It's arguably an error, as an FT_STRINGZ requires at least one character
position for the terminating NUL, but the way to handle that is to give
it a string value of an empty string and add an expert info indicating
that the terminating NUL is missing. (The same should be done for
FT_STRINGZ fields with a specified non-zero length that don't have a NUL
in the last character position.)
Change-Id: Ie702bf44db36310f0f6e2625a3a64e6424167546
Reviewed-on: https://code.wireshark.org/review/38136
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The documentation mentioned looks more like API/ABI documentation than
"data on the wire" documentation, but the strings all look like counted
strings, with no trwminating NUL. Use FT_STRING, not FT_STRINGZ.
Add a URL for the MQ PCF documentation and replace no-longer-working
URLs for the MQ documentation with a working URL.
Change-Id: Id656a3e6cd75bff34d1a5a650229b4ba749ef365
Reviewed-on: https://code.wireshark.org/review/38134
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Make sure to set the GSS Data subtree length properly when
the packet has been truncated so at least the rest of the
packet could be partially dissected.
Change-Id: I0b41137aea47c2512d15d28ed620542decd31904
Reviewed-on: https://code.wireshark.org/review/38086
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add rfc8489 to differences table
- Add expert items for attributes exceeding packet length and attributes with trailing data
- Remove unused and "#if 0"ed attributes_properties_p (never used since added in 2009
Change-Id: If7f804a5ee8ea057765f2d55b04181c644cc3d0c
Reviewed-on: https://code.wireshark.org/review/38059
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the main dissector, check the first 2/3 bytes for recognized
Byte-Order Marks (BOM) and decode if detected.
In the heuristic check, when unicode heuristics are enabled, check the
first 2 bytes for a recognized BOM instead of assuming UCS-2LE. (Still
falls back on that if no BOM detected.)
Bug: 9069
Change-Id: I7c6510221ef9257a9c3030715906e07b88af6aa7
Reviewed-on: https://code.wireshark.org/review/38076
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update URL for the TACACS+ I-D - point to the IETF site.
Fix code indentation.
Use proto_tree_add_item_ret_uint() to get string lengths when adding
them to the protocol tree.
Put the username and password under the top-level tree item, rather than
at the top level themselves.
The username and password are counted strings, and are not
null-terminated; make them FT_STRING rather than FT_STRINGZ.
Change-Id: Ia974937ade5908f98c0b527586e8ac15c3ffb907
Reviewed-on: https://code.wireshark.org/review/38130
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The PacketDiagram widget prints debugging information about items that
it skips and resizes. Make this conditional, similar to what we do
elsewhere.
Bug: 16769
Change-Id: Id7fbedbdac6096cbca8d997688d489eac4729f52
Reviewed-on: https://code.wireshark.org/review/38121
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Those routines do more checking than strtoul(), and get passed a pointer
to a guint32(), so you don't have to worry about 32-bit vs. 64-bit longs
(which causes warnings on macOS builds, courtesy of Apple throwing in
"narrowing 64-bit value to 32 bits" warnings when they introduced their
first 64-bit machines, to help developers 64-bitifying their
applications, causing macOS builds to fail).
If the checks fail, note that in the formatted value.
(XXX - assign units to the fields, so we don't have to add them in our
formatting?)
Change-Id: I35945a3f1eaedc88e5b2ebf500c06fb7cf022753
Reviewed-on: https://code.wireshark.org/review/38119
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Bug: 16764
Change-Id: Iff902150491c984d3069c1b83acef9c2c8ce12c7
Reviewed-on: https://code.wireshark.org/review/38106
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Export proto_item_set_bits_offset_len and fix
In file included from ../epan/dfilter/dfilter.h:18:
../epan/proto.h:1113:11: warning: parameter 'bits_offset' is already documented [-Wdocumentation]
* @param bits_offset The new length in bits.
^~~~~~~~~~~
../epan/proto.h:1112:5: note: previous documentation
* @param bits_offset The number of bits from the beginning of the field.
^ ~~~~~~~~~~~
Change-Id: Ib171ce38607b9656baea5eb7a3e6aee3b99ddbac
Reviewed-on: https://code.wireshark.org/review/38115
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
To quote RFC 4251, "The Secure Shell (SSH) Protocol Architecture",
section 5 "Data Type Representations Used in the SSH Protocols":
string
Arbitrary length binary string. Strings are allowed to contain
arbitrary binary data, including null characters and 8-bit
characters. They are stored as a uint32 containing its length
(number of bytes that follow) and zero (= empty string) or more
bytes that are the value of the string. Terminating null
characters are not used.
