QoS Queue Size is only applicable when To DS is true and for QoS Data,
QoS Null and QoS Data+CF-Ack frames.
Based on a reasonably careful reading of IEEE802.11-2016.
Change-Id: I16e7e7f4d0f3336e7d05c5f4f9c80179d514ec19
Reviewed-on: https://code.wireshark.org/review/26212
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
This patch adds support for sequencing HTTP Redirects. This enables
tracking of HTTP-based redirects, which may not have a Referer header.
As such, this patch also renames 'HTTP Referer statistics' to
'HTTP Request Sequences' to better reflect the more generic
functionality.
Note that this does not fully support RFC 3986. An external library like
uriparser.github.io may be a better option for efficient, full relative
HTTP URL resolution.
A Sample PCAP to test functionality is available here:
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http_redirects.pcapng
A sample PCAP to demonstrate usefulness is available here:
https://www.malware-traffic-analysis.net/2015/08/31/page2.html
(examine request to hxxp://lk2gaflsgh.jgy658snfyfnvh.com/service.php)
Change-Id: I9edd1a1de86228b0dcb1df9f6f30e24379684321
Reviewed-on: https://code.wireshark.org/review/26679
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
There is a typo on the attribute name for the ZCL OTA attribute 0x0000.
Change the attribute name to match the ZCL specification document.
Change-Id: I83f42128fb3fac8c75124f375dda392d6c8bdcab
Reviewed-on: https://code.wireshark.org/review/26678
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It was introduced in CMake 3.1, so, unless we require CMake 3.1 or
later, we'd have to manually try to enable C99 support on pre-3.1
releases, so we might as well just do it manually all the time - it's
not clear that CMAKE_C_STANDARD does it much better, especially give
that, for example, it wasn't until CMake 3.9 that support for enabling
C99 support in IBM XL C was added.
Change-Id: I51038b90fd3d8ab5050c5da4441765b19db9091b
Reviewed-on: https://code.wireshark.org/review/26648
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
When operating a Nano node behind a NAT, non-standard ports are commonly
used for the protocol. The option to enable a heuristic dissector should
be helpful in this scenario.
Change-Id: I74abd8c90e9e5cebc0251662ade73f4e6e5e21bd
Reviewed-on: https://code.wireshark.org/review/26668
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
simplify the code to distinguish between request and response
remove the if(tree) check
remove the offset variable, which is always 0
reformat the code
remove the incorrect descriptions ("echo data") for request and response
don't modify the display filter names
Change-Id: Iffe074ceef5fe2dda9e0b134a8dc4db70881d3e4
Reviewed-on: https://code.wireshark.org/review/26667
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"cmake -E env" was added in CMake 3.1, but we currently support 2.8.12
at minimum. Add a best-effort replacement for older versions. There are
some limitations from CMake (see comments), but these should not affect
the current user (FindAsciidoctor.cmake).
Change-Id: I56c92aa9ad42fb3950dbdfd955d4ff902111e0d7
Fixes: v2.5.1rc0-76-g94a0f7c641 ("Switch from AsciiDoc to Asciidoctor.")
Reviewed-on: https://code.wireshark.org/review/26658
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Also, move some symbols to the correct location.
Change-Id: Iba2df29961ba2fd13bda069e7664dc55df50bb53
Reviewed-on: https://code.wireshark.org/review/26665
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The code to read and skip btsnoop header was written in a way where
it reads up to PACKET_LENGTH bytes of data, skips the header, then
move rest of data back start of buffer. So far so good. The code
then resets number of bytes used in buffer making it skip rest of
all data read.
Many times this works fine but only by luck. When there's no data
transfers first recv call will always only return the header
(sender side writes header separately right after accept).
When data transfers are ongoing first recv call will return both
header and data. Then initial data is lost but more importantly
risk parsing data with invalid offset.
Fix by reading btsnoop header separately from rest of data.
Change-Id: Ie52c33f943d8b311e0cd5638ec1a7d4840e271b8
Reviewed-on: https://code.wireshark.org/review/26659
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michal Labedzki <michal.labedzki@wireshark.org>
https://www.iana.org/assignments/bgp-parameters/bgp-parameters.xhtmlhttps://tools.ietf.org/html/rfc4893
-------------------------------------------
NEW BGP speakers carry AS path information expressed in terms of 4-
octet Autonomous Systems numbers by using the existing AS_PATH
attribute, except that each AS number in this attribute is encoded
not as a 2-octet, but as a 4-octet entity. The same applies to the
AGGREGATOR attribute - NEW BGP speakers use the same attribute,
except that the AS carried in this attribute is encoded as a 4-octet
entity.
-------------------------------------------
Change-Id: I4ccfc2c18e8777a800211dd285550723ac0da872
Reviewed-on: https://code.wireshark.org/review/26647
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Additionally, add an attribute to the tap function to prevent future
callers from leaking this memory.
Change-Id: Ief6af2bbc74d19153628f09d7b273e85cb2284ab
Reviewed-on: https://code.wireshark.org/review/26642
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
We should not be throwing an exception while checking if the packet
really contains our protocol. Add a length check to make sure that the
initial tvb_get_ntohl() call will not fail.
