If the first byte of the file is 31, and we advance to the next byte but
find it's not 139, back up to the first byte before falling through and
treating the file as uncompressed.
Add/expand some comments while we're at it.
Bug: 16252
Change-Id: I292b51f9cc04173482a43b26b0ce73c9e7aee570
Reviewed-on: https://code.wireshark.org/review/35315
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
PreferencesDialog::setPane takes a preference module name. Fix a
comparison in PrefModuleTreeView::setPane and update some variable names
in order to make things a bit more obvious.
Modernize some related code while we're here.
Bug: 16250
Change-Id: I8f4c7e5261a219e3f32e6e9a71574d81b1852219
Reviewed-on: https://code.wireshark.org/review/35304
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If the capture does not contain any indication of the Key MIC Len or we
are making only one pass (such as with tshark) we can actually figure
out the Key MIC Len if we see the first frame of the four-way handshake.
We only use this approach if we used the default value for the Key MIC Len
and defer to other information if it is available. We also save the value
once we have figured it out and only try to figure it out on the first
frame of the four-way handshake.
If we cannot determine the Key MIC length from the first frame in the
four-way handshake we can use the second frame in the four-way handshake.
However, we also need to keep some extra state, specifically, whether or not
we have actually set the last AKM suite seen.
Bug: 16210
Change-Id: I28bc7dacbd34d03b24e66371f66b22853fa608d1
Reviewed-on: https://code.wireshark.org/review/35119
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Bug: 15360
Change-Id: Iceaa5c2336cfb58966ef12f4267fcd09ae48bfe7
Reviewed-on: https://code.wireshark.org/review/31234
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename Capture Interfaces to Capture Options to match its main menu
item. "Options" also more closely matches what the dialog actually does.
Fixup a help item URL while we're here.
Change-Id: Iec8bdfc9f7ae6fc4fd9e97bb366b63cff139f3a6
Reviewed-on: https://code.wireshark.org/review/35294
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- fix a few typos
- remove the intra N1, N1 to S1 and S1 to N1 mode NAS transparent
container functions: those are not real IEs and are already decoded
Change-Id: I73b4c3de4078a57e9471871d6ed47a08eb2a1fc0
Reviewed-on: https://code.wireshark.org/review/35286
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
It is directly the S1 mode to N1 mode container and not a 5GS message header.
Change-Id: I5d8045065977083d3e5e59692166615afb429e41
Reviewed-on: https://code.wireshark.org/review/35285
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
It's a "wmem version" of format_size (from wsutil/str_util.h).
Also improved the flexibility in formatting of format_size() to handle future
needs of format_size_wmem
Ping-Bug: 15360
Change-Id: Id9977bbd7ec29375bbac955f685d46e75b0cef2c
Reviewed-on: https://code.wireshark.org/review/31233
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is done to limit parsing errors.
Update documentation of function parameters to remove confusion with dissectors.
Bug: 16106
Change-Id: I6b2cd0badaaf6217fb80bdc411a86cad5e6b07ca
Reviewed-on: https://code.wireshark.org/review/35267
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
More quickly includes glib.h which is required
Bug: 16083
Change-Id: Ib25877d0f9d5d9fa39ad4ac5b8991b6666fbe234
Reviewed-on: https://code.wireshark.org/review/35268
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 16139
Change-Id: Ie5ad0025730257807b590f7ff9ac275ba27cce9e
Reviewed-on: https://code.wireshark.org/review/35266
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ibee2c6d120978bc87bc26b6237259e285f0e2f08
Reviewed-on: https://code.wireshark.org/review/35265
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Documentation of the Tshark and dumpcap command line options between
help text, manual page and user's guide diverged over time. One aspect
of this is the implementation of more long options. This change tries to
update all documentation to be complete and in sync again.
Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f
Reviewed-on: https://code.wireshark.org/review/35261
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Decode the v1/v2.0 formats which are relevant for the upcoming
6.5.0 release.
Change-Id: Ie726f1ebd2457f6a36b096a0cd0bed9c94f713df
Reviewed-on: https://code.wireshark.org/review/35251
Reviewed-by: Ben Huddleston <ben.huddleston@couchbase.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Old representation was confusing because for instance it printed:
10.. .... = CHANNEL_CODING_COMMAND: 2
But 2 actually is CS-3.