Strings are also used to store text. In that case, US-ASCII is
used for internal names, and ISO-10646 UTF-8 for text that might
be displayed to the user. The terminating null character SHOULD
NOT normally be stored in the string. For example: the US-ASCII
string "testing" is represented as 00 00 00 07 t e s t i n g. The
UTF-8 mapping does not alter the encoding of US-ASCII characters.
"Terminating null characters are not used." means "these aren't
null-terminated strings; FT_STRINGZ is for null-terminated strings, but
these are counted strings, for which FT_STRING si the right type.
Change-Id: I217d527847a20b640bf141a5d8d56f31456af04c
Reviewed-on: https://code.wireshark.org/review/38118
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
It's used in a number of source files; don't force each of them to test
GCRYPT_VERSION_NUMBER independently.
Make sure every file that uses HAVE_LIBGCRYPT_AEAD includes
wsutil/wsgcrypt.h.
Also do some other definitions that are based on the libgcrypt version
there as well.
This requires that the Qt UI code be given the include directory for
libgcrypt, as the follow stream code includes
epan/dissectors/packet-quic.h, which includes wsutil/wsgcrypt.h to get
HAVE_LIBGCRYPT_AEAD defined, and wsutil/wsgcrypt.h includes <gcrypt.h>.
Change-Id: I9cb50f411f5b2b6b9e28a38bfd901f4a66d9cc8f
Reviewed-on: https://code.wireshark.org/review/38116
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
http3_is_reserved_code() is only used if HAVE_LIBGCRYPT_AEAD is defined;
only define http3_is_reserved_code() if HAVE_LIBGCRYPT_AEAD is defind.
(Then there's the issue that HAVE_LIBGCRYPT_AEAD is *NOT* defined as a
result of CMake tests, it's defined in packet-tls-utils.c based on the
libgcrypt version, so it's not as if it can be used outside
packet-tls-utils.c, but that's another bug to fix.)
Change-Id: Ibecdf6e12fde27d75fcd7849ca0cd62f4129f5c2
Reviewed-on: https://code.wireshark.org/review/38114
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Replaced tvb_captured_length_remaining() with
tvb_reported_length_remaining().
Change-Id: I87c07488590cd82ca8a945ac6f13efa45807e55b
Reviewed-on: https://code.wireshark.org/review/37098
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently, it's possile for ssh_keylog_compute_hash() to be called with
a struct ssh_flow_data structure with a null kex_e; if it is, give up on
computing the hash before we try dereferencing global_data->kex_e.
See, for example, the capture at
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=Example1.pcap
which crashed if I ran a TShark, built from the tip of the master branch::
TShark (Wireshark) 3.3.0 (v3.3.0rc0-1806-g79e43ef98d59)
Copyright 1998-2020 Gerald Combs <gerald@wireshark.org> and
contributors. License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see
the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap (including remote capture support),
without POSIX capabilities, with GLib 2.37.6, with zlib 1.2.11, with SMI
0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.4.17, with
Gcrypt 1.7.7, with MIT Kerberos, with MaxMind DB resolver, with nghttp2
1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2
2.9.9.
Running on Mac OS X 10.15.6, build 19G73 (Darwin 19.6.0), with Intel(R)
Core(TM) i9-9980HK CPU @ 2.40GHz (with SSE4.2), with 65536 MB of
physical memory, with locale en_US.UTF-8, with libpcap version
1.10.0-PRE-GIT, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with brotli
1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded).
Built using clang 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.32.62).
with "tshark -n -V -r Example1.pcap".
Change-Id: Icc534b488e5b486597162e54c725afb54ad61c05
Reviewed-on: https://code.wireshark.org/review/38113
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Add a new top-level view that shows each packet as a series of diagrams
similar to what you'd find in a networking textook or an RFC.
Add proto_item_set_bits_offset_len so that we can display some diagram
fields correctly.
Bugs / to do:
- Make this a separate dialog instead of a main window view?
- Handle bitfields / flags
Change-Id: Iba4897a5bf1dcd73929dde6210d5483cf07f54df
Reviewed-on: https://code.wireshark.org/review/37497
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
PAA is a variable length IE, but it is not extendable (see Table 8.1-1 in
3GPP TS 29.274). For a give type the length therefore has to match and
can not exceed the defined length.
Change-Id: Id65842a7f25018fd3864efd73f74ae583102a681
Reviewed-on: https://code.wireshark.org/review/37984
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
These are the final issues currently seen by check_typed_item_calls.py
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1840 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_authentication_parameter, ...) called at epan/dissectors/packet-obex.c:1887 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_none_format(.., hf_session_parameter, ...) called at epan/dissectors/packet-obex.c:2058 with type FT_UINT8
(allowed types are {'FT_NONE'} )
Change-Id: If6772a72e01c7afd774a7b673d5775fd598bace3
Reviewed-on: https://code.wireshark.org/review/38095
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
This patches adds support to parse the TX flags of the radiotap header,
including a new DONT_ORDER Tx flag.
Bug: 16732
Change-Id: Ia57c079e020a32219a3e3fcfb7da5ef260360b7e
Reviewed-on: https://code.wireshark.org/review/37944
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Removed WLAN from the EAP identity fields because
it is additional and unnecessary. Added fields for
the full identity string and the identity type.
Removed the pseudo and reauth identity types by
collapsing all identity values into one field
(eap.identity) so the values may be filtered easier
by users in tshark and the GUI. Omitting
encrypted IMSI code until this patch and Change
37250 get merged since the encrypted IMSI logic
depends on these two patches.
Bug: 16537
Change-Id: If359756c1949aff2510b822b70e0e79df85213d0
Reviewed-on: https://code.wireshark.org/review/37257
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id33135d82f30f0d88910b994492b4a64ac170d84
Reviewed-on: https://code.wireshark.org/review/38105
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Routine "dhcpv6_domain()" of packet-dhcpv6.c has the following
issues:
a. It is unaware of partial (relative) domain names which unlike
FQDNs must *not* be root terminated(0); otherwise, the resolver
interprets them as top-level domains (TLDs) such as "com." and
"org.".
b. Malformed errors are not thrown when they should be and when
thrown, it does so for the wrong reason.
c. No detail is provided as to the nature of a malformation.
d. The routine does not know the difference between an "empty"
and "root-only" domain name.
Routine "dhcpv6_option():
The meanings of flags octet of the in the OPTION_CLIENT_FQDN
option sent by the client are different that those of the server.
These differences are not reflected in the display. In addition,
the description of the 'N' bit is incorrect in either case. The
sender type must be determined in order to label them correctly
and to detect conflicts among them.
These changes fully address the above issues. Six types of
domain name errors are now detected. I believe the unusually
large amount of detailed comments with RFC references and
explanations were needed in this case due to the introduction
of concepts such as partial domain names that were not
recognized as such and thus improperly handled and labelled.
The subtree option headers have been converted from "Text only"
to named fields (dhcpv6.option.type_str). Example captures are
attached to the bug report.
Bug: 16627
Change-Id: I5ef3ee4261b9ab1f331ae2b9b0aa9e3d5e4a5566
Reviewed-on: https://code.wireshark.org/review/37678
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Save as" in Follow Stream saves whatever is displayed (except for
Raw), and has long always saved in UTF-8 encoding. (A few things are always
ASCII, which is still valid UTF-8.) The older description of "Show data as"
makes more sense here, as otherwise it implies data will be saved in the
original encoding instead of UTF-8. A checkbox or similar to save in the
original encoding instead of UTF-8 is a possible future enhancement.
Change-Id: I2d5016e9a974d5d614ff93eab0301ea0ce96108e
Reviewed-on: https://code.wireshark.org/review/37771
Reviewed-by: Guy Harris <gharris@sonic.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Code to fetch the field (metadata length) was correct, but the item
displayed would be wrong. Fix mask, and use _ret_uint() variant
to avoid fetching the value separately.
Described in RFC 8300, section 2.5.1.
Change-Id: I87cdca489392e1baa6c51bbab303c77a803d204e
Reviewed-on: https://code.wireshark.org/review/38099
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have the message indicate the problem and the name of the offending field.
Change-Id: I661125814c9ad5585a3e71d14f8407948e2e6d76
Reviewed-on: https://code.wireshark.org/review/38090
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Very rough support for dissecting the framing on unidirectional and
bidirectional streams. Support for dissecting QPACK contents will be
added later.
Thanks to Omer Shapira for identifying an important issue that broke
reassembly and blocked proper HTTP/3 support.