Read the message type after the heuristic check.
Change-Id: I397732dbec20bcd0ab5356e8c3500fd0cb6e1434
Reviewed-on: https://code.wireshark.org/review/26634
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Update some cross references which were renamed in 1cd92c4961. Fixup
some capitalization while we're here.
Change-Id: Iae3227839cd34a52662a4b973c0f87e7e5a765cc
Reviewed-on: https://code.wireshark.org/review/26655
Reviewed-by: Gerald Combs <gerald@wireshark.org>
ps command is used to find com.android.bluetooth process. From
Android Oreo the ps command needs -A parameter for listing all
processes.
Change-Id: I1a547a0d61175c1e194823462661ec69e711ca50
Reviewed-on: https://code.wireshark.org/review/26652
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Code assumes btsnoop net port is the first tcp socket found in
/proc/<pid>/net/tcp. If it is not the port number lookup will
fail.
Fixed by searching all open tcp sockets for a match.
Change-Id: I988fe18680600b59c595f3d619d95c72c1a6966d
Reviewed-on: https://code.wireshark.org/review/26651
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Copy the current wireshark.spec.in and update it for use with CMake.
Remove the Qt4, GTK+2, and GTK+3 options. Add Ninja and mmdbresolve
options.
The rpm-package target builds a tarball using git-export-release.sh and
therefore must be run from a git checkout. The RPM _prefix macro is set
to CMAKE_INSTALL_PREFIX, so you'll probably want to run
cmake -DCMAKE_INSTALL_PREFIX=/usr ...
Change-Id: Ib014494d8858a0059126404cd91528ded5d8a9f6
Reviewed-on: https://code.wireshark.org/review/26579
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In previous versions of Wirkshark it was possible to filter on the PLMN
value in total because the sub-fields were not broken out. This restores
that capability for those who depended on it (WFA, I'm looking at you.)
That is, a filter like:
wlan.fixed.anqp.3gpp_cellular_info.plmn_info == 0x206013
would work but it does not currently work. This restores that filter.
Change-Id: I2eb6eb7f47fb0246effaea0412a3d6ffcbcd61aa
Reviewed-on: https://code.wireshark.org/review/26645
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
On startup, not all protocols are ready. In particular, the ip, ipv6 and
tcp tap registrations failed (and the error messages were leaked). Fix
this by performing this registration when a capture file is loaded.
Change-Id: Idd0634e395d484bae67b343ea23a84d440c4f4bc
Reviewed-on: https://code.wireshark.org/review/26641
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add duplicate ACK ticks to Statistics → TCP Stream Graphs → Time
Sequence (tcptrace), which I missed when porting from GTK+. Add zero
window crosses while we're here.
Switch TCPStreamDialog to a subclass of GeometryStateDialog.
Add a slot and URL for the Help button and a stub entry in the User's
Guide.
Bug: 12009
Change-Id: Idf2ddb9eb33d924d65998285b5cffc234156497c
Reviewed-on: https://code.wireshark.org/review/26592
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have it take a format and argument list as arguments, and have the
formatting done inside the reporting code. That way, we're not relying
on any particular wmem scope working.
If WIRESHARK_ABORT_ON_DISSECTOR_BUG is set, try to add the message to
the crash information (currently only supported in macOS), and print it
to the standard error, before crashing. We won't necessarily have a
usable crash dump to analyze, so we can't rely on that to find the cause
of the crash.
Ping-Bug: 14490
Change-Id: I2b39169c45c84f2ada31efa1d413bd28c140f8f4
Reviewed-on: https://code.wireshark.org/review/26643
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
DISSECTOR_ASSERT_NOT_REACHED() doesn't say *why* the code in question
was reached; it's better to give a more explicit error message.
Change-Id: I88b930e5a90ba8692aeac6ee29fa8fda21b5067b
Reviewed-on: https://code.wireshark.org/review/26639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Update invalid description for tvb_get_nstringz() and
tvb_get_nstringz0().
Change-Id: I03483bc1a2aa5a701b44cd895b91289716ef215d
Reviewed-on: https://code.wireshark.org/review/26598
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make it easier to check if traffic over UDP ports is
protobuf-based.
Change-Id: Ib88c4a7a6d2996f53249da6707f35e06b38c7b2d
Reviewed-on: https://code.wireshark.org/review/26625
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using a 32bit value string triggers the assertion in
hf_try_val64_to_str().
Bug: 14560
Change-Id: Ief3f46ee60355f43d2fb5f210608fde21be8d41d
Reviewed-on: https://code.wireshark.org/review/26633
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add dissection of events:
LE Periodic Advertising Sync Established
LE Periodic Advertising Report
LE Periodic Advertising Sync Lost
LE Advertising Set Terminated
LE Scan Request Received
LE Channel Selection Algorithm
SAM Status Change
Add missing extended LMP feature bits
Change-Id: I6aed69ff70674950507a7f4730f4136077c00357
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/26631
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>