a boolean 'crc_dropped' to the sub-dissectors for message types
subtree for an ISO1443 message
dissect most components of most messages
Change-Id: I2570dd4d941e5db7fa541723b70ccad6ce70ab49
Reviewed-on: https://code.wireshark.org/review/11912
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
HS20 Release 1 and Release have added some new fields. Decode them
properly.
Change-Id: Ia9bdaa3422d3f10119d42ec53ad6c9e4915578b8
Reviewed-on: https://code.wireshark.org/review/11870
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
When using GTK UI, cfilter is initialized to NULL, not to an empty string.
Change-Id: Ic9f3957d4de551a929578e76d5b9c63936517299
Reviewed-on: https://code.wireshark.org/review/11910
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Update the logic in ui/qt/main_window.cpp:mergeCaptureFile to match
ui/gtk/capture_file_dlg.c:file_merge_cmd. This ensures that we don't try
to use a stale (and freed) read filter.
Call cf_set_rfcode in both.
Bug: 11718
Change-Id: I6da65e428bff39e907f45992bac7337880c02ce9
Reviewed-on: https://code.wireshark.org/review/11895
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
When no filter is specified, interface_opts.cfilter is not null but an empty string.
Change-Id: I5755ab7dd840be28334768cf26999048441fcc4e
Reviewed-on: https://code.wireshark.org/review/11907
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
If CreateProcess succeeds, close our child's primary thread handle. As
the PROCESS_INFORMATION page at
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873.aspx
says,
If the function succeeds, be sure to call the CloseHandle function
to close the hProcess and hThread handles when you are finished with
them. Otherwise, when the child process exits, the system cannot
clean up the process structures for the child process because the
parent process still has open handles to the child process.
Closing the handle immediately doesn't seem to do any harm here, but
add a note that we might want to store it and close it later.
In sync_interface_stats_open, close our message and data descriptors
after calling sync_pipe_wait_for_child.
Ping-Bug: 11702
Change-Id: I56e0625fdceb66fba822c2dc83e07d40844329a7
Reviewed-on: https://code.wireshark.org/review/11882
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If the C handles can't be created, there's no point in running dumpcap.
Catch some more possible _open_osfhandle() failures while we're at it.
Change-Id: I2b955378705fc932f8d383804e908e95a957be44
Ping-Bug: 11702
Reviewed-on: https://code.wireshark.org/review/11890
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Only enable this menu when there is a packet
Change-Id: I750f2af6e9f565afce83a5e84394cc96b3b071f9
Reviewed-on: https://code.wireshark.org/review/11868
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Moved setMenusForSelectedPacket() to captureFileClosed() because
capture_file_.capFile() is still valid in captureFileClosing().
Menu items depending on is_ip, is_tcp, is_udp, is_sctp, is_ssl,
is_rtp and is_lte_rlc must be disabled when closing the capture
file because many of the dialogs does crash when launched without
a valid frame selected.
All dialogs should probably have a guard for this to avoid crashes,
but that may be an exercise for an enhancement to add support for the
dialogs to follow the current loaded capture file.
Change-Id: If5837a355d08df76547572a25d46ffa539070de3
Reviewed-on: https://code.wireshark.org/review/11883
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Add C:\tools\cygwin to the list of search paths in FindCygwin.cmake.
This matches the behavior of config.nmake and is where Chocolatey
installs Cygwin.
Change-Id: I87a3cd64aae410b9c9abdc87c56d29aa3c4d5946
Reviewed-on: https://code.wireshark.org/review/11885
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Picking off "easy" dissectors that only have one or two exit points at most.
Change-Id: I96aa9cf53533cbb07105aa400d42922baf3016b3
Reviewed-on: https://code.wireshark.org/review/11860
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Until now, it is not possible to use the IANA-assigned protocol values in a Wireshark plugin.
This commit exports them for use on Windows machines.
As discussed on http://seclists.org/wireshark/2015/Nov/88
Change-Id: I22adc33accf5d776bd3e5cc0899d3c5b9e9d531c
Reviewed-on: https://code.wireshark.org/review/11874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a
(patched?) BouncyCastle 1.51.0 exposed the odd behavior where the
ProtocolVersion from the record layer was always fixed to DTLSv1.2 while
the server agrees to use DTLSv1.0.