Bug: 16761
Change-Id: Ib7f87c824f1dca70967b82943e18d5afee39fa0b
Reviewed-on: https://code.wireshark.org/review/38084
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Load private key exchange keys (curve25519-sha256) provided by the user
Find matching public keys in the dissected data
Compute symmetric keys for decrypting encrypted Transport Layer Protocol
data
Bug: 16054
Change-Id: I83481bff6b1206ce222b0120ad9021e1607f7f97
Reviewed-on: https://code.wireshark.org/review/37936
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Error: proto_tree_add_string(.., hf_ansi_a_lai_mcc, ...) called at epan/dissectors/packet-ansi_a.c:3656 with type FT_UINT8
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_string(.., hf_ansi_a_lai_mnc, ...) called at epan/dissectors/packet-ansi_a.c:3666 with type FT_UINT8
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_none_format(.., hf_bthci_evt_vendor_codecs_item, ...) called at epan/dissectors/packet-bthci_evt.c:4712 with type FT_UINT32
(allowed types are {'FT_NONE'} )
Error: proto_tree_add_string(.., hf_kademlia_tag_hash, ...) called at epan/dissectors/packet-edonkey.c:1100 with type FT_BYTES
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_string(.., hf_msmms_data_timing_pair, ...) called at epan/dissectors/packet-ms-mms.c:680 with type FT_NONE
(allowed types are {'FT_STRINGZPAD', 'FT_STRINGZ', 'FT_STRING'} )
Error: proto_tree_add_float_format_value(.., hf_fp_tpc_po, ...) called at epan/dissectors/packet-umts_fp.c:2405 with type FT_UINT8
(allowed types are {'FT_FLOAT'} )
Change-Id: I1ed0276ad9c810ca6b1b01d581c3d73ae28fb9ad
Reviewed-on: https://code.wireshark.org/review/38081
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
It is send from DCAgent to FSSO collector using UDP 8002 packet
It is based on analysis of protocol (and log)
Bug: 16657
Change-Id: I2e23a403a103c25820d714446d4e3245af04e876
Reviewed-on: https://code.wireshark.org/review/37547
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Look for calls to certain proto APIs that require hf items of a certain type,
then check that the items passed in have one of the allowed types.
Currently takes around a minute to scan epan/dissectors. There are
a few issues that have not yet been fixed..
Hopefully this can be added to the PetriDish at some point.
Change-Id: Ic9eadcc3f1de03223606b5dca1cb45edcbe95e85
Reviewed-on: https://code.wireshark.org/review/38039
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit replaces instances of
(myobj *)wmem_alloc(wmem_X_scope(), sizeof(myobj))
and replaces them with:
wmem_new(wmem_X_scope(), myobj)
to improve the readability of Wireshark's code.
Replacements were made with the following Python script:
import os
import re
import sys
pattern = r'\(([^\s\n]+) ?\*\) ?wmem_alloc(0?)\((wmem_[a-z]+_scope\(\)), sizeof\(\1\)\)'
replacewith = r'wmem_new\2(\3, \1)'
startdir = sys.argv[1]
for root, dirs, files in os.walk(startdir):
for fname in files:
fpath = os.path.join(root, fname)
if not fpath.endswith('.c'):
continue
with open(fpath, 'r') as fh:
fdata = fh.read()
output = re.sub(pattern, replacewith, fdata)
if fdata != output:
print(fpath)
with open(fpath, 'w') as fh:
fh.write(output)
Change-Id: I223cb2fcce336bc99ca21c4a74e4cf758fd00572
Reviewed-on: https://code.wireshark.org/review/38088
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Graham reported a shadowed variable issue with the variable index.
Changed the variable name so it no longer shadows index. That seems
to be an issue on Macs.
Change-Id: I2a6e9b6d70811aaf7b9f910ddc87ab926b3a0cec
Reviewed-on: https://code.wireshark.org/review/38058
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This proposal adds a new option '-b printname:<filename>' to dumpcap. If
used, dumpcap will print the name of each ring buffer file it creates
after it is closed. Allows the use of '-'/'stdout' and 'stderr'.
Use case: Since the file name is printed after the file is closed for
writing, an automated capture process can do something like the
following with the guarantee that the file in question will not be
changed.
dumpcap -i eth0 -b files:2 -b printname:stdout [-b ...] | \
while read cap_file_name ; do
# Do something with $cap_file_name
done
This sort of scripting is difficult in dumpcap's current form. Dumpcap
prints the names of new files to stderr as it *opens* them, so a script
attempting to use this must sleep for "-b duration:value" seconds plus
some fudge time to be sure it's getting a closed, unchanging file.
Change-Id: Idb288cc7c8c30443256d35c8cd4460a2e3f0861c
Reviewed-on: https://code.wireshark.org/review/37994
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Prepare for adding HTTP/3 support which depends on QUIC to provide an
stream of data. Reassembly code is mostly lifted from the TCP dissector
which shares similar characteristics.
Bug: 13881
Ping-Bug: 16761
Change-Id: Iba07dade111b740418b8b315d0485e200cdfe9f0
Reviewed-on: https://code.wireshark.org/review/38083
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Found using tools/check_tfs.py, included in this commit.
Here are the reports that were fixed here:
Examining:
All dissector modules
epan/dissectors/packet-assa_r3.c tfs_mortisepins_flags - could have used tfs_high_low from tfs.c instead: {High,Low}
epan/dissectors/packet-btle.c tfs_present_bit - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-dhcp.c tfs_fqdn_s - could have used tfs_server_client from tfs.c instead: {Server,Client}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_en_dis - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-docsis-macmgmt.c req_not_req_tfs - could have used tfs_requested_not_requested from tfs.c instead: {Requested,Not Requested}
epan/dissectors/packet-docsis-tlv.c on_off_tfs - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-tlv.c activation_tfs - could have used tfs_active_inactive from tfs.c instead: {Active,Inactive}
epan/dissectors/packet-docsis.c ena_dis_tfs - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-ecmp.c tfs_not_expected_expected - could have used tfs_odd_even from tfs.c instead: {Odd,Even}
epan/dissectors/packet-erf.c erf_link_status_tfs - could have used tfs_up_down from tfs.c instead: {Up,Down}
epan/dissectors/packet-h263.c on_off_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-h263.c cpm_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-interlink.c flags_set_notset - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-ip.c tos_set_low - could have used tfs_low_normal from tfs.c instead: {Low,Normal}
epan/dissectors/packet-ip.c tos_set_high - could have used tfs_high_normal from tfs.c instead: {High,Normal}
epan/dissectors/packet-isakmp.c flag_r - could have used tfs_response_request from tfs.c instead: {Response,Request}
epan/dissectors/packet-isis-lsp.c tfs_metric_supported_not_supported - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-kerberos.c supported_tfs - could have used tfs_supported_not_supported from tfs.c instead: {Supported,Not supported}
epan/dissectors/packet-kerberos.c set_tfs - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-mac-lte.c mac_lte_scell_status_vals - could have used tfs_activated_deactivated from tfs.c instead: {Activated,Deactivated}
epan/dissectors/packet-p_mul.c no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-pgm.c opts_present - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-rsl.c rsl_ms_fpc_epc_mode_vals - could have used tfs_inuse_not_inuse from tfs.c instead: {In use,Not in use}
epan/dissectors/packet-sita.c tfs_sita_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-vines.c tfs_vine_rtp_no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-vnc.c button_mask_tfs - could have used tfs_pressed_not_pressed from tfs.c instead: {Pressed,Not pressed}
27 issues found
Change-Id: I7e53b491f20289955c9e9caa8357197d9010a5aa
Reviewed-on: https://code.wireshark.org/review/38087
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft Network Monitor lets you capture on an 802.11 adapter either
in monitor mode or in non-monitor mode; frames captured in non-monitor
mode may have the Protected bit set in the 802.11 header, but are
decrypted and don't incclude encryption information, and may have the
A-MSDU Present flag set in the QoS Control field, but have just a
regular frame payload, not a sequence of A-MSDUs, in the payload field.
Dissect those frames correctly.
Bug: 16758
Change-Id: I42b7e9ce52faa80222692403fa7276c039644343
Reviewed-on: https://code.wireshark.org/review/38082
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Add the `--capture-comment "comment"` option for appending pcapng
comments to the SHB of the output file(s).
Add the `--discard-capture-comment` option for removing pcapng comments
present in the input file SHB(s) before writing to the output file(s).
Supports multiple comments per SHB. Noted in the documentation that
Wireshark itself doesn't support multiple comments.
Bug: 15033
Change-Id: If07a4e7a93505438639018783a11343cd5992f2a
Reviewed-on: https://code.wireshark.org/review/38074
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In dcm_export_create_object(), don't assume that assoc->ae_calling and
assoc->ae_called are non-null; if we don't have an A-ASSOCIATE request
earlier in the capture, which we are not guaranteed to have, the called
and called AE titles won't be set.
Bug: 16748
Change-Id: I7d6d22d1c23e28b1f0967a803d0d89609a421712
Reviewed-on: https://code.wireshark.org/review/38077
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
The "monitor mode" flag was called "netmon_802_11.op_mode.on", not
"netmon_802_11.op_mode.mon". Fix that.
Change-Id: I4a712c1d5fa7c7e43335d83c0f40ace4358a881c
Reviewed-on: https://code.wireshark.org/review/38069
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Guy Harris