Change-Id: Ie875a94297c0d154d7222f12115068876520c47a
Reviewed-on: https://code.wireshark.org/review/35259
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The WSDG is a mix of references to 32 and 64 architectures. Use 64
in more places.
Change-Id: Ifb4b3189912268808cfe8fdb5119f2177c815163
Reviewed-on: https://code.wireshark.org/review/35248
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
ByteViewText and ProtoTree only use mono_font_ in setMonospaceFont, so
there's not much use in declaring it private in each case.
Change-Id: I3ad986052f6e013988ce851420f7f6e7b47b7ea8
Reviewed-on: https://code.wireshark.org/review/35255
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The can specific data structure `struct can_identifier` is used as
supplementary data for higher level dissectors. This patch adds more
data to this struct and renames it accordingly to `struct can_info`.
More supplementary data is needed in order to dissect iso15765
correctly, since the header format depends on details on the underlying
CAN protocol (CAN 2.0B vs CAN-FD).
Change-Id: Id068cf38453f98b67a5ec470a22e7013548c5a14
Reviewed-on: https://code.wireshark.org/review/35246
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This is no longer needed, as it is handled by setMonospaceFont
Change-Id: I9834bcd1a188cd6f1cb8ad1abe568a9a50d831bc
Reviewed-on: https://code.wireshark.org/review/35253
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
ProtoTree::setRootNode() is designed to update the model with the new
packet tree, and additionally expand tree items in its view. When the
current selected packet is changed, it must use this method to ensure
that collapsed trees are properly expanded. Fix this regression.
It was not entirely clear that framesSelected can no longer use previous
state, so document it explicitly. Remove the call to QTreeView::reset(),
it ends up calling QAbstractItemView::reset() which touches the
selection model that refers invalidated proto_node memory. The reset
function of the view is automatically called the model is reset, so the
call was not needed anyway.
Test: open test/captures/tls13-rfc8446.pcap, expand TLS, TLS Record, and
select "Content Type". Change from frame 1 to 2, and then 3. Observe
that the expanded state remains constant with no flickering. In frame 3,
observe that the tree remains expanded even if no item is selected.
Change-Id: I0c820711f1a62aa51ac100f8ac5c89265c51eb18
Fixes: v3.3.0rc0-6-gcfee0f8082 ("Qt: Remove frameSelect signal")
Reviewed-on: https://code.wireshark.org/review/35230
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Add D-PATH Attribute as described in
draft-rabadan-sajassi-bess-evpn-ipvpn-interworking
Bug: 16238
Change-Id: If40699304fca1409a195b83075dd40c6769c2df4
Reviewed-on: https://code.wireshark.org/review/35223
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Verified with fizz-tls13-draft-23-26-rfc8446-dsb.pcapng from the bug.
Decryption of early data, handshake and application data for almost all
versions (draft 23, draft 26, RFC 8446) is working. Only early data
decryption for draft 23 fails because the draft version is not yet set
during trial decryption before the Server Hello is received. That is
such a rare case however, do not bother fixing that.
Bug: 16175
Change-Id: Ie9046bf3f04c40b9c8fa2128f06844d2e7bd3e6d
Reviewed-on: https://code.wireshark.org/review/35245
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Peer identification failed because the MAC1 value did not check out.
Fix the computation in case the reserved bytes are overwritten after the
original protocol has run.
Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f
Reviewed-on: https://code.wireshark.org/review/35219
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead of just visually marking a field after switching packets, make
sure that it is also focused such that arrow up/down keys select the
expected fields instead of the root node (the Frame layer).
Change-Id: Ic16462198fb2189496f0cceeb5a5e885673636d2
Reviewed-on: https://code.wireshark.org/review/35236
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Change-Id: I537fbb26681555d0cd303d4b614bc016e935eb70
Reviewed-on: https://code.wireshark.org/review/35225
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Put short descriptions after the amendment name, in parentheses.
Fix a typo in the 802.11d entry while we're at it.
Change-Id: I87d84678f30abe40c4b130cf0a9355bb5da99df4
Reviewed-on: https://code.wireshark.org/review/35229
Reviewed-by: Guy Harris <guy@alum.mit.edu>