This resulted in a Malformed packet dissection of the ServerKeyExchange
message which mistakenly expects a SignatureAndHash field. Fix this
by using the protocol version from the ServerHello. Keep the fallback
in case a capture starts in the middle of a SSL conversation.
(Also display "DTLS" instead of "SSL" when the version is not yet
determined for DTLS packets.)
Bug: 11709
Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6
Reviewed-on: https://code.wireshark.org/review/11821
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The SslSession struct contains a "version" field for displaying
purposes in the protocol column while the SslDecryptSession struct
has a "version_netorder" field for use in TLS hash functions (for
secrets calculations).
As these are strongly associated with each other, remove the
version_netorder field and its associated constants, let the SslSession
version field store this value instead. All SSL_VER_* are renamed to
appropriate *_VERSION macros (via search & replace), SSL_VER_UNKNOWN
is kept though.
The PCT and SSLv2 protocols had no wire value (*_VERSION), so
SSL_VER_PCT and SSL_VER_SSLv2 are assigned with some arbitrary values.
Warning: external plugins using the ssl_set_master_secret function
must now pass the wire version (TLSV1_VERSION) instead of the (now
removed) internal macros (SSL_VER_TLSv1).
Change-Id: Icd8ef15adae9c62eb21eab1c3b812166e451936f
Reviewed-on: https://code.wireshark.org/review/11820
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This may at least prevent the crash in bug 11702, by not returning
"success" with bogus file handles of -1, if the opens fail due to
leaks chewing up all the available slots. More investigation needs to
be done to see why we're leaking.
Change-Id: I89ecff4b03bca140f05c838e1e2604a03409f803
Ping-Bug: 11702
Reviewed-on: https://code.wireshark.org/review/11881
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Caught by cppcheck. The buffer is 9+1 characters, which means we should specify
9, not 10 to the scanf string since the count does not include the
null-terminator.
Change-Id: I0aae8cce337055b304efa9399cd5d8059928d2d8
Reviewed-on: https://code.wireshark.org/review/11887
Reviewed-by: Evan Huus <eapache@gmail.com>
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This matches what the Windows file open dialog says, and also should
help prevent people thinking that it's a display filter, so that you can
clear it and see all the packets in the file.
I leave translations to native speakers.
Bug: 11708
Change-Id: I060816357bf7958d516429d09708a7ce16d609c5
Reviewed-on: https://code.wireshark.org/review/11877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The RPMs use 'alternatives' to determine which GUI is used so it doesn't make
sense to have 2 desktop entries: one for 'wireshark' (Qt or Gtk GUI, depending on
configuration) and one for 'wireshark-gtk' (the Gtk GUI).
(Maybe it makes sense to just not use 'alternatives' and allow the user to pick
which GUI is used via the menu system. But then if they wanted to run the Gtk+
GUI from the command line they'd need to remember to run 'wireshark-gtk' even
if that's the only GUI installed...)
Change-Id: I9d3fe13bb01eab87caad4ad21c6571ef6288b110
Reviewed-on: https://code.wireshark.org/review/11780
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
Increment the reference counter each time a flow sequence window is opened.
Free seq_analysis_info_t structure once the last flow sequence / VoIP calls / SIP flow window is closed.
Bug: 11712
Change-Id: I20fcb922b0516417d4bd74cdf75475dcb31f8b90
Reviewed-on: https://code.wireshark.org/review/11851
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Some compiler flags may not be passed twice (such as -mllvm
-msan-keep-going), so avoid duplicating CMAKE_C(XX)_FLAGS.
When -DCMAKE_BUILD_TYPE=<type> is set, you can override the default
optimization and debug flags with -DCMAKE_C_FLAGS_<type>=....
This reverts commit 15a238a28d.
Change-Id: I4e1cf11c49eaf00ad4a2c430454a127b4be20d9e
Reviewed-on: https://code.wireshark.org/review/11597
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
UCD Type 2 is for TDMA/ATDMA, S-CDMA goes in UCD Type 29.
More info:
Table 8-19 from RFIv2.0-C02 for DOCSIS 2.0
Table 6-25 from MULPIv3.1-I07 for DOCSIS 3.1
The comment was removed because the Burst Descriptors below are
not new anymore, are just Burst Descriptors like all the rest.
Change-Id: I992a84c9bf0b999b9cec5bd44f2e584ef22ce401
Reviewed-on: https://code.wireshark.org/review/11847
